Allow users to include ssl_sa_certs via env vars for kfp_tekton client

- with documentation update. Signed-off-by: Harshad Reddy Nalla <hnalla@redhat.com>
elyra-ai · Aug 12, 2024 · b80e369 · b80e369
1 parent 8108696
commit b80e369
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/docs/source/user_guide/runtime-conf.md b/docs/source/user_guide/runtime-conf.md
@@ -221,6 +221,9 @@ The KubeFlow Pipelines API endpoint you want to utilize. This setting is require
 
 Example: `https://kubernetes-service.domain.com/pipeline`
 
+*Note*: In setups where the Kubeflow Pipeline server is secured with a custom certificate, users can specify this certificate path by setting the environment variable `KF_PIPELINES_SSL_SA_CERT` in the jupyter environment. This variable directs the Kubeflow Pipelines SDK client to use the provided certificate for accessing the Kubeflow Pipeline server. For more information, see the [ssl_ca_cert](https://kubeflow-pipelines.readthedocs.io/en/stable/source/client.html#kfp.client.Client.__init__.ssl_ca_cert) attribute in the `kfp` SDK documentation.  
+Ex: `KF_PIPELINES_SSL_SA_CERT:/path/to/certs`
+
 
 ##### Public Kubeflow Pipelines API endpoint (public_api_endpoint)
 

diff --git a/elyra/pipeline/kfp/kfp_authentication.py b/elyra/pipeline/kfp/kfp_authentication.py
@@ -230,6 +230,7 @@ def authenticate(
         """
 
         kf_url = urlsplit(api_endpoint)._replace(path="").geturl()
+        kf_pipelines_ssl_sa_cert = os.getenv("KF_PIPELINES_SSL_SA_CERTS", None)
 
         # return data structure for successful requests
         auth_info = {
@@ -239,6 +240,7 @@ def authenticate(
             "cookies": None,  # passed to KFP SDK client as "cookies" param value
             "credentials": None,  # passed to KFP SDK client as "credentials" param value
             "existing_token": None,  # passed to KFP SDK client as "existing_token" param value
+            "ssl_ca_cert": kf_pipelines_ssl_sa_cert,  # passed to KFP SDK Client as "ssl_ca_cert" param value
         }
 
         try:

diff --git a/elyra/pipeline/kfp/processor_kfp.py b/elyra/pipeline/kfp/processor_kfp.py
@@ -213,6 +213,7 @@ def process(self, pipeline):
                     credentials=auth_info.get("credentials", None),
                     existing_token=auth_info.get("existing_token", None),
                     namespace=user_namespace,
+                    ssl_ca_cert=auth_info.get("ssl_ca_cert", None),
                 )
             else:
                 client = ArgoClient(