Updates to iap component to support private clusters #1396
Conversation
components/iap-enabler/Dockerfile
Outdated
| @@ -0,0 +1,3 @@ | |||
| FROM google/cloud-sdk:alpine | |||
|
|
|||
| RUN apk add --update jq | |||
There was a problem hiding this comment.
We should also move the curl to install kubectl (and bump it to 1.11) from the shell script to the Dockerfile.
kubeflow/core/setup_iap.sh
Outdated
| [ -z ${CLIENT_ID} ] && echo Error CLIENT_ID must be set && exit 1 | ||
| [ -z ${CLIENT_SECRET} ] && echo Error CLIENT_SECRET must be set && exit 1 | ||
| [ -z ${NAMESPACE} ] && echo Error NAMESPACE must be set && exit 1 | ||
| [ -z ${SERVICE} ] && echo Error SERVICE must be set && exit 1 | ||
|
|
||
| apk add --update jq | ||
| curl https://storage.googleapis.com/kubernetes-release/release/v1.9.4/bin/linux/amd64/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl |
There was a problem hiding this comment.
Add this curl to the Dockerfile and delete from this script.
| @@ -9,7 +9,6 @@ | |||
| [ -z ${NAMESPACE} ] && echo Error NAMESPACE must be set && exit 1 | |||
| [ -z ${SERVICE} ] && echo Error SERVICE must be set && exit 1 | |||
|
|
|||
| apk add --update jq | |||
| curl https://storage.googleapis.com/kubernetes-release/release/v1.9.4/bin/linux/amd64/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl | |||
There was a problem hiding this comment.
Add this curl to the Dockerfile and delete from this script. Also bump it to v1.11.0.
|
Done |
components/iap-enabler/README.md
Outdated
| @@ -0,0 +1,10 @@ | |||
| # IAP Enabler | |||
|
|
|||
| IAP Enabler is a docker image which is used to enable iap. We build this and push it to gcr so that it can be used in private GKE clusters | |||
There was a problem hiding this comment.
I think we use BackendConfig now to enable IAP. I think this is only used to set the timeout on the loadbalancer.
There was a problem hiding this comment.
I'll rebase this once #1327 gets merged
|
nit: please update PR description to describe changes that are needed. |
|
This is updated and ready for review |
|
@ankushagarwal it looks like we now omit installing the Certificate resource for private clusters, should we also omit installing the cert-manager component for private clusters since it won't be used? |
|
I've added it to docs here : https://master.kubeflow.org/docs/started/getting-started-gke/ |
|
Great! /LGTM |
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* Remove v1alpha3 files * Modify SDK * Change dict() to object
* Migrate AWS manifest to v3 pattern * Clean up tests files * Add istio namespace to istio ingress * Update KFP pipeline test case for aws stack
Docs changes are here : kubeflow/website#173
privateGKEClusterandingressSetupImageflags to iap prototype/cc @jlewi @danisla
This change is