diff --git a/hack/pull_kfp_upstream.sh b/hack/pull_kfp_upstream.sh
index 0d986871df..c1b4501ecc 100755
--- a/hack/pull_kfp_upstream.sh
+++ b/hack/pull_kfp_upstream.sh
@@ -8,7 +8,7 @@ set -ex
 
 # Please edit the following version before running the script to pull new
 # pipelines version.
-export PIPELINES_VERSION=1.0.0-rc.3
+export PIPELINES_VERSION=1.0.0
 export PIPELINES_SRC_REPO=https://github.com/kubeflow/pipelines.git
 
 if [ -d pipeline/upstream ]; then
diff --git a/pipeline/installs/multi-user/kustomization.yaml b/pipeline/installs/multi-user/kustomization.yaml
index ecf633d9e6..dc5fc4607b 100644
--- a/pipeline/installs/multi-user/kustomization.yaml
+++ b/pipeline/installs/multi-user/kustomization.yaml
@@ -18,6 +18,7 @@ resources:
 patchesStrategicMerge:
 - api-service/deployment-patch.yaml
 - pipelines-ui/deployment-patch.yaml
+- pipelines-ui/configmap-patch.yaml
 - scheduled-workflow/deployment-patch.yaml
 - viewer-controller/deployment-patch.yaml
 - persistence-agent/deployment-patch.yaml
diff --git a/pipeline/installs/multi-user/pipelines-ui/configmap.yaml b/pipeline/installs/multi-user/pipelines-ui/configmap-patch.yaml
similarity index 100%
rename from pipeline/installs/multi-user/pipelines-ui/configmap.yaml
rename to pipeline/installs/multi-user/pipelines-ui/configmap-patch.yaml
diff --git a/pipeline/installs/multi-user/pipelines-ui/kustomization.yaml b/pipeline/installs/multi-user/pipelines-ui/kustomization.yaml
index 33ad4fc768..c84d97c05c 100644
--- a/pipeline/installs/multi-user/pipelines-ui/kustomization.yaml
+++ b/pipeline/installs/multi-user/pipelines-ui/kustomization.yaml
@@ -6,4 +6,3 @@ commonLabels:
 resources:
 - cluster-role.yaml
 - cluster-role-binding.yaml
-- configmap.yaml
diff --git a/pipeline/upstream/Kptfile b/pipeline/upstream/Kptfile
index 350c65c2b9..e20130ddf1 100644
--- a/pipeline/upstream/Kptfile
+++ b/pipeline/upstream/Kptfile
@@ -5,7 +5,7 @@ metadata:
 upstream:
     type: git
     git:
-        commit: 7a0df42fa5555110f2ada71a2728efc32d5a8110
+        commit: 181c35002490cf7f1b5af8c88cb8b7cf29332f2b
         repo: https://github.com/kubeflow/pipelines
         directory: /manifests/kustomize
-        ref: 1.0.0-rc.3
+        ref: 1.0.0
diff --git a/pipeline/upstream/base/cache-deployer/kustomization.yaml b/pipeline/upstream/base/cache-deployer/kustomization.yaml
index 9a95905720..fadd6a3836 100644
--- a/pipeline/upstream/base/cache-deployer/kustomization.yaml
+++ b/pipeline/upstream/base/cache-deployer/kustomization.yaml
@@ -6,4 +6,4 @@ resources:
 - cache-deployer-deployment.yaml
 images:
 - name: gcr.io/ml-pipeline/cache-deployer
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
diff --git a/pipeline/upstream/base/cache/kustomization.yaml b/pipeline/upstream/base/cache/kustomization.yaml
index f7479e89b1..a7d8c3dc07 100644
--- a/pipeline/upstream/base/cache/kustomization.yaml
+++ b/pipeline/upstream/base/cache/kustomization.yaml
@@ -8,4 +8,4 @@ resources:
 - cache-sa.yaml
 images:
 - name: gcr.io/ml-pipeline/cache-server
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
diff --git a/pipeline/upstream/base/metadata/kustomization.yaml b/pipeline/upstream/base/metadata/kustomization.yaml
index 517d6eb23a..5bd67c2555 100644
--- a/pipeline/upstream/base/metadata/kustomization.yaml
+++ b/pipeline/upstream/base/metadata/kustomization.yaml
@@ -8,4 +8,4 @@ resources:
 - metadata-envoy-service.yaml
 images:
 - name: gcr.io/ml-pipeline/metadata-envoy
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
diff --git a/pipeline/upstream/base/params.env b/pipeline/upstream/base/params.env
index 2a95710eda..a274506fc7 100644
--- a/pipeline/upstream/base/params.env
+++ b/pipeline/upstream/base/params.env
@@ -1,5 +1,5 @@
 appName=pipeline
-appVersion=1.0.0-rc.3
+appVersion=1.0.0
 dbHost=mysql
 dbPort=3306
 mlmdDb=metadb
diff --git a/pipeline/upstream/base/pipeline/kustomization.yaml b/pipeline/upstream/base/pipeline/kustomization.yaml
index a8c518780e..75585a442f 100644
--- a/pipeline/upstream/base/pipeline/kustomization.yaml
+++ b/pipeline/upstream/base/pipeline/kustomization.yaml
@@ -17,6 +17,7 @@ resources:
 - ml-pipeline-scheduledworkflow-rolebinding.yaml
 - ml-pipeline-scheduledworkflow-sa.yaml
 - ml-pipeline-ui-deployment.yaml
+- ml-pipeline-ui-configmap.yaml
 - ml-pipeline-ui-role.yaml
 - ml-pipeline-ui-rolebinding.yaml
 - ml-pipeline-ui-sa.yaml
@@ -32,16 +33,17 @@ resources:
 - pipeline-runner-rolebinding.yaml
 - pipeline-runner-sa.yaml
 - container-builder-sa.yaml
+- viewer-sa.yaml
 images:
 - name: gcr.io/ml-pipeline/api-server
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
 - name: gcr.io/ml-pipeline/persistenceagent
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
 - name: gcr.io/ml-pipeline/scheduledworkflow
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
 - name: gcr.io/ml-pipeline/frontend
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
 - name: gcr.io/ml-pipeline/viewer-crd-controller
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
 - name: gcr.io/ml-pipeline/visualization-server
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
diff --git a/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml b/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml
index 51503e59d1..6a4a3b21c5 100644
--- a/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml
+++ b/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml
@@ -7,4 +7,4 @@ resources:
 - metadata-writer-sa.yaml
 images:
 - name: gcr.io/ml-pipeline/metadata-writer
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-configmap.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-configmap.yaml
new file mode 100644
index 0000000000..85b6422976
--- /dev/null
+++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ml-pipeline-ui-configmap
+data:
+   viewer-pod-template.json:  |-
+    {
+        "spec": {
+            "serviceAccountName": "kubeflow-pipelines-viewer"
+        }
+    }
diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml
index 70664377c7..cbb03c5232 100644
--- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml
+++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml
@@ -13,13 +13,23 @@ spec:
       labels:
         app: ml-pipeline-ui
     spec:
+      volumes:
+      - name: config-volume
+        configMap:
+          name: ml-pipeline-ui-configmap
       containers:
       - image: gcr.io/ml-pipeline/frontend:dummy
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-ui
         ports:
         - containerPort: 3000
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/config
+          readOnly: true
         env:
+          - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH
+            value: /etc/config/viewer-pod-template.json
           - name: MINIO_NAMESPACE
             valueFrom:
               fieldRef:
diff --git a/pipeline/upstream/base/pipeline/viewer-sa.yaml b/pipeline/upstream/base/pipeline/viewer-sa.yaml
new file mode 100644
index 0000000000..932133c82a
--- /dev/null
+++ b/pipeline/upstream/base/pipeline/viewer-sa.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubeflow-pipelines-viewer
diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml
index 434afd2ee8..10e1f6aafe 100644
--- a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml
+++ b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml
@@ -14,6 +14,7 @@ spec:
       labels:
         app: cloudsqlproxy
     spec:
+      serviceAccountName: kubeflow-pipelines-cloudsql-proxy
       containers:
         - image: gcr.io/cloudsql-docker/gce-proxy:1.14
           name: cloudsqlproxy
diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml
new file mode 100644
index 0000000000..a4cc9c43df
--- /dev/null
+++ b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubeflow-pipelines-cloudsql-proxy
diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml
index 7c4a112164..a336cb50f9 100644
--- a/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml
+++ b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml
@@ -3,4 +3,5 @@ kind: Kustomization
 
 resources:
 - cloudsql-proxy-deployment.yaml
+- cloudsql-proxy-sa.yaml
 - mysql-service.yaml
diff --git a/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml
index f91249a5e2..dd5b29598b 100644
--- a/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml
+++ b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml
@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: gcr.io/ml-pipeline/inverse-proxy-agent
-  newTag: 1.0.0-rc.3
+  newTag: 1.0.0
 resources:
 - proxy-configmap.yaml
 - proxy-deployment.yaml
diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml
index 08876d3990..e2d9cf597f 100644
--- a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml
+++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml
@@ -3,6 +3,7 @@ kind: Kustomization
 
 resources:
 - minio-gcs-gateway-deployment.yaml
+- minio-gcs-gateway-sa.yaml
 - minio-gcs-gateway-service.yaml
 
 secretGenerator:
diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml
index e8dd6e2509..f26d27cc61 100644
--- a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml
+++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml
@@ -15,6 +15,7 @@ spec:
       labels:
         app: minio
     spec:
+      serviceAccountName: kubeflow-pipelines-minio-gcs-gateway
       containers:
         - name: minio
           image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance
diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-sa.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-sa.yaml
new file mode 100644
index 0000000000..2aa4f93768
--- /dev/null
+++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-sa.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubeflow-pipelines-minio-gcs-gateway
diff --git a/pipeline/upstream/gcp-workload-identity-setup.sh b/pipeline/upstream/gcp-workload-identity-setup.sh
index e749ccbc0d..6fac04c570 100755
--- a/pipeline/upstream/gcp-workload-identity-setup.sh
+++ b/pipeline/upstream/gcp-workload-identity-setup.sh
@@ -16,44 +16,59 @@
 
 set -e
 
+# Kubernetes Namespace
+NAMESPACE=${NAMESPACE:-kubeflow}
+
 # Google service Account (GSA)
-SYSTEM_GSA=${SYSTEM_GSA:-$CLUSTER_NAME-kfp-system}
-USER_GSA=${USER_GSA:-$CLUSTER_NAME-kfp-user}
+SYSTEM_GSA=${SYSTEM_GSA:-$RESOURCE_PREFIX-kfp-system}
+USER_GSA=${USER_GSA:-$RESOURCE_PREFIX-kfp-user}
 
 # Kubernetes Service Account (KSA)
+# Note, if deploying manifests/kustomize/env/gcp, you can add the following KSAs
+# to the array of SYSTEM_KSA:
+# * kubeflow-pipelines-minio-gcs-gateway needs gcs permissions
+# * kubeflow-pipelines-cloudsql-proxy needs cloudsql permissions
 SYSTEM_KSA=(ml-pipeline-ui ml-pipeline-visualizationserver)
-USER_KSA=(pipeline-runner kubeflow-pipelines-container-builder)
+USER_KSA=(pipeline-runner kubeflow-pipelines-container-builder kubeflow-pipelines-viewer)
 
-cat <<EOF
+if [ -n $USE_GCP_MANAGED_STORAGE ]; then
+  SYSTEM_KSA+=(kubeflow-pipelines-minio-gcs-gateway)
+  SYSTEM_KSA+=(kubeflow-pipelines-cloudsql-proxy)
+fi
 
-It is recommended to first review introduction to workload identity: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity.
+cat <<EOF
 
-This script sets up Google service accounts and workload identity bindings for a Kubeflow Pipelines (KFP) standalone deployment.
+This script sets up Google service accounts, Kubernetes service accounts and workload identity bindings for a Kubeflow Pipelines (KFP) standalone deployment.
 You can also choose to manually set these up based on documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity.
 
 Before you begin, please check the following list:
+* Please first review introduction to workload identity: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity.
+* KFP is already or will be deployed by standalone deployment: https://www.kubeflow.org/docs/pipelines/installation/standalone-deployment/
 * gcloud is configured following steps: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#before_you_begin.
-* KFP is already deployed by standalone deployment: https://www.kubeflow.org/docs/pipelines/standalone-deployment-gcp/.
 * kubectl talks to the cluster KFP is deployed to: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl.
+* The namespace you specified by NAMESPACE env var already exists on the cluster. You can create it by "kubectl create namespace \$NAMESPACE".
+
+The following resources will be created or updated to create workload identity bindings between GSAs and KSAs:
+* Google service accounts (GSAs)
+* Service account IAM policy bindings on these GSAs
+* Kubernetes service accounts with annotations in namespace "$NAMESPACE".
 
-The following resources will be created to bind workload identity between GSAs and KSAs:
-* Google service accounts (GSAs): $SYSTEM_GSA and $USER_GSA.
-* Service account IAM policy bindings.
-* Kubernetes service account annotations.
+Note, this script is designed to be idempotent. If something went wrong, you can safely fix the error and rerun this script.
 
 EOF
 
-NAMESPACE=${NAMESPACE:-kubeflow}
 function usage {
 cat <<\EOF
 Usage:
 ```
-PROJECT_ID=<your-gcp-project-id> CLUSTER_NAME=<your-gke-cluster-name> NAMESPACE=<your-k8s-namespace> ./gcp-workload-identity-setup.sh
+PROJECT_ID=<your-gcp-project-id> RESOURCE_PREFIX=<your-chosen-prefix> NAMESPACE=<your-k8s-namespace> ./gcp-workload-identity-setup.sh
 ```
 
 PROJECT_ID: GCP project ID your cluster belongs to.
-CLUSTER_NAME: your GKE cluster's name.
-NAMESPACE: Kubernetes namespace your Kubeflow Pipelines standalone deployment belongs to (default is kubeflow).
+RESOURCE_PREFIX: Your preferred resource prefix for GCP resources this script creates.
+NAMESPACE: Optional. Kubernetes namespace your Kubeflow Pipelines standalone deployment belongs to. (Defaults to kubeflow)
+USE_GCP_MANAGED_STORAGE: Optional. Defaults to "false", specify "true" if you intend to use GCP managed storage (Google Cloud Storage and Cloud SQL) following instructions in:
+https://github.com/kubeflow/pipelines/tree/master/manifests/kustomize/sample
 EOF
 }
 if [ -z "$PROJECT_ID" ]; then
@@ -62,18 +77,39 @@ if [ -z "$PROJECT_ID" ]; then
   echo "Error: PROJECT_ID env variable is empty!"
   exit 1
 fi
-if [ -z "$CLUSTER_NAME" ]; then
+if [ -z "$RESOURCE_PREFIX" ]; then
   usage
   echo
-  echo "Error: CLUSTER_NAME env variable is empty!"
+  echo "Error: RESOURCE_PREFIX env variable is empty!"
   exit 1
 fi
 echo "Env variables set:"
 echo "* PROJECT_ID=$PROJECT_ID"
-echo "* CLUSTER_NAME=$CLUSTER_NAME"
+echo "* RESOURCE_PREFIX=$RESOURCE_PREFIX"
 echo "* NAMESPACE=$NAMESPACE"
+echo "* USE_GCP_MANAGED_STORAGE=${USE_GCP_MANAGED_STORAGE:-false}"
 echo
 
+SYSTEM_GSA_FULL="$SYSTEM_GSA@$PROJECT_ID.iam.gserviceaccount.com"
+USER_GSA_FULL="$USER_GSA@$PROJECT_ID.iam.gserviceaccount.com"
+
+cat <<EOF
+
+The following resources will be created or updated to create workload identity bindings between GSAs and KSAs:
+* Google service accounts (GSAs):
+  * $SYSTEM_GSA_FULL
+  * $USER_GSA_FULL
+* Service account IAM policy bindings on these GSAs to grant "Workload Identity User" role.
+* Kubernetes service accounts with annotations in namespace "$NAMESPACE".
+* $SYSTEM_GSA_FULL will be bound to these KSAs:
+  ${SYSTEM_KSA[@]}.
+* $USER_GSA_FULL will be bound to these KSAs:
+  ${USER_KSA[@]}.
+
+Note: if you prefer more granular workload identity bindings, you can modify this script to suit your needs.
+
+EOF
+
 read -p "Continue? (Y/n) " -n 1 -r
 echo
 if [[ ! $REPLY =~ ^[Yy]$ ]]; then
@@ -93,14 +129,15 @@ function create_gsa_if_not_present {
 create_gsa_if_not_present $SYSTEM_GSA
 create_gsa_if_not_present $USER_GSA
 
-# You can optionally choose to add iam policy bindings to grant project permissions to these GSAs.
-# You can also set these up later.
-# gcloud projects add-iam-policy-binding $PROJECT_ID \
-#   --member="serviceAccount:$SYSTEM_GSA@$PROJECT_ID.iam.gserviceaccount.com" \
-#   --role="roles/editor"
-# gcloud projects add-iam-policy-binding $PROJECT_ID \
-#   --member="serviceAccount:$USER_GSA@$PROJECT_ID.iam.gserviceaccount.com" \
-#   --role="roles/editor"
+function create_ksa_if_not_present {
+  local name=${1}
+  if kubectl get serviceaccount $name -n $NAMESPACE >/dev/null; then
+    echo "KSA $name already exists"
+  else
+    kubectl create serviceaccount $name -n $NAMESPACE --save-config
+    echo "KSA $name created"
+  fi
+}
 
 # Bind KSA to GSA through workload identity.
 # Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
@@ -112,6 +149,8 @@ function bind_gsa_and_ksa {
     --member="serviceAccount:$PROJECT_ID.svc.id.goog[$NAMESPACE/$ksa]" \
     --role="roles/iam.workloadIdentityUser" \
     > /dev/null # hide verbose output
+
+  create_ksa_if_not_present $ksa
   kubectl annotate serviceaccount \
     --namespace $NAMESPACE \
     --overwrite \
@@ -129,3 +168,35 @@ echo "Binding each kfp user KSA to $USER_GSA"
 for ksa in ${USER_KSA[@]}; do
   bind_gsa_and_ksa $USER_GSA $ksa
 done
+
+echo
+echo "All the workload identity bindings have succeeded!"
+cat <<EOF
+
+
+=============
+Next steps:
+* This script won't add IAM policies to grant these GSAs with permissions KFP needs, you need to do that by yourself.
+
+### If **NOT** using GCP managed storage, you can:
+* Give $SYSTEM_GSA_FULL "Storage Object Viewer" role to allow KFP UI load data in GCS in the same project:
+gcloud projects add-iam-policy-binding $PROJECT_ID \\
+  --member="serviceAccount:$SYSTEM_GSA_FULL" \\
+  --role="roles/storage.objectViewer"
+
+* Give $USER_GSA_FULL any permissions your pipelines, container builder and tensorboard need. For **QUICK** tryouts, you can give it Project Editor role for all permissions, but **WARNING** be aware this overgrants too much permission:
+gcloud projects add-iam-policy-binding $PROJECT_ID \\
+  --member="serviceAccount:$USER_GSA_FULL" \\
+  --role="roles/editor"
+
+### If using GCP managed storage, you **ALSO** need to give $SYSTEM_GSA_FULL these roles:
+* "Storage Admin" role on specified GCS bucket to allow writing to specified GCS artifact bucket:
+gsutil iam ch serviceAccount:$SYSTEM_GSA_FULL:roles/storage.admin gs://[BUCKET_NAME]
+
+Or you can find other ways in https://cloud.google.com/storage/docs/access-control/using-iam-permissions#bucket-add.
+
+* "Cloud SQL Client" role to allow connecting to Cloud SQL instances:
+gcloud projects add-iam-policy-binding $PROJECT_ID \\
+  --member="serviceAccount:$SYSTEM_GSA_FULL" \\
+  --role="roles/cloudsql.client"
+EOF
diff --git a/pipeline/upstream/sample/README.md b/pipeline/upstream/sample/README.md
index cb5c7e753d..c4bfe95ba2 100644
--- a/pipeline/upstream/sample/README.md
+++ b/pipeline/upstream/sample/README.md
@@ -8,8 +8,8 @@ You may consider create **zero-sized GPU node-pool with autoscaling**.
 Please reference [GPU Tutorial](/samples/tutorials/gpu/).
 - **Security** You may consider use **Workload Identity** in GCP cluster.
 
-Here for simplicity we create a small cluster with **--scopes=cloud-platform**
-to save credentail configure efforts.
+Here for simplicity, we create a small cluster with **--scopes=cloud-platform**
+which grants all the GCP permissions to the cluster.
 
 ```
 gcloud container clusters create mycluster \
@@ -53,7 +53,14 @@ gsutil mb -p myProjectId gs://myBucketName/
 - Edit **params.env**, **params-db-secret.env** and **cluster-scoped-resources/params.env**
 - Edit kustomization.yaml to set your namespace, e.x. "kubeflow"
 
-5. Install
+5. (Optional.) If the cluster is on Workload Identity, please run **[gcp-workload-identity-setup.sh](../gcp-workload-identity-setup.sh)**
+  The script prints usage documentation when calling without argument. Note, you should
+  call it with `USE_GCP_MANAGED_STORAGE=true` env var.
+
+  - make sure the Google Service Account (GSA) can access the CloudSQL instance and GCS bucket
+  - if your workload calls other GCP APIs, make sure the GSA can access them
+
+6. Install
 
 ```
 kubectl apply -k sample/cluster-scoped-resources/
@@ -68,11 +75,3 @@ kubectl wait applications/mypipeline -n kubeflow --for condition=Ready --timeout
 ```
 
 Now you can find the installation in [Console](http://console.cloud.google.com/ai-platform/pipelines)
-
-6. Post-installation configures
-
-It depends on how you create the cluster,
-- if the cluster is created with **--scopes=cloud-platform**, no actions required
-- if the cluster is on Workload Identity, please run **gcp-workload-identity-setup.sh**
-  - make sure the Google Service Account (GSA) can access the CloudSQL instance and GCS bucket
-  - if your workload calls other GCP APIs, make sure the GSA can access them
diff --git a/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
index 357bb20cc9..848c9cfeef 100644
--- a/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
@@ -46,7 +46,7 @@ spec:
     - name: Kubeflow Pipelines
       url: https://github.com/kubeflow/pipelines
     type: Kubeflow Pipelines
-    version: 1.0.0-rc.3
+    version: 1.0.0
   selector:
     matchLabels:
       app.kubernetes.io/application: kubeflow-pipelines
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
index 32a85f9ede..1547499965 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
@@ -29,7 +29,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/cache-deployer:1.0.0
         imagePullPolicy: Always
         name: main
       restartPolicy: Always
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml
index 442f566608..7d4e6d8315 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml
@@ -60,7 +60,7 @@ spec:
               name: mysql-secret-fd5gktm75t
         - name: NAMESPACE_TO_WATCH
           value: ""
-        image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/cache-server:1.0.0
         imagePullPolicy: Always
         name: server
         ports:
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml
index 0c466503bc..5c9451f28a 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml
@@ -25,6 +25,6 @@ spec:
       - env:
         - name: NAMESPACE_TO_WATCH
           value: ""
-        image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/metadata-writer:1.0.0
         name: main
       serviceAccountName: kubeflow-pipelines-metadata-writer
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
index a09ff96f0a..5b42caced1 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
@@ -24,7 +24,7 @@ spec:
       - env:
         - name: NAMESPACE
           value: ""
-        image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/persistenceagent:1.0.0
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-persistenceagent
       serviceAccountName: ml-pipeline-persistenceagent
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
index 3a1e782fd2..43d9f1c4d1 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
@@ -24,7 +24,7 @@ spec:
       - env:
         - name: NAMESPACE
           value: ""
-        image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-scheduledworkflow
       serviceAccountName: ml-pipeline-scheduledworkflow
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
index a934e9a18e..194f64b790 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
@@ -60,7 +60,7 @@ spec:
               name: mlpipeline-minio-artifact
         - name: ALLOW_CUSTOM_VISUALIZATIONS
           value: "true"
-        image: gcr.io/ml-pipeline/frontend:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/frontend:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
index 883c68bf20..69eaae3b49 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
@@ -31,7 +31,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0
         imagePullPolicy: Always
         name: ml-pipeline-viewer-crd
       serviceAccountName: ml-pipeline-viewer-crd-service-account
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
index 664dc0ff8b..0c01f97c7f 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
@@ -21,7 +21,7 @@ spec:
         app.kubernetes.io/name: kubeflow-pipelines
     spec:
       containers:
-      - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.3
+      - image: gcr.io/ml-pipeline/visualization-server:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
index cf97194f80..c66d45341f 100644
--- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
@@ -81,7 +81,7 @@ spec:
         envFrom:
         - configMapRef:
             name: pipeline-api-server-config-f4t72426kt
-        image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/api-server:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml
index de03c0cc36..da561543e7 100644
--- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml
@@ -9,7 +9,6 @@ data:
 kind: ConfigMap
 metadata:
   labels:
-    app: ml-pipeline-ui
     app.kubernetes.io/component: ml-pipeline
     app.kubernetes.io/name: kubeflow-pipelines
   name: ml-pipeline-ui-configmap
diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
similarity index 80%
rename from tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml
rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
index 77f2a65563..8d025b74ed 100644
--- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml
+++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   appName: pipeline
-  appVersion: 1.0.0-rc.3
+  appVersion: 1.0.0
   bucketName: mlpipeline
   cacheDb: cachedb
   dbHost: mysql
@@ -13,5 +13,5 @@ metadata:
   labels:
     app.kubernetes.io/component: ml-pipeline
     app.kubernetes.io/name: kubeflow-pipelines
-  name: pipeline-upstream-install-config-tf9868m7df
+  name: pipeline-upstream-install-config-c958fm776d
   namespace: kubeflow
diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml
new file mode 100644
index 0000000000..9521f5b74d
--- /dev/null
+++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: ml-pipeline
+    app.kubernetes.io/name: kubeflow-pipelines
+  name: kubeflow-pipelines-viewer
+  namespace: kubeflow
diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
index 357bb20cc9..848c9cfeef 100644
--- a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
+++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
@@ -46,7 +46,7 @@ spec:
     - name: Kubeflow Pipelines
       url: https://github.com/kubeflow/pipelines
     type: Kubeflow Pipelines
-    version: 1.0.0-rc.3
+    version: 1.0.0
   selector:
     matchLabels:
       app.kubernetes.io/application: kubeflow-pipelines
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
index 32a85f9ede..1547499965 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
@@ -29,7 +29,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/cache-deployer:1.0.0
         imagePullPolicy: Always
         name: main
       restartPolicy: Always
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml
index 442f566608..7d4e6d8315 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml
@@ -60,7 +60,7 @@ spec:
               name: mysql-secret-fd5gktm75t
         - name: NAMESPACE_TO_WATCH
           value: ""
-        image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/cache-server:1.0.0
         imagePullPolicy: Always
         name: server
         ports:
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml
index 0c466503bc..5c9451f28a 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml
@@ -25,6 +25,6 @@ spec:
       - env:
         - name: NAMESPACE_TO_WATCH
           value: ""
-        image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/metadata-writer:1.0.0
         name: main
       serviceAccountName: kubeflow-pipelines-metadata-writer
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
index a09ff96f0a..5b42caced1 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
@@ -24,7 +24,7 @@ spec:
       - env:
         - name: NAMESPACE
           value: ""
-        image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/persistenceagent:1.0.0
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-persistenceagent
       serviceAccountName: ml-pipeline-persistenceagent
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
index 3a1e782fd2..43d9f1c4d1 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
@@ -24,7 +24,7 @@ spec:
       - env:
         - name: NAMESPACE
           value: ""
-        image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-scheduledworkflow
       serviceAccountName: ml-pipeline-scheduledworkflow
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
index 1244312531..3170ec3af3 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
@@ -60,7 +60,7 @@ spec:
               name: mlpipeline-minio-artifact
         - name: ALLOW_CUSTOM_VISUALIZATIONS
           value: "true"
-        image: gcr.io/ml-pipeline/frontend:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/frontend:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
index 883c68bf20..69eaae3b49 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
@@ -31,7 +31,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0
         imagePullPolicy: Always
         name: ml-pipeline-viewer-crd
       serviceAccountName: ml-pipeline-viewer-crd-service-account
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
index 664dc0ff8b..0c01f97c7f 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
@@ -21,7 +21,7 @@ spec:
         app.kubernetes.io/name: kubeflow-pipelines
     spec:
       containers:
-      - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.3
+      - image: gcr.io/ml-pipeline/visualization-server:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
index 863a5df362..8d7a7aba50 100644
--- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
+++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
@@ -81,7 +81,7 @@ spec:
         envFrom:
         - configMapRef:
             name: pipeline-api-server-config-f4t72426kt
-        image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/api-server:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml
index de03c0cc36..da561543e7 100644
--- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml
+++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml
@@ -9,7 +9,6 @@ data:
 kind: ConfigMap
 metadata:
   labels:
-    app: ml-pipeline-ui
     app.kubernetes.io/component: ml-pipeline
     app.kubernetes.io/name: kubeflow-pipelines
   name: ml-pipeline-ui-configmap
diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
similarity index 80%
rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml
rename to tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
index 77f2a65563..8d025b74ed 100644
--- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml
+++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   appName: pipeline
-  appVersion: 1.0.0-rc.3
+  appVersion: 1.0.0
   bucketName: mlpipeline
   cacheDb: cachedb
   dbHost: mysql
@@ -13,5 +13,5 @@ metadata:
   labels:
     app.kubernetes.io/component: ml-pipeline
     app.kubernetes.io/name: kubeflow-pipelines
-  name: pipeline-upstream-install-config-tf9868m7df
+  name: pipeline-upstream-install-config-c958fm776d
   namespace: kubeflow
diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml
new file mode 100644
index 0000000000..9521f5b74d
--- /dev/null
+++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: ml-pipeline
+    app.kubernetes.io/name: kubeflow-pipelines
+  name: kubeflow-pipelines-viewer
+  namespace: kubeflow
diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
index 024c4ccf03..93033cf196 100644
--- a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
+++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_kubeflow-pipelines.yaml
@@ -38,7 +38,7 @@ spec:
     - name: Kubeflow Pipelines
       url: https://github.com/kubeflow/pipelines
     type: Kubeflow Pipelines
-    version: 1.0.0-rc.3
+    version: 1.0.0
   selector:
     matchLabels:
       app.kubernetes.io/application: kubeflow-pipelines
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
index 32a85f9ede..1547499965 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml
@@ -29,7 +29,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/cache-deployer:1.0.0
         imagePullPolicy: Always
         name: main
       restartPolicy: Always
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml
index 5fd78f0642..c27ee52905 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml
@@ -62,7 +62,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/cache-server:1.0.0
         imagePullPolicy: Always
         name: server
         ports:
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml
index fabe9ba0c7..8f2b9070a2 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml
@@ -27,6 +27,6 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/metadata-writer:1.0.0
         name: main
       serviceAccountName: kubeflow-pipelines-metadata-writer
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
index f276ad9eff..3cb05ec925 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml
@@ -26,7 +26,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/persistenceagent:1.0.0
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-persistenceagent
       serviceAccountName: ml-pipeline-persistenceagent
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
index ee24ba2609..608f5aee0a 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml
@@ -26,7 +26,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-scheduledworkflow
       serviceAccountName: ml-pipeline-scheduledworkflow
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
index 1d4c02dfeb..e8dafe45b6 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml
@@ -22,6 +22,8 @@ spec:
     spec:
       containers:
       - env:
+        - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH
+          value: /etc/config/viewer-pod-template.json
         - name: MINIO_NAMESPACE
           valueFrom:
             fieldRef:
@@ -38,7 +40,7 @@ spec:
               name: mlpipeline-minio-artifact
         - name: ALLOW_CUSTOM_VISUALIZATIONS
           value: "true"
-        image: gcr.io/ml-pipeline/frontend:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/frontend:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
@@ -67,4 +69,12 @@ spec:
           initialDelaySeconds: 3
           periodSeconds: 5
           timeoutSeconds: 2
+        volumeMounts:
+        - mountPath: /etc/config
+          name: config-volume
+          readOnly: true
       serviceAccountName: ml-pipeline-ui
+      volumes:
+      - configMap:
+          name: ml-pipeline-ui-configmap
+        name: config-volume
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
index d1b4fbbcf7..a0e2cfa7c5 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml
@@ -28,7 +28,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0
         imagePullPolicy: Always
         name: ml-pipeline-viewer-crd
       serviceAccountName: ml-pipeline-viewer-crd-service-account
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
index 664dc0ff8b..0c01f97c7f 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml
@@ -21,7 +21,7 @@ spec:
         app.kubernetes.io/name: kubeflow-pipelines
     spec:
       containers:
-      - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.3
+      - image: gcr.io/ml-pipeline/visualization-server:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
index 7c2dea8c83..962aba1aa6 100644
--- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
+++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml
@@ -68,7 +68,7 @@ spec:
             secretKeyRef:
               key: secretkey
               name: mlpipeline-minio-artifact
-        image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3
+        image: gcr.io/ml-pipeline/api-server:1.0.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml
new file mode 100644
index 0000000000..461638d1f8
--- /dev/null
+++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+data:
+  viewer-pod-template.json: |-
+    {
+        "spec": {
+            "serviceAccountName": "kubeflow-pipelines-viewer"
+        }
+    }
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: ml-pipeline
+    app.kubernetes.io/name: kubeflow-pipelines
+  name: ml-pipeline-ui-configmap
+  namespace: kubeflow
diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
similarity index 80%
rename from tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml
rename to tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
index 77f2a65563..8d025b74ed 100644
--- a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-tf9868m7df.yaml
+++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-upstream-install-config-c958fm776d.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
   appName: pipeline
-  appVersion: 1.0.0-rc.3
+  appVersion: 1.0.0
   bucketName: mlpipeline
   cacheDb: cachedb
   dbHost: mysql
@@ -13,5 +13,5 @@ metadata:
   labels:
     app.kubernetes.io/component: ml-pipeline
     app.kubernetes.io/name: kubeflow-pipelines
-  name: pipeline-upstream-install-config-tf9868m7df
+  name: pipeline-upstream-install-config-c958fm776d
   namespace: kubeflow
diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml
new file mode 100644
index 0000000000..9521f5b74d
--- /dev/null
+++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-viewer.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: ml-pipeline
+    app.kubernetes.io/name: kubeflow-pipelines
+  name: kubeflow-pipelines-viewer
+  namespace: kubeflow