From 060df4429ad3953804bc1a546256beb5b3146b51 Mon Sep 17 00:00:00 2001
From: Zhenghui Wang <zhenghuiwang@users.noreply.github.com>
Date: Wed, 27 Feb 2019 20:11:22 -0800
Subject: [PATCH] Add TLS certification after creating cluster (#317)

* project creation

* remove project_creation

* add kuber-rsa to worker image

* add kube-rsa to image

* remove blank line
---
 images/Dockerfile                         | 6 ++++--
 py/kubeflow/testing/create_kf_instance.py | 7 +++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/images/Dockerfile b/images/Dockerfile
index 961fb60a95b..eefd07a9100 100644
--- a/images/Dockerfile
+++ b/images/Dockerfile
@@ -50,9 +50,11 @@ RUN cd /tmp && \
     tar -C /usr/local -xzf go.tar.gz
 
 # Install gcloud
-ENV PATH=/usr/local/go/bin:/google-cloud-sdk/bin:/workspace:${PATH} \
+ENV PATH=/root/go/bin:/usr/local/go/bin:/google-cloud-sdk/bin:/workspace:${PATH} \
     CLOUDSDK_CORE_DISABLE_PROMPTS=1
 
+RUN go get github.com/kelseyhightower/kube-rsa
+
 RUN wget -q https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.tar.gz && \
     tar xzf google-cloud-sdk.tar.gz -C / && \
     rm google-cloud-sdk.tar.gz && \
@@ -142,7 +144,7 @@ RUN cd /tmp/ && \
 RUN pip3 install pipenv==2018.10.9
 RUN cd /tmp/ && pipenv install --system --three
 
-RUN pip install yq 
+RUN pip install yq
 
 COPY checkout.sh /usr/local/bin
 RUN chmod a+x /usr/local/bin/checkout.sh
diff --git a/py/kubeflow/testing/create_kf_instance.py b/py/kubeflow/testing/create_kf_instance.py
index 53cfa3b22ad..f9285821ce6 100644
--- a/py/kubeflow/testing/create_kf_instance.py
+++ b/py/kubeflow/testing/create_kf_instance.py
@@ -155,6 +155,13 @@ def main(): # pylint: disable=too-many-locals,too-many-statements
             "--zone", args.zone,
             "--update-labels", ",".join(label_args)],
            cwd=app_dir)
+  util.run(["gcloud", "container", "clusters", "get-credentials", name,
+            "--zone", args.zone,
+            "--protject", args.project])
+  tls_endpoint = "--host=%s.endpoints.kubeflow-ci.cloud.goog" % name
+  util.run(["kube-rsa", tls_endpoint])
+  util.run(["kubectl", "-n", "kubeflow", "create", "secret", "tls",
+           "envoy-ingress-tls", "--cert=ca.pem", "--key=ca-key.pem"])
 
 if __name__ == "__main__":
   main()