enable CloudSQL+GCSObjStore without default credential

manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/minio.yaml

@@ -43,8 +43,11 @@ spec:
               value: minio
             - name: MINIO_SECRET_KEY
               value: minio123
-            - name: GOOGLE_APPLICATION_CREDENTIALS
-              value: "/etc/credentials/application_default_credentials.json"
+            # Minio is KFP system workload and we use GCE's default service account
+            # or later Workload Identity's corresponding service account.
+            # So here no need to setup GOOGLE_APPLICATION_CREDENTIALS.            
+            # - name: GOOGLE_APPLICATION_CREDENTIALS
+            #  value: "/etc/credentials/application_default_credentials.json"
           image: {{ .Values.images.minio }}
           name: minio
           ports:

manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/mysql.yaml

@@ -43,7 +43,8 @@ spec:
                     "-dir=/cloudsql",
             # Replace with your own CloudSQL instance ID
                     "-instances={{ .Values.managedstorage.cloudsqlInstanceConnectionName }}=tcp:0.0.0.0:3306",
-                    "-credential_file=/credentials/application_default_credentials.json",
+            # System workload uses GCE default service account or Workload Identity's service account
+            #        "-credential_file=/credentials/application_default_credentials.json",
                     "term_timeout=10s"]
           # set term_timeout if require graceful handling of shutdown
           # NOTE: proxy will stop accepting new connections; only wait on existing connections

manifests/gcp_marketplace/chart/kubeflow-pipelines/values.yaml

@@ -27,6 +27,11 @@ managedstorage:
   #
   # gcsBucketName is used in two places, so I wrote a template string here that
   # can be evaluated in each place.
+  #
+  # Name pattern:
+  # If spedify databaseNamePrefix: %{cloudsqlInstanceConnectionName}-%{truncedDatabaseNamePrefix}
+  # else: %{cloudsqlInstanceConnectionName}-%{releaseName}
+  # TODO: try trunk for each sub string before concat.
   gcsBucketName: '{{ if .Values.managedstorage.databaseNamePrefix }}{{ printf "%s-%s" .Values.managedstorage.cloudsqlInstanceConnectionName .Values.managedstorage.databaseNamePrefix | replace ":" "-" | trunc 50 }}{{ else }}{{ printf "%s-%s" .Values.managedstorage.cloudsqlInstanceConnectionName .Release.Name | replace ":" "-" | trunc 50 }}{{ end }}'
   databaseNamePrefix: null
   dbUsername: 'root'

manifests/gcp_marketplace/schema.yaml

@@ -108,6 +108,51 @@ properties:
     type: string
     x-google-marketplace:
       type: NAMESPACE
+  managedstorage.enabled:
+    type: boolean
+    title: Use managed storage
+    description: |-
+      Use Cloud SQL and GCS for storing the data.
+      Using CloudSQL and GCS provides better reliability and performance,
+      as well as features such as data backup and usage monitoring.
+      This is the recommended option especially for production scenarios.
+      If false, the data will be stored in GCE Persistent Disk.
+    default: false
+  managedstorage.cloudsqlInstanceConnectionName:
+    type: string
+    title: Cloud SQL instance connection name (Managed storage only)
+    description: |-
+      This field must be specified if choose to use managed storage.
+      Provide the instance connection name for an existing Cloud SQL for MySQL instance.
+      The instance connection name can be found on the instance detail page in the Cloud SQL console.
+      The instance connection name uses the format project:zone:instance-name, for example,myproject:us-central1:myinstance.
+      For more details on how to create a new instance, see https://cloud.google.com/sql/docs/mysql/quickstart.
+  managedstorage.dbUsername:
+    type: string
+    title: Database username (Managed storage only)
+    description: |-
+      The database username to use when connecting to the Cloud SQL instance.
+      If you leave this field empty, the deployment will use the default 'root' user account to connect.
+      For more details about MySQL users, see https://cloud.google.com/sql/docs/mysql/users.
+  managedstorage.dbPassword:
+    type: string
+    title: Database password (Managed storage only)
+    x-google-marketplace:
+      type: MASKED_FIELD	
+    description: |-
+      The database password to use when connecting to the Cloud SQL instance.
+      If you leave this field empty, the deployment will try to connect to the instance without providing a password.
+      This will fail if a password is required for the username you provided.
+  managedstorage.databaseNamePrefix:
+    type: string
+    title: Database name prefix (Managed storage only)
+    description: |-
+      The prefix of the database name. Kubeflow Pipelines will create two databases,
+      [prefix]_pipeline and [prefix]_metadata.
+      Use lowercase letters, numbers, and hyphens. Start with a letter.
+      If the prefix specified is same as an old deployment in the past,	
+      the deployment will recover from an old deployment.
+      If this not specified, the app instance name will be used.
 
 required:
   - name