pass in secret

kubeflow · k8s-ci-robot · Sep 9, 2019 · Sep 3, 2019 · Sep 3, 2019 · Sep 4, 2019
commit 82f8cd16709eecbd14b2c0f56aea7025e910a88d
diff --git a/manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/gcp_secret.yaml b/manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/gcp_secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.gcpSecretName }}
+  labels:
+    app: gcp-sa
+    app.kubernetes.io/name: {{ .Release.Name }}
+type: Opaque
+data:
+  application_default_credentials.json: {{ .Values.serviceAccountCredential | b64enc | quote }}
diff --git a/manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/minio.yaml b/manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/minio.yaml
@@ -56,7 +56,7 @@ spec:
       volumes:
         - name: gcp-sa-token
           secret:
-            secretName: {{ .Values.managedstorage.gcpSecretName }}
+            secretName: {{ .Values.gcpSecretName }}
 {{ end }}
 ---
 {{ if not .Values.managedstorage.enabled }}

diff --git a/manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/mysql.yaml b/manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/mysql.yaml
@@ -66,7 +66,7 @@ spec:
           emptyDir:
         - name: gcp-sa-token
           secret:
-            secretName: {{ .Values.managedstorage.gcpSecretName }}
+            secretName: {{ .Values.gcpSecretName }}
 {{ end }}
 ---
 {{ if not .Values.managedstorage.enabled }}

diff --git a/manifests/gcp_marketplace/chart/kubeflow-pipelines/values.yaml b/manifests/gcp_marketplace/chart/kubeflow-pipelines/values.yaml
@@ -13,6 +13,9 @@ images:
   viewercrd: gcr.io/ml-pipeline/viewer-crd-controller:0.1.27
   visualizationserver: gcr.io/ml-pipeline/visualization-server:0.1.27
 
+gcpSecretName: "user-gcp-sa"
+serviceAccountCredential: null
+
 serviceAccount:
   argo: null
   mlPipeline: null
@@ -23,8 +26,6 @@ serviceAccount:
   pipelineRunner: null
   proxyAgentRunner: null
 
-gcpSecretName: null
-
 managedstorage:
   enabled: false
   cloudsqlInstanceConnectionName: null

diff --git a/manifests/gcp_marketplace/schema.yaml b/manifests/gcp_marketplace/schema.yaml
@@ -87,26 +87,31 @@ properties:
     type: string
     x-google-marketplace:
       type: NAMESPACE
+  serviceAccountCredential:
+    title: Service Account credentials used to call other GCP services, such as CloudSQL.
+    description: |-
+      To be able to call other GCP services, we need to be
+      authenticated. This field is used to store the content of the service account
+      JSON file. It can be encoded using base64 instead of messing with JSON format.
+    type: string
+    default: ""
+    x-google-marketplace:
+      type: STRING
   managedstorage.enabled:
     type: boolean
     title: Enable managed storage
     description: Use Cloud SQL and GCS for storing the data
     default: false
-  managedstorage.cloudsqlInstanceName:
-    type: string
-    title: CloudSQL instance name
-  managedstorage.cloudsqlZone:
+  managedstorage.cloudsqlInstanceConnectionName:
     type: string
-    title: CloudSQL zone
+    title: CloudSQL instance connection name. Format projectId:zone:instanceName
   managedstorage.dbPassword:
     type: string
     title: database password
-  managedstorage.gcpProject:
-    type: string
-    title: GCP project
   managedstorage.databaseNamePrefix:
     type: string
     title: database name prefix
+
   serviceAccount.proxyAgentRunner:
     type: string
     title: ProxyAgentRunnerServiceAccount
@@ -418,3 +423,5 @@ properties:
 required:
   - name
   - namespace
+  - serviceAccountCredential
+  - managedstorage.enabled