From 4e0eed69f4d914b264a3b709ecfeae52fd3d5736 Mon Sep 17 00:00:00 2001 From: Haytham Abuelfutuh Date: Mon, 15 Mar 2021 13:14:58 -0700 Subject: [PATCH] Update EKS Ingress and Instructions (#825) * Update EKS Ingress and Instructions Signed-off-by: Haytham Abuelfutuh * Move alb ingress to addons Signed-off-by: Haytham Abuelfutuh * Update k8s version used in KinD Signed-off-by: Haytham Abuelfutuh * delete unused file Signed-off-by: Haytham Abuelfutuh * PR Comments Signed-off-by: Haytham Abuelfutuh * comments Signed-off-by: Haytham Abuelfutuh --- .github/workflows/tests.yml | 32 +-- deployment/eks/flyte_generated.yaml | 167 ++++++++++++++-- deployment/gcp/flyte_generated.yaml | 150 ++++++++++++-- deployment/sandbox/flyte_generated.yaml | 159 ++++++++++++--- deployment/test/flyte_generated.yaml | 49 +---- kustomize/base/addons/alb_ingress/README.md | 1 - .../base/addons/alb_ingress/ingress.yaml | 47 ----- kustomize/base/addons/storage/storage.yaml | 53 ++--- kustomize/base/ingress/ingress.yaml | 185 ++++++++++++++---- kustomize/base/ingress/kustomization.yaml | 5 +- .../headless/kustomization.yaml | 101 +++++----- .../overlays/eks/flyte/ingress/README.md | 5 + .../overlays/eks/flyte/ingress/ingress.yaml | 137 ++++++++++++- .../eks/flyte/ingress/ingress_grpc.yaml | 31 +++ .../eks/flyte/ingress/kustomization.yaml | 6 + .../overlays/eks/flyte/kustomization.yaml | 90 ++++----- kustomize/overlays/eks/kustomization.yaml | 2 - kustomize/overlays/gcp/kustomization.yaml | 1 + kustomize/overlays/sandbox/kustomization.yaml | 1 + 19 files changed, 892 insertions(+), 330 deletions(-) delete mode 100644 kustomize/base/addons/alb_ingress/README.md delete mode 100644 kustomize/base/addons/alb_ingress/ingress.yaml create mode 100644 kustomize/overlays/eks/flyte/ingress/README.md create mode 100644 kustomize/overlays/eks/flyte/ingress/ingress_grpc.yaml create mode 100644 kustomize/overlays/eks/flyte/ingress/kustomization.yaml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b11d184b82..6c690be8be 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -2,23 +2,25 @@ name: tests on: push: branches: - - master + - master pull_request: jobs: end-to-end: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - name: Kustomize and diff - run: DELTA_CHECK=true make kustomize - - uses: engineerd/setup-kind@v0.5.0 - - name: End2End - env: - DOCKER_USERNAME: ${{ github.actor }} - DOCKER_PASSWORD: "${{ secrets.GITHUB_TOKEN }}" - run: | - kubectl cluster-info - kubectl get pods -n kube-system - echo "current-context:" $(kubectl config current-context) - echo "environment-kubeconfig:" ${KUBECONFIG} - make end2end_execute + - uses: actions/checkout@v1 + - name: Kustomize and diff + run: DELTA_CHECK=true make kustomize + - uses: engineerd/setup-kind@v0.5.0 + with: + version: "v0.10.0" + - name: End2End + env: + DOCKER_USERNAME: ${{ github.actor }} + DOCKER_PASSWORD: "${{ secrets.GITHUB_TOKEN }}" + run: | + kubectl cluster-info + kubectl get pods -n kube-system + echo "current-context:" $(kubectl config current-context) + echo "environment-kubeconfig:" ${KUBECONFIG} + make end2end_execute diff --git a/deployment/eks/flyte_generated.yaml b/deployment/eks/flyte_generated.yaml index 74d29367ae..da4a775757 100644 --- a/deployment/eks/flyte_generated.yaml +++ b/deployment/eks/flyte_generated.yaml @@ -9017,14 +9017,19 @@ spec: restartPolicy: Never serviceAccountName: sparkoperator --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 + alb.ingress.kubernetes.io/group.name: flytesystem + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production kubernetes.io/ingress.class: alb - nginx.ingress.kubernetes.io/ssl-redirect: "false" + labels: + app: flyteadmin name: flytesystem namespace: flyte spec: @@ -9032,30 +9037,150 @@ spec: - http: paths: - backend: - serviceName: flyteconsole - servicePort: 80 + service: + name: ssl-redirect + port: + name: use-annotation + path: /* + pathType: ImplementationSpecific + - backend: + service: + name: flyteconsole + port: + number: 80 path: /console + pathType: ImplementationSpecific - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr + service: + name: flyteconsole + port: + number: 80 + path: /console/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 - path: /api + service: + name: flyteadmin + port: + number: 80 + path: /api/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /healthcheck + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /v1/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /openapi/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /.well-known/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 + service: + name: flyteadmin + port: + number: 80 + path: /login/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService + service: + name: flyteadmin + port: + number: 80 + path: /logout + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /me + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config/* + pathType: ImplementationSpecific +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 + alb.ingress.kubernetes.io/group.name: flytesystem + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/tags: service_instance=production + kubernetes.io/ingress.class: alb + nginx.ingress.kubernetes.io/ssl-redirect: "false" + labels: + app: flyteadmin + name: flytesystem-grpc + namespace: flyte +spec: + rules: + - http: + paths: - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi + service: + name: flyteadmin + port: + number: 81 + path: /flyteidl.service.AdminService/* + pathType: ImplementationSpecific diff --git a/deployment/gcp/flyte_generated.yaml b/deployment/gcp/flyte_generated.yaml index 0d9529e1ba..20b741c4a0 100644 --- a/deployment/gcp/flyte_generated.yaml +++ b/deployment/gcp/flyte_generated.yaml @@ -9049,7 +9049,7 @@ spec: restartPolicy: Never serviceAccountName: sparkoperator --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -9061,30 +9061,142 @@ spec: - http: paths: - backend: - serviceName: flyteconsole - servicePort: 80 + service: + name: flyteconsole + port: + number: 80 + path: /__webpack_hmr + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 81 + path: /flyteidl.service.AdminService + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 87 + path: /openapi + pathType: ImplementationSpecific + - backend: + service: + name: flyteconsole + port: + number: 80 path: /console + pathType: ImplementationSpecific - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr + service: + name: flyteconsole + port: + number: 80 + path: /console/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /api + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /api/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /healthcheck + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 + service: + name: flyteadmin + port: + number: 80 + path: /v1/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService + service: + name: flyteadmin + port: + number: 80 + path: /openapi/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi + service: + name: flyteadmin + port: + number: 80 + path: /.well-known/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /me + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config/* + pathType: ImplementationSpecific diff --git a/deployment/sandbox/flyte_generated.yaml b/deployment/sandbox/flyte_generated.yaml index 1a40a7ac5a..736454efa8 100644 --- a/deployment/sandbox/flyte_generated.yaml +++ b/deployment/sandbox/flyte_generated.yaml @@ -3401,7 +3401,7 @@ spec: serviceAccountName: contour-certgen ttlSecondsAfterFinished: 0 --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -3413,35 +3413,147 @@ spec: - http: paths: - backend: - serviceName: flyteconsole - servicePort: 80 + service: + name: flyteconsole + port: + number: 80 + path: /__webpack_hmr + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 81 + path: /flyteidl.service.AdminService + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 87 + path: /openapi + pathType: ImplementationSpecific + - backend: + service: + name: flyteconsole + port: + number: 80 path: /console + pathType: ImplementationSpecific - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr + service: + name: flyteconsole + port: + number: 80 + path: /console/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /api + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /api/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /healthcheck + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 + service: + name: flyteadmin + port: + number: 80 + path: /v1/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService + service: + name: flyteadmin + port: + number: 80 + path: /openapi/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi + service: + name: flyteadmin + port: + number: 80 + path: /.well-known/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /me + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config/* + pathType: ImplementationSpecific --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -3453,6 +3565,9 @@ spec: - http: paths: - backend: - serviceName: minio - servicePort: 9000 + service: + name: minio + port: + number: 9000 path: /minio + pathType: ImplementationSpecific diff --git a/deployment/test/flyte_generated.yaml b/deployment/test/flyte_generated.yaml index 067d8df2de..0efb4347d3 100644 --- a/deployment/test/flyte_generated.yaml +++ b/deployment/test/flyte_generated.yaml @@ -814,47 +814,7 @@ spec: - emptyDir: {} name: postgres-storage --- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "false" - name: flytesystem - namespace: flyte -spec: - rules: - - http: - paths: - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /console - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /api - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /healthcheck - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 - - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService - - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi ---- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -866,6 +826,9 @@ spec: - http: paths: - backend: - serviceName: minio - servicePort: 9000 + service: + name: minio + port: + number: 9000 path: /minio + pathType: ImplementationSpecific diff --git a/kustomize/base/addons/alb_ingress/README.md b/kustomize/base/addons/alb_ingress/README.md deleted file mode 100644 index 4d6403e0fe..0000000000 --- a/kustomize/base/addons/alb_ingress/README.md +++ /dev/null @@ -1 +0,0 @@ -# :construction: Instructions to deploy ALB Ingress controller diff --git a/kustomize/base/addons/alb_ingress/ingress.yaml b/kustomize/base/addons/alb_ingress/ingress.yaml deleted file mode 100644 index 69ed75f223..0000000000 --- a/kustomize/base/addons/alb_ingress/ingress.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: "flytesystem" - namespace: "flyte" - annotations: - # TODO ALB can only be used for REST non grpc endpoints - kubernetes.io/ingress.class: alb - alb.ingress.kubernetes.io/tags: service_instance=production - alb.ingress.kubernetes.io/scheme: internet-facing - labels: - app: flyteadmin -spec: - rules: - - http: - paths: - - path: /console - backend: - serviceName: flyteconsole - servicePort: 80 - - path: /console/* - backend: - serviceName: flyteconsole - servicePort: 80 - - path: /api/* - backend: - serviceName: flyteadmin - servicePort: 80 - - path: /healthcheck - backend: - serviceName: flyteadmin - servicePort: 80 - - path: /v1/* - backend: - serviceName: flyteadmin - servicePort: 80 - # NOTE: Port 81 in flyteadmin is the GRPC server port for - # FlyteAdmin. - - path: /flyteidl.service.AdminService/* - backend: - serviceName: flyteadmin - servicePort: 81 - # Port 87 in FlyteAdmin maps to the redoc container. - - path: /openapi/* - backend: - serviceName: flyteadmin - servicePort: 87 diff --git a/kustomize/base/addons/storage/storage.yaml b/kustomize/base/addons/storage/storage.yaml index 2f72d3c9a6..b14b37be81 100644 --- a/kustomize/base/addons/storage/storage.yaml +++ b/kustomize/base/addons/storage/storage.yaml @@ -14,25 +14,25 @@ spec: app: minio spec: volumes: - - name: minio-storage - emptyDir: {} + - name: minio-storage + emptyDir: {} containers: - - image: "minio/minio:RELEASE.2020-12-16T05-05-17Z" - name: minio - env: - - name: MINIO_ACCESS_KEY - value: minio - - name: MINIO_SECRET_KEY - value: miniostorage - args: - - server - - /data - ports: - - containerPort: 9000 + - image: "minio/minio:RELEASE.2020-12-16T05-05-17Z" name: minio - volumeMounts: - - name: minio-storage - mountPath: /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: miniostorage + args: + - server + - /data + ports: + - containerPort: 9000 + name: minio + volumeMounts: + - name: minio-storage + mountPath: /data --- apiVersion: v1 kind: Service @@ -42,11 +42,11 @@ metadata: spec: externalName: minio ports: - - port: 9000 + - port: 9000 selector: app: minio --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: minio @@ -55,9 +55,12 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - - http: - paths: - - path: /minio - backend: - serviceName: minio - servicePort: 9000 + - http: + paths: + - path: /minio + pathType: ImplementationSpecific + backend: + service: + name: minio + port: + number: 9000 diff --git a/kustomize/base/ingress/ingress.yaml b/kustomize/base/ingress/ingress.yaml index 431cbede0a..041421259f 100644 --- a/kustomize/base/ingress/ingress.yaml +++ b/kustomize/base/ingress/ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: flytesystem @@ -7,38 +7,151 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - - http: - paths: - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console - backend: - serviceName: flyteconsole - servicePort: 80 - # This is useful only for sandbox mode and should be templatized/removed in non-sandbox environments - - path: /__webpack_hmr - backend: - serviceName: flyteconsole - servicePort: 80 - - path: /api - backend: - serviceName: flyteadmin - servicePort: 80 - - path: /healthcheck - backend: - serviceName: flyteadmin - servicePort: 80 - - path: /v1 - backend: - serviceName: flyteadmin - servicePort: 80 - # NOTE: Port 81 in flyteadmin is the GRPC server port for - # FlyteAdmin. - - path: /flyteidl.service.AdminService - backend: - serviceName: flyteadmin - servicePort: 81 - # Port 87 in FlyteAdmin maps to the redoc container. - - path: /openapi - backend: - serviceName: flyteadmin - servicePort: 87 + - http: + paths: + # This is useful only for sandbox mode and should be templatized/removed in non-sandbox environments + - path: /__webpack_hmr + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + # NOTE: Port 81 in flyteadmin is the GRPC server port for + # FlyteAdmin. + - path: /flyteidl.service.AdminService + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 81 + # Port 87 in FlyteAdmin maps to the redoc container. + - path: /openapi + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 87 + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /console/* + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /api + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /api/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /healthcheck + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /v1/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + # Port 87 in FlyteAdmin maps to the redoc container. + - path: /openapi/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /.well-known/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /me + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 diff --git a/kustomize/base/ingress/kustomization.yaml b/kustomize/base/ingress/kustomization.yaml index 36e8c40ae5..14d8f3a54f 100644 --- a/kustomize/base/ingress/kustomization.yaml +++ b/kustomize/base/ingress/kustomization.yaml @@ -1,2 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: -- ingress.yaml + - ingress.yaml diff --git a/kustomize/base/single_cluster/headless/kustomization.yaml b/kustomize/base/single_cluster/headless/kustomization.yaml index 4373a33e41..c63c457102 100644 --- a/kustomize/base/single_cluster/headless/kustomization.yaml +++ b/kustomize/base/single_cluster/headless/kustomization.yaml @@ -3,62 +3,61 @@ kind: Kustomization # All the resources that make up the deployment resources: -# global resources -- ../../namespace -- ../../ingress -- ../../admindeployment -- ../../datacatalog -- ../../wf_crd -- ../../propeller -- ../../adminserviceaccount + # global resources + - ../../namespace + - ../../admindeployment + - ../../datacatalog + - ../../wf_crd + - ../../propeller + - ../../adminserviceaccount configMapGenerator: -# the main admin configmap -- name: flyte-admin-config - files: - - ./config/admin/server.yaml - - ./config/admin/domain.yaml - - ./config/admin/db.yaml - - ./config/admin/cluster_resources.yaml - - ./config/admin/remote_data.yaml - - ./config/admin/task_resource_defaults.yaml - - ./config/common/storage.yaml - - ./config/common/logger.yaml + # the main admin configmap + - name: flyte-admin-config + files: + - ./config/admin/server.yaml + - ./config/admin/domain.yaml + - ./config/admin/db.yaml + - ./config/admin/cluster_resources.yaml + - ./config/admin/remote_data.yaml + - ./config/admin/task_resource_defaults.yaml + - ./config/common/storage.yaml + - ./config/common/logger.yaml -# cluster resource templates -- name: clusterresource-template - files: -# Files are read in alphabetical order. To ensure that we create the namespace first, prefix the file name with "aa". - - ./config/clusterresource-templates/aa_namespace.yaml - - ./config/clusterresource-templates/ab_project-resource-quota.yaml - - ./config/clusterresource-templates/ac_project-copilot-dataconfig.yaml + # cluster resource templates + - name: clusterresource-template + files: + # Files are read in alphabetical order. To ensure that we create the namespace first, prefix the file name with "aa". + - ./config/clusterresource-templates/aa_namespace.yaml + - ./config/clusterresource-templates/ab_project-resource-quota.yaml + - ./config/clusterresource-templates/ac_project-copilot-dataconfig.yaml -# Flyte Propeller Configuration -- name: flyte-propeller-config - files: - - ./config/propeller/core.yaml - - ./config/propeller/admin.yaml - - ./config/propeller/catalog.yaml - - ./config/propeller/resource_manager.yaml - - ./config/propeller/enabled_plugins.yaml - - ./config/propeller/plugins/copilot.yaml - - ./config/propeller/plugins/k8s.yaml - - ./config/common/storage.yaml - - ./config/common/logger.yaml + # Flyte Propeller Configuration + - name: flyte-propeller-config + files: + - ./config/propeller/core.yaml + - ./config/propeller/admin.yaml + - ./config/propeller/catalog.yaml + - ./config/propeller/resource_manager.yaml + - ./config/propeller/enabled_plugins.yaml + - ./config/propeller/plugins/copilot.yaml + - ./config/propeller/plugins/k8s.yaml + - ./config/common/storage.yaml + - ./config/common/logger.yaml -# TODO Flyte Console Configuration -#- name: flyte-console-config -# files: -# - ./config/console.yaml + # TODO Flyte Console Configuration + #- name: flyte-console-config + # files: + # - ./config/console.yaml -- name: datacatalog-config - files: - - ./config/datacatalog/server.yaml - - ./config/datacatalog/db.yaml - - ./config/common/storage.yaml - - ./config/common/logger.yaml + - name: datacatalog-config + files: + - ./config/datacatalog/server.yaml + - ./config/datacatalog/db.yaml + - ./config/common/storage.yaml + - ./config/common/logger.yaml secretGenerator: -- name: db-pass - literals: - - pass.txt="awesomesauce" + - name: db-pass + literals: + - pass.txt="awesomesauce" diff --git a/kustomize/overlays/eks/flyte/ingress/README.md b/kustomize/overlays/eks/flyte/ingress/README.md new file mode 100644 index 0000000000..28fa058659 --- /dev/null +++ b/kustomize/overlays/eks/flyte/ingress/README.md @@ -0,0 +1,5 @@ +# :construction: Instructions to deploy ALB Ingress controller + +Follow instructions here to install ALB Ingress Controller: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html + +Replace `alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6` in ingress.yaml and ingress_grpc.yaml with your own SSL cert (that you will create by following ALB Instructions above) diff --git a/kustomize/overlays/eks/flyte/ingress/ingress.yaml b/kustomize/overlays/eks/flyte/ingress/ingress.yaml index e6d36dfa8f..d88fb9b52e 100644 --- a/kustomize/overlays/eks/flyte/ingress/ingress.yaml +++ b/kustomize/overlays/eks/flyte/ingress/ingress.yaml @@ -1,10 +1,143 @@ -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: flytesystem namespace: flyte annotations: - # TODO ALB can only be used for REST non grpc endpoints kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + + # Instruct ALB Controller to not create multiple load balancers (and hence maintain a single endpoint for both GRPC and Http) + alb.ingress.kubernetes.io/group.name: flytesystem + + # Replace certificate Arn with one deployed to your EKS cluster. Follow instructions in README.md + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 + labels: + app: flyteadmin +spec: + rules: + - http: + paths: + - path: /* + pathType: ImplementationSpecific + backend: + service: + name: ssl-redirect + port: + name: use-annotation + - path: /console + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /console/* + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /api/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /healthcheck + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /v1/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + # Port 87 in FlyteAdmin maps to the redoc container. + - path: /openapi/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /.well-known/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /me + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 diff --git a/kustomize/overlays/eks/flyte/ingress/ingress_grpc.yaml b/kustomize/overlays/eks/flyte/ingress/ingress_grpc.yaml new file mode 100644 index 0000000000..f7ea333fb8 --- /dev/null +++ b/kustomize/overlays/eks/flyte/ingress/ingress_grpc.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/tags: service_instance=production + kubernetes.io/ingress.class: alb + nginx.ingress.kubernetes.io/ssl-redirect: "false" + alb.ingress.kubernetes.io/group.name: flytesystem + + # Replace certificate Arn with one deployed to your EKS cluster. Follow instructions in README.md + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 + labels: + app: flyteadmin + name: flytesystem-grpc + namespace: flyte +spec: + rules: + - http: + paths: + - backend: + service: + name: flyteadmin + port: + number: 81 + path: /flyteidl.service.AdminService/* + pathType: ImplementationSpecific diff --git a/kustomize/overlays/eks/flyte/ingress/kustomization.yaml b/kustomize/overlays/eks/flyte/ingress/kustomization.yaml new file mode 100644 index 0000000000..2cb8f8d97a --- /dev/null +++ b/kustomize/overlays/eks/flyte/ingress/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ingress.yaml + - ingress_grpc.yaml diff --git a/kustomize/overlays/eks/flyte/kustomization.yaml b/kustomize/overlays/eks/flyte/kustomization.yaml index b5e9e0173f..0da9ffcee5 100644 --- a/kustomize/overlays/eks/flyte/kustomization.yaml +++ b/kustomize/overlays/eks/flyte/kustomization.yaml @@ -5,60 +5,60 @@ kind: Kustomization namespace: flyte bases: -- ../../../base/single_cluster/complete + - ../../../base/single_cluster/complete + - ingress resources: -- datacatalog/service.yaml -- propeller/service.yaml + - datacatalog/service.yaml + - propeller/service.yaml patchesStrategicMerge: -- admin/deployment.yaml -- admin/service.yaml -- admin/serviceaccount.yaml -- datacatalog/deployment.yaml -- propeller/deployment.yaml -- propeller/serviceaccount.yaml -- ingress/ingress.yaml -- console/service.yaml + - admin/deployment.yaml + - admin/service.yaml + - admin/serviceaccount.yaml + - datacatalog/deployment.yaml + - propeller/deployment.yaml + - propeller/serviceaccount.yaml + - console/service.yaml # Files are read in alphabetical order. To ensure that we create the namespace first, prefix the file name with "aa". configMapGenerator: -- behavior: merge - files: - - ./config/admin/db.yaml - - ./config/admin/remote_data.yaml - - ./config/admin/task_resource_defaults.yaml - - ./config/common/storage.yaml - name: flyte-admin-config -- behavior: merge - files: - - ./config/clusterresource-templates/ac_project-copilot-dataconfig.yaml - - ./config/clusterresource-templates/ad_spark-role.yaml - - ./config/clusterresource-templates/ae_spark-service-account.yaml - - ./config/clusterresource-templates/af_spark-role-binding.yaml - name: clusterresource-template -- behavior: merge - files: - - ./config/propeller/core.yaml - - ./config/propeller/enabled_plugins.yaml - - ./config/propeller/plugins/catalog_cache.yaml - - ./config/propeller/plugins/k8s.yaml - - ./config/propeller/plugins/qubole.yaml - - ./config/propeller/plugins/spark.yaml - - ./config/propeller/plugins/task_logs.yaml - - ./config/common/storage.yaml - name: flyte-propeller-config -- behavior: merge - files: - - ./config/common/storage.yaml - - ./config/datacatalog/db.yaml - name: datacatalog-config + - behavior: merge + files: + - ./config/admin/db.yaml + - ./config/admin/remote_data.yaml + - ./config/admin/task_resource_defaults.yaml + - ./config/common/storage.yaml + name: flyte-admin-config + - behavior: merge + files: + - ./config/clusterresource-templates/ac_project-copilot-dataconfig.yaml + - ./config/clusterresource-templates/ad_spark-role.yaml + - ./config/clusterresource-templates/ae_spark-service-account.yaml + - ./config/clusterresource-templates/af_spark-role-binding.yaml + name: clusterresource-template + - behavior: merge + files: + - ./config/propeller/core.yaml + - ./config/propeller/enabled_plugins.yaml + - ./config/propeller/plugins/catalog_cache.yaml + - ./config/propeller/plugins/k8s.yaml + - ./config/propeller/plugins/qubole.yaml + - ./config/propeller/plugins/spark.yaml + - ./config/propeller/plugins/task_logs.yaml + - ./config/common/storage.yaml + name: flyte-propeller-config + - behavior: merge + files: + - ./config/common/storage.yaml + - ./config/datacatalog/db.yaml + name: datacatalog-config ########### # Use this to record the password for the Google CloudSQL Database secretGenerator: -- name: db-pass - behavior: merge - literals: - - pass.txt="yourpassword" + - name: db-pass + behavior: merge + literals: + - pass.txt="yourpassword" diff --git a/kustomize/overlays/eks/kustomization.yaml b/kustomize/overlays/eks/kustomization.yaml index d9ddc376c7..a0b5600f02 100644 --- a/kustomize/overlays/eks/kustomization.yaml +++ b/kustomize/overlays/eks/kustomization.yaml @@ -14,8 +14,6 @@ bases: # Add node ports for ease of use locally - ../../base/operators/spark - ../../base/operators/kfoperators/pytorch - # TODO Fix deployment of alb_ingress controller - #- ../../base/addons/alb_ingress # Optional dependency - ../../base/addons/redis diff --git a/kustomize/overlays/gcp/kustomization.yaml b/kustomize/overlays/gcp/kustomization.yaml index 9ac428bf1d..abdaad34af 100644 --- a/kustomize/overlays/gcp/kustomization.yaml +++ b/kustomize/overlays/gcp/kustomization.yaml @@ -12,6 +12,7 @@ bases: # This is used for Resource pooling. On cloud you can use hosted redis (e.g. AWS elasticache) # Contour is used to create ingress. On cloud service use the default provided ingress controllers or cloud LB's # Add node ports for ease of use locally + - ../../base/ingress - ../../base/operators/spark - ../../base/operators/kfoperators/pytorch - ../../base/addons/cloudsqlproxy diff --git a/kustomize/overlays/sandbox/kustomization.yaml b/kustomize/overlays/sandbox/kustomization.yaml index c23d6a70e1..5316bcdcd8 100644 --- a/kustomize/overlays/sandbox/kustomization.yaml +++ b/kustomize/overlays/sandbox/kustomization.yaml @@ -12,6 +12,7 @@ bases: # This is used for Resource pooling. On cloud you can use hosted redis (e.g. AWS elasticache) # Contour is used to create ingress. On cloud service use the default provided ingress controllers or cloud LB's # Add node ports for ease of use locally + - ../../base/ingress - ../../base/addons/database - ../../base/addons/kubernetes_dashboard - ../../base/addons/storage