import of cloud-endpoints component and support in iap-ingress component #605
Conversation
|
Awesome thanks for the quick fix. |
|
/hold /assign @ankushagarwal Ankush any comments? |
|
@danisla : When I tried this on a new k8s cluster, I get the following error from the cloud-endpoints-controller pod Am I missing anything during the setup? |
|
Looks like I had not enabled Cloud Endpoints API. Just enabled it. Trying again. |
|
Still getting the same error. |
|
I just updated the docs with the API and cluster prerequisites. You have to enable the APIs and create the GKE cluster with the |
|
I don't think we should rely on the VM scope. That gives every pod cloud-platform scope. Here are some gcloud commands for creating the service account. |
|
Is it possible for the CRD to check if cloud endpoints is enabled and if not enable it? |
|
@danisla Ping any chance we could get support for secrets? |
|
Yes! I'm working on it now and should have the commit in today. |
danisla
force-pushed
the
import-cloud-endpoints
branch
from
30921b9
to
e2b9172
Compare
|
@jlewi ok updated component and docs to use a service account and secret for credentials. |
docs/gke/iap.md
Outdated
| export FQDN="kubeflow.endpoints.$(gcloud config get-value project).cloud.goog" | ||
| ``` | ||
|
|
||
| Alternatively if you already have a DNS provider (e.g. Google Domains) create a type A custom resource record that associates the host you want e.g "kubeflow" |
There was a problem hiding this comment.
If we have our own domain then we don't need a cloud-endpoints component right?
There was a problem hiding this comment.
Correct, I can separate those sections for clarity.
There was a problem hiding this comment.
The IP reservation gcloud step is also optional if you are using cloud-endpoints since the endpoint is coupled to any dynamically provisioned Ingress IP. We would just have to make the annotation on the Ingress conditional on the presence of an IP name.
There was a problem hiding this comment.
If both work lets document but if you have to reserve an IP I think that's fine. I think that's best practice anyway so that's what we'll probably recommend.
| // @optionalParam secretKey string cloudep-sa.json Name of the key in the secret containing the JSON service account key. | ||
| // @optionalParam namespace string null Namespace to use for the components. It is automatically inherited from the environment if not set. | ||
|
|
||
| // TODO(https://github.com/ksonnet/ksonnet/issues/222): We have to add namespace as an explicit parameter |
There was a problem hiding this comment.
Delete this since the issue has been resolved you are inheriting namespace below.
|
/lgtm |
|
Test failure looks like a flake. There was a problem talking to the GitHub API while initializing the app |
|
/test all |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ankushagarwal, jlewi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold cancel |
…ent (kubeflow#605) * import of cloud-endpoints component and support in iap-ingress component * removed namespace TODO from prototypes * update to IAP docs
* update metadata tag to v0.1.10 * fix test * rm cherry_pick_pull.sh
Fixes #586
CloudEndpointresource if the FQDN matches the form ofNAME.endpoints.PROJECT.cloud.goog/cc @kunmingg
/cc @ankushagarwal
/cc @jlewi
This change is