Please update https://www.kubeflow.org/docs/gke/private-clusters/ - no iap-ingress.yaml #1811
Comments
|
Issue Label Bot is not confident enough to auto-label this issue. |
|
@rduan Thank you for reporting this issue. We have a P1 issue (#1705) to update the doc for private clusters and VPC service controls. @zhenghuiwang Do you have an input on this specific question from @rduan?
|
Can you paste the error message? thanks (I think the error is related to KFServing, but want to confirm it. If that's the case, you may have to remove it similarly to removing cert-manager)
Seems you are deploying with basic auth. I would recommend deploying kubeflow with IAP setting (step 7 in https://www.kubeflow.org/docs/gke/deploy/deploy-cli/) |
|
Hi Zhenghui,
Thanks for your reply.
I got errors as below when I was doing setp 7:
1.
Remove components which are not useful in private clusters:
Open ${KF_DIR}/kfctl_gcp_iap.v1.0.0.yaml and remove kustomizeConfig
cert-manager, cert-manager-crds, and cert-manager-kube-system-resources. 1.
Create the deployment:
cd ${KF_DIR}
kfctl apply -V -f ${CONFIG_FILE}
BTW, there is no statement about $CONFIG_FILE, I assume it is the changed
kfctl_gcp_iap.v1.0.0.yaml file.
[image: WeChat Image_20200317083657.png]
In the document , after step 7, there is
1.
Update iap-ingress component parameters:
cd ${KF_DIR}/kustomize
gvim iap-ingress.yaml
-
Find and set the privateGKECluster parameter to true:
privateGKECluster: "true"
-
Then apply your changes:
kubectl apply -f iap-ingress.yaml
I could not find iap-ingress.yaml file in the kustomize folder. Not sure
where to change privateGKECluster to true.
Cheers,
Richard Duan
…On Tue, 17 Mar 2020 at 05:41, Zhenghui Wang ***@***.***> wrote:
But I got errors when deploying after remove kustomizeConfig cert-manager,
cert-manager-crds and cert-manager-kube-system-resources.
Can you paste the error message? thanks
(I think the error is related to KFServing, but want to confirm it. If
that's the case, you may have to remove it similarly to removing
cert-manager)
I found this privateGKECluster from manifestes repo, in a params.env of
folder /gcp/basic-auth-ingress/base/params.env
But I cannot find anywhere it is used, it seems that it is just created in
configMap but not used anywhere. Please correct me if I am wrong.
Seems you are deploying with basic auth. I would recommend deploying
kubeflow with IAP setting (step 7 in
https://www.kubeflow.org/docs/gke/deploy/deploy-cli/)
/cc @kunmingg <https://github.com/kunmingg> @abhi-g
<https://github.com/abhi-g>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1811 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD2SEPKGLCRRHLGNC53R7KLRHZXDZANCNFSM4LLP42SA>
.
|
|
I had an issue with CloudEndpoint deploying correctly on privateGKE with IAP_v1.0.0 (the controller would set up but then no endpoint would be set up)- is this not the general experience? To remedy, we removed the cloud endpoint controller from KustomizeConfig, set an endpoint using |
|
Hi Joepeskett,
I am not very understanding your points because I just started to
use/deploy kubeflow.
The thing I noticed is that "privateGKECluster=false" was defined in
params.env , but I cannot find this parameter is used anywhere.
Could you tell me how this parameter is used when deploying KF?
Thanks,
Richard
…On Tue, 17 Mar 2020 at 09:09, joepeskett ***@***.***> wrote:
I had an issue with CloudEndpoint deploying correctly on privateGKE with
IAP_v1.0.0 (the controller would set up but then no endpoint would be set
up)- is this not the general experience? To remedy, we removed the cloud
endpoint controller from KustomizeConfig, set an endpoint using gcloud
endpoints services deploy openapi.yaml then used this as the host name in
iap-ingess/base/params.env. Not sure if that's helpful?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1811 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD2SEPPAMDSHDEOTZPKRIVDRH2PQXANCNFSM4LLP42SA>
.
|
|
/area gcp |
|
@jtfogarty: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/platform gcp |
jlewi
changed the title
jlewi
changed the title
|
The steps to modify the IAP ingress and the certificate should no longer be needed because we are using GKE managed certificates. We should update the docs to remove those steps. |
* Add instructions for mirroring docker images to private repositories * Fix kubeflow/kubeflow#3210 * Delete instructions under private GKE and just link to the doc issue kubeflow#1705 * The instructions are outdated. Since managed certificates are used there should be no reason to need to update iap-ingress.yaml anymore. * Fix kubeflow#1811 * Most of the other instructions under the private GKE section are also very obsolete.
* Private GKE: Document image mirroring * Add instructions for mirroring docker images to private repositories * Fix kubeflow/kubeflow#3210 * Delete instructions under private GKE and just link to the doc issue #1705 * The instructions are outdated. Since managed certificates are used there should be no reason to need to update iap-ingress.yaml anymore. * Fix #1811 * Most of the other instructions under the private GKE section are also very obsolete. * Fix indentation. * Fix indetation. * Fix indentation. * Fix alert. * More formatting fixes. * Add comment about Tekton.
I tried to deploy KF to private-cluster as the document says.
But I got errors when deploying after remove kustomizeConfig cert-manager, cert-manager-crds and cert-manager-kube-system-resources.
Besides, there is no file called iap-ingress.yaml to set privateGKECluster !!
I found this privateGKECluster from manifestes repo, in a params.env of folder /gcp/basic-auth-ingress/base/params.env
But I cannot find anywhere it is used, it seems that it is just created in configMap but not used anywhere. Please correct me if I am wrong.
The text was updated successfully, but these errors were encountered: