[WIP] fix: moving the hardcoded configs in KFPv2 Launcher to configmap. Fixes #494

[amadhusu]

Which issue is resolved by this Pull Request:
Resolves #494

Description of your changes:
Followed Option 1 in the suggestion mentioned in kubeflow/pipelines/issues/9689

We want to allow the above configs to be changed from their defaults, preferably on a per-namespace basis.

I propose we add these configs to the ConfigMap/kfp-launcher which already exists in each profile namespace to set defaultPipelineRoot.

For example, a new ConfigMap/kfp-launcher in a profile namespace might look like this:

data:
  defaultPipelineRoot: "minio://mlpipeline/v2/artifacts"
 
  ## minio endpoint config
  defaultMinioEndpoint: "minio.example.com:9000"
 
  ## minio auth configs
  minioAuthConfig: "mlpipeline-minio-artifact"
  minioAuthConfigAccessKey: "access_key"
  minioAuthConfigSecretKey: "access_key"

OPTION 1: have the kfp-launcher container read the ConfigMap/kfp-launcher
when it executes, it can pass the minio configs down as it calls objectstore.OpenBucket

Environment tested:

Checklist:

• The title for your pull request (PR) should follow our title convention. Learn more about the pull request title convention used in this repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: amadhusu

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[HumairAK]

I'm finding the naming here to be very hard to digest, can you organize this differently

group the configs together, space them apart, etc.

• note also that minioAuthConfigAccessKey and minioAuthConfigSecretKey consider what they are being used for, for example: defaultMinioSecretAccessKeyKey and defaultMinioSecretSecretKeyKey, this may look silly with the double usage of "secret" and "key", but it's more descriptive, as these are fields found in a k8s secret.

• minioAuthConfig can be better named (I know this one comes from upstream but it's confusing), it's a default k8s secret name, something like defaultMiniotAuthSecretName is way more helpful

[amadhusu]

@HumairAK See if the changes here are easier to read now

[HumairAK]

what if these fields are not present?

• c.data[configMinioAuthConfigAccessKey]
• c.data[configMinioAuthConfigSecretKey]

[HumairAK]

this is not fetching the creds from the secret anymore , we need to retain the original behavior if the credentials aren't specified in a config

[HumairAK]

in the original issue the recommendation was to do this in Execute within the launcher, and pass the creds down to OpenBucket, I agree with this approach more because "FromConfigMap" is a kfp-launcher concern, not object store, so we should not be reading kfp-launcher configs within the objectstore package.

[HumairAK]

The double calls for the same thing seem weird to me for retrieving the minio endpoint, how about we just add a field to the Config struct at the top called endpoint, in kfp-launcher execute fetch it via MinioEndpoint(), in OpenBucket, check fo this field in bucketconfig if it doesn't exist, default to old behavior

[HumairAK]

Nevermind, I'm not sure about this one, adding fields in a generic way to the config struct is not completely clear, there is tight integration with minio but there is still "some" support for other storage providers (see ParseBucketConfig), but there doesn't seem to be a way to provide credentials for them, so I'm not sure if it makes sense to add things like "Region" (needed by aws s3 for example) or not to that struct.

[gregsheremeta]

Migrated to Jira: https://issues.redhat.com/browse/RHOAIENG-1628

sorry bad robot

[amadhusu]

Closing this PR as it has been moved to here

[RichardPinter]

Has this been resolved? I can connect to my external minio to write manifects, but for some logs it still tries to write to the internal minio?
ailed to execute component: failed to upload output artifact "data_out" to remote storage URI "minio://mlpipeline/v2/artifacts/xxxxx/data_out": uploadFile(): unable to complete copying "/minio/mlpipeline/v2/artifacts/xxxxx/gen-sine/data_out" to remote storage "gen-sine/data_out": failed to close Writer for bucket: blob (key "gen-sine/data_out") (code=NotFound): NoSuchBucket: The specified bucket does not exist