From b80e3695155aa2bf0323570bfe09bd391ee3f7d1 Mon Sep 17 00:00:00 2001 From: Harshad Reddy Nalla Date: Wed, 26 Apr 2023 11:07:01 -0400 Subject: [PATCH] Allow users to include ssl_sa_certs via env vars for kfp_tekton client - with documentation update. Signed-off-by: Harshad Reddy Nalla --- docs/source/user_guide/runtime-conf.md | 3 +++ elyra/pipeline/kfp/kfp_authentication.py | 2 ++ elyra/pipeline/kfp/processor_kfp.py | 1 + 3 files changed, 6 insertions(+) diff --git a/docs/source/user_guide/runtime-conf.md b/docs/source/user_guide/runtime-conf.md index fec9cc9e3..a9532a8ca 100644 --- a/docs/source/user_guide/runtime-conf.md +++ b/docs/source/user_guide/runtime-conf.md @@ -221,6 +221,9 @@ The KubeFlow Pipelines API endpoint you want to utilize. This setting is require Example: `https://kubernetes-service.domain.com/pipeline` +*Note*: In setups where the Kubeflow Pipeline server is secured with a custom certificate, users can specify this certificate path by setting the environment variable `KF_PIPELINES_SSL_SA_CERT` in the jupyter environment. This variable directs the Kubeflow Pipelines SDK client to use the provided certificate for accessing the Kubeflow Pipeline server. For more information, see the [ssl_ca_cert](https://kubeflow-pipelines.readthedocs.io/en/stable/source/client.html#kfp.client.Client.__init__.ssl_ca_cert) attribute in the `kfp` SDK documentation. +Ex: `KF_PIPELINES_SSL_SA_CERT:/path/to/certs` + ##### Public Kubeflow Pipelines API endpoint (public_api_endpoint) diff --git a/elyra/pipeline/kfp/kfp_authentication.py b/elyra/pipeline/kfp/kfp_authentication.py index 3ca44519a..15f0e8170 100644 --- a/elyra/pipeline/kfp/kfp_authentication.py +++ b/elyra/pipeline/kfp/kfp_authentication.py @@ -230,6 +230,7 @@ def authenticate( """ kf_url = urlsplit(api_endpoint)._replace(path="").geturl() + kf_pipelines_ssl_sa_cert = os.getenv("KF_PIPELINES_SSL_SA_CERTS", None) # return data structure for successful requests auth_info = { @@ -239,6 +240,7 @@ def authenticate( "cookies": None, # passed to KFP SDK client as "cookies" param value "credentials": None, # passed to KFP SDK client as "credentials" param value "existing_token": None, # passed to KFP SDK client as "existing_token" param value + "ssl_ca_cert": kf_pipelines_ssl_sa_cert, # passed to KFP SDK Client as "ssl_ca_cert" param value } try: diff --git a/elyra/pipeline/kfp/processor_kfp.py b/elyra/pipeline/kfp/processor_kfp.py index 4e7f9be57..78966fbdb 100644 --- a/elyra/pipeline/kfp/processor_kfp.py +++ b/elyra/pipeline/kfp/processor_kfp.py @@ -213,6 +213,7 @@ def process(self, pipeline): credentials=auth_info.get("credentials", None), existing_token=auth_info.get("existing_token", None), namespace=user_namespace, + ssl_ca_cert=auth_info.get("ssl_ca_cert", None), ) else: client = ArgoClient(