Source code for kfp.aws

# Copyright 2019 The Kubeflow Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[docs]def use_aws_secret(secret_name='aws-secret', aws_access_key_id_name='AWS_ACCESS_KEY_ID', aws_secret_access_key_name='AWS_SECRET_ACCESS_KEY', aws_region=None): """An operator that configures the container to use AWS credentials. AWS doesn't create secret along with kubeflow deployment and it requires users to manually create credential secret with proper permissions. :: apiVersion: v1 kind: Secret metadata: name: aws-secret type: Opaque data: AWS_ACCESS_KEY_ID: BASE64_YOUR_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: BASE64_YOUR_AWS_SECRET_ACCESS_KEY """ def _use_aws_secret(task): from kubernetes import client as k8s_client task.container \ .add_env_variable( k8s_client.V1EnvVar( name='AWS_ACCESS_KEY_ID', value_from=k8s_client.V1EnvVarSource( secret_key_ref=k8s_client.V1SecretKeySelector( name=secret_name, key=aws_access_key_id_name ) ) ) ) \ .add_env_variable( k8s_client.V1EnvVar( name='AWS_SECRET_ACCESS_KEY', value_from=k8s_client.V1EnvVarSource( secret_key_ref=k8s_client.V1SecretKeySelector( name=secret_name, key=aws_secret_access_key_name ) ) ) ) if aws_region: task.container \ .add_env_variable( k8s_client.V1EnvVar( name='AWS_REGION', value=aws_region ) ) return task return _use_aws_secret