kubeflow
/
pipelines
mirror of https://github.com/kubeflow/pipelines.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

enable CloudSQL+GCSObjStore without default credential (#3378) 

* enable CloudSQL+GCSObjStore without default credential

* refresh document

* fix schema

* minio project ID is required

* fix several

* self throtting Github requests to let build be stable

* can work now

* upsize and lowercase for bucket name

Co-authored-by: Renmin Gu <renming@google.com>
This commit is contained in:
Renmin 2020-04-03 17:22:19 +08:00 committed by GitHub
parent 8091752980
commit 7fbb45d381
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 104 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
manifests/gcp_marketplace/README.md
View File

@ -1,19 +1,11 @@
# Kubeflow Pipelines for GKE Marketplace
> **Alpha version:**
Kubeflow Pipelines on GCP Marketplace is currently in **Alpha** with limited
support. The Kubeflow team is interested in any feedback you may have, in
particular with regards to usability of the feature. Please raise any issues
or discussion items in the
[Kubeflow Pipelines issue tracker](https://github.com/kubeflow/pipelines/issues).
Kubeflow Pipelines can be installed using either of the following approaches:
* [Using the Google Cloud Platform Console](#using-install-platform-console)
* [Using the command line](#using-install-command-line)
## <a name="using-install-platform-console"></a>Using the Google Cloud Platform Marketplace
Get up and running with a few clicks! Install this Kubeflow Pipelines app to a
@ -24,4 +16,41 @@ Google Kubernetes Engine cluster using Google Cloud Marketplace. Follow the
## <a name="using-install-command-line"></a>Using the command line
We prefer you use Google Cloud Platform Marketplace UI to deploy the application.
If you really want to use command line, please follow the [guide](https://github.com/kubeflow/pipelines/blob/master/manifests/gcp_marketplace/cli.md).
If you want to know how , please follow the [guide](https://github.com/kubeflow/pipelines/blob/master/manifests/gcp_marketplace/cli.md). It's not target for production usage. The tool "mpdev" is for Kubeflow Pipeline developers. We will provide better command line experiences in 2020 Q2/Q3. Please check [Standalone CLI](https://www.kubeflow.org/docs/pipelines/installation/standalone-deployment/) for now on how to install via commandline.
## Developement guide
This section details how to test your changes before submit codes.
1. Code changes and locally committed
2. Build
```
gcloud builds submit --config=.cloudbuild.yaml --substitutions=COMMIT_SHA="$(git rev-parse HEAD)" --project=ml-pipeline-test
```
`gcr.io/$PROJECT_ID/hosted/$COMMIT_SHA/` contains the binaries.
3. Auto-test (Install & Uninstall)
MM_VER is major minor version parsed from VERSION file which is on major.minor.patch version format.
```
MM_VER=$(cat VERSION | sed -e "s#[^0-9]*\([0-9]*\)[.]\([0-9]*\)[.]\([0-9]*\)#\1.\2#")
gcloud builds submit --config=test/cloudbuild/mkp_verify.yaml --substitutions=COMMIT_SHA="$(git rev-parse HEAD)",_DEPLOYER_VERSION=$MM_VER --project=ml-pipeline-test
```
4. Manual-test (Install with advanced parameters and don't uninstall)
Make sure your kubectl can connect to a target test cluster.
```shell
APP_INSTANCE_NAME=<yours>
NAMESPACE=<yours> # Make sure you already created the namespace
MANAGEDSTORAGE=true # True means use CloudSQL + Minio-GCS; False means use in-cluster PVC + MySQL.
CLOUDSQL=<yours> # Format like project_id:zone:cloudsql_instance_name
PROJECTID=<yours> # This field will be removed after Marketplace can pass in the project ID
mpdev install --deployer=gcr.io/ml-pipeline-test/hosted/$(git rev-parse HEAD)/deployer:$MM_VER \
--parameters='{"name": "'$APP_INSTANCE_NAME'", "namespace": "'$NAMESPACE'", "managedstorage.enabled": '$MANAGEDSTORAGE', "managedstorage.cloudsqlInstanceConnectionName": "'$CLOUDSQL'", "managedstorage.gcsProjectId": "'$PROJECTID'"}'
```

20
manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/metadata.yaml
View File

@ -38,6 +38,7 @@ spec:
image: {{ .Values.images.metadataserver }}
imagePullPolicy: 'Always'
env:
# TODO: merge all into mysql-credential
{{ if .Values.managedstorage.enabled }}
- name: DBCONFIG_USER
valueFrom:
@ -126,23 +127,6 @@ spec:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: metadata-configmap
labels:
component: metadata-server
data:
{{ if .Values.managedstorage.databaseNamePrefix }}
mysql_database: '{{ .Values.managedstorage.databaseNamePrefix }}_metadata'
{{ else }}
mysql_database: '{{ .Release.Name | replace "-" "_" | replace "." "_"}}_metadata'
{{ end }}
mysql_host: "mysql"
mysql_port: "3306"
username: "root"
password: ""
---
apiVersion: v1
kind: ConfigMap
metadata:
name: metadata-mysql-configmap
labels:
@ -155,8 +139,6 @@ data:
{{ end }}
MYSQL_HOST: "mysql"
MYSQL_PORT: "3306"
username: "root"
password: ""
---
apiVersion: v1
kind: ConfigMap

8
manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/minio.yaml
View File

@ -38,13 +38,17 @@ spec:
- args:
- gateway
- gcs
- {{ .Values.managedstorage.gcsProjectId }}
env:
- name: MINIO_ACCESS_KEY
value: minio
- name: MINIO_SECRET_KEY
value: minio123
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/etc/credentials/application_default_credentials.json"
# Minio is KFP system workload and we use GCE's default service account
# or later Workload Identity's corresponding service account.
# So here no need to setup GOOGLE_APPLICATION_CREDENTIALS.
# - name: GOOGLE_APPLICATION_CREDENTIALS
# value: "/etc/credentials/application_default_credentials.json"
image: {{ .Values.images.minio }}
name: minio
ports:

3
manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/mysql.yaml
View File

@ -43,7 +43,8 @@ spec:
"-dir=/cloudsql",
# Replace with your own CloudSQL instance ID
"-instances={{ .Values.managedstorage.cloudsqlInstanceConnectionName }}=tcp:0.0.0.0:3306",
"-credential_file=/credentials/application_default_credentials.json",
# System workload uses GCE default service account or Workload Identity's service account
# "-credential_file=/credentials/application_default_credentials.json",
"term_timeout=10s"]
# set term_timeout if require graceful handling of shutdown
# NOTE: proxy will stop accepting new connections; only wait on existing connections

7
manifests/gcp_marketplace/chart/kubeflow-pipelines/values.yaml
View File

@ -27,7 +27,12 @@ managedstorage:
#
# gcsBucketName is used in two places, so I wrote a template string here that
# can be evaluated in each place.
gcsBucketName: '{{ if .Values.managedstorage.databaseNamePrefix }}{{ printf "%s-%s" .Values.managedstorage.cloudsqlInstanceConnectionName .Values.managedstorage.databaseNamePrefix | replace ":" "-" | trunc 50 }}{{ else }}{{ printf "%s-%s" .Values.managedstorage.cloudsqlInstanceConnectionName .Release.Name | replace ":" "-" | trunc 50 }}{{ end }}'
#
# Name pattern:
# If spedify databaseNamePrefix: %{cloudsqlInstanceConnectionName}-%{truncedDatabaseNamePrefix}
# else: %{cloudsqlInstanceConnectionName}-%{releaseName}
gcsBucketName: '{{ if .Values.managedstorage.databaseNamePrefix }}{{ printf "%s-%s" .Values.managedstorage.cloudsqlInstanceConnectionName .Values.managedstorage.databaseNamePrefix | replace ":" "-" | lower | trunc 60 }}{{ else }}{{ printf "%s-%s" .Values.managedstorage.cloudsqlInstanceConnectionName .Release.Name | replace ":" "-" | lower | trunc 60 }}{{ end }}'
databaseNamePrefix: null
dbUsername: 'root'
dbPassword: ''
gcsProjectId: ''

51
manifests/gcp_marketplace/schema.yaml
View File

@ -108,6 +108,57 @@ properties:
type: string
x-google-marketplace:
type: NAMESPACE
managedstorage.enabled:
type: boolean
title: Use managed storage
description: |-
Use Cloud SQL and GCS for storing the data.
Using CloudSQL and GCS provides better reliability and performance,
as well as features such as data backup and usage monitoring.
This is the recommended option especially for production scenarios.
If false, the data will be stored in GCE Persistent Disk.
default: false
managedstorage.cloudsqlInstanceConnectionName:
type: string
title: Cloud SQL instance connection name (Managed storage only)
description: |-
This field must be specified if choose to use managed storage.
Provide the instance connection name for an existing Cloud SQL for MySQL instance.
The instance connection name can be found on the instance detail page in the Cloud SQL console.
The instance connection name uses the format project:zone:instance-name, for example,myproject:us-central1:myinstance.
For more details on how to create a new instance, see https://cloud.google.com/sql/docs/mysql/quickstart.
managedstorage.dbUsername:
type: string
title: Database username (Managed storage only)
description: |-
The database username to use when connecting to the Cloud SQL instance.
If you leave this field empty, the deployment will use the default 'root' user account to connect.
For more details about MySQL users, see https://cloud.google.com/sql/docs/mysql/users.
managedstorage.dbPassword:
type: string
title: Database password (Managed storage only)
x-google-marketplace:
type: MASKED_FIELD
description: |-
The database password to use when connecting to the Cloud SQL instance.
If you leave this field empty, the deployment will try to connect to the instance without providing a password.
This will fail if a password is required for the username you provided.
managedstorage.databaseNamePrefix:
type: string
title: Database name prefix (Managed storage only)
description: |-
The prefix of the database name. Kubeflow Pipelines will create two databases,
[prefix]_pipeline and [prefix]_metadata.
Use lowercase letters, numbers, and hyphens. Start with a letter.
If the prefix specified is same as an old deployment in the past,
the deployment will recover from an old deployment.
If this not specified, the app instance name will be used.
managedstorage.gcsProjectId:
type: string
title: GCS Bucket's project ID (Managed storage only)
description: |-
Normally it's the same project which installs Kubeflow Pipelines.
It's required if enabled managed storage.
required:
- name