In [1]:
# Copyright 2019 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

# Setup Summary

* Pre-conditions
    - Deployed a kubeflow cluster through [UI](https://www.kubeflow.org/docs/gke/deploy/deploy-ui/) or [CLI](https://www.kubeflow.org/docs/gke/deploy/deploy-cli/)
        - Add `IAP-secured Web App User` role to the user need access to the cluster
    - Have the following environment variable ready: 
        - PROJECT_ID # project host the kubeflow cluster or for running AI platform training
        - DEPLOYMENT_NAME # kubeflow deployment name, the same the cluster name after delpoyed
        - GCP_BUCKET # google cloud storage bucket

* Create service account
```bash
export SA_NAME = [service account name]
gcloud iam service-accounts create ${SA_NAME}
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
    --member serviceAccount:${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com \
    --role 'roles/editor'
gcloud iam service-accounts keys create ~/key.json \
    --iam-account ${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com
```

* Authorize for Source Repository
```bash
gcloud auth configure-docker
```

* Update local kubeconfig (for submiting job to kubeflow cluster)
```bash
export CLUSTER_NAME=${DEPLOYMENT_NAME} # this is the deployment name or the kubenete cluster name
export ZONE=us-central1-c
gcloud container clusters get-credentials ${CLUSTER_NAME} --region ${ZONE}
```

* Set the environmental variable: GOOGLE_APPLICATION_CREDENTIALS
```bash
export GOOGLE_APPLICATION_CREDENTIALS = ....
```
```python
os.environ['GOOGLE_APPLICATION_CREDENTIALS']=...
```

* Install the lastest version of kfp
```python
pip install kfp
```

* Create an OAuth client ID credentials of type Other according to the tutorial [here](
https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app)

**Note: the setup is only required for running notebook outside kubeflow cluster. Most of the setup should alreayd be done for kubeflow pipeline notebook.**

### Set up environment variables

In [None]:
PROJECT_ID = # project host the kubeflow cluster or for running AI platform training
DEPLOYMENT_NAME = # kubeflow deployment name, the same the cluster name after delpoyed
GCP_BUCKET = # google cloud storage bucket

### Create service account

In [None]:
! export SA_NAME = [service account name]
! gcloud iam service-accounts create ${SA_NAME}
! gcloud projects add-iam-policy-binding ${PROJECT_ID} \
  --member serviceAccount:${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com \
  --role 'roles/editor'
! gcloud iam service-accounts keys create ~/key.json \
  --iam-account ${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com

### Authorize for Source Repository

In [2]:
! gcloud auth configure-docker

gcloud credential helpers already registered correctly.


### Update local kubeconfig

In [None]:
! export CLUSTER_NAME=${DEPLOYMENT_NAME} # this is the deployment name or the kubenete cluster name
! export ZONE=us-central1-c
! gcloud container clusters get-credentials ${CLUSTER_NAME} --region ${ZONE}

### Set GOOGLE_APPLICATION_CREDENTIALS

In [None]:
! export GOOGLE_APPLICATION_CREDENTIALS = ....

### Install kfp

In [None]:
! pip install kfp

# Sanity Check

In [None]:
! kubectl -n istio-system describe ingress