From 0b4186d4482766ad749b4eba58838358727e5601 Mon Sep 17 00:00:00 2001 From: Future-Outlier Date: Wed, 11 Oct 2023 01:20:37 +0800 Subject: [PATCH] Flyte Add Enable/Disable Options for Agent Services (#4041) * enable agent Signed-off-by: Future Outlier * update flyteagent kustomization Signed-off-by: Future Outlier * add agent-servie key in enabled plugins Signed-off-by: Future Outlier * add flyte agent patch Signed-off-by: Future Outlier * Update helm chart and remove patch Signed-off-by: Future Outlier * add agentService Signed-off-by: Future Outlier * add task timeout Signed-off-by: Future Outlier * make helm Signed-off-by: Future Outlier * update helm README.md Signed-off-by: Future Outlier * checksum Signed-off-by: Future Outlier * update supported task type Signed-off-by: Future Outlier * update key value Signed-off-by: Future Outlier --------- Signed-off-by: Future Outlier Signed-off-by: Future-Outlier Co-authored-by: Future Outlier --- charts/flyte-binary/README.md | 12 +- charts/flyte-binary/values.yaml | 16 +- .../flyte_sandbox_binary_helm_generated.yaml | 12 +- docker/sandbox-bundled/Makefile | 5 + .../bootstrap/cmd/bootstrap/main.go | 14 +- .../complete-agent/kustomization.yaml | 12 + .../manifests/complete-agent.yaml | 1912 +++++++++++++++++ .../sandbox-bundled/manifests/complete.yaml | 16 +- docker/sandbox-bundled/manifests/dev.yaml | 4 +- 9 files changed, 1983 insertions(+), 20 deletions(-) create mode 100644 docker/sandbox-bundled/kustomize/complete-agent/kustomization.yaml create mode 100644 docker/sandbox-bundled/manifests/complete-agent.yaml diff --git a/charts/flyte-binary/README.md b/charts/flyte-binary/README.md index 3ea5cd2f6c..d6d9a3bb6a 100644 --- a/charts/flyte-binary/README.md +++ b/charts/flyte-binary/README.md @@ -21,7 +21,11 @@ Chart for basic single Flyte executable deployment | clusterResourceTemplates.labels | object | `{}` | | | commonAnnotations | object | `{}` | | | commonLabels | object | `{}` | | -| configuration.agentService | object | `{}` | | +| configuration.agentService.defaultAgent.defaultTimeout | string | `"10s"` | | +| configuration.agentService.defaultAgent.endpoint | string | `"dns:///flyteagent.flyte.svc.cluster.local:8000"` | | +| configuration.agentService.defaultAgent.insecure | bool | `true` | | +| configuration.agentService.defaultAgent.timeouts.GetTask | string | `"10s"` | | +| configuration.agentService.supportedTaskTypes[0] | string | `"default_task"` | | | configuration.annotations | object | `{}` | | | configuration.auth.authorizedUris | list | `[]` | | | configuration.auth.clientSecretsExternalSecretRef | string | `""` | | @@ -103,9 +107,9 @@ Chart for basic single Flyte executable deployment | deployment.waitForDB.image.pullPolicy | string | `"IfNotPresent"` | | | deployment.waitForDB.image.repository | string | `"postgres"` | | | deployment.waitForDB.image.tag | string | `"15-alpine"` | | -| enabled_plugins.tasks | object | `{"task-plugins":{"default-for-task-types":{"container":"container","container_array":"k8s-array","sidecar":"sidecar"},"enabled-plugins":["container","sidecar","k8s-array"]}}` | Tasks specific configuration [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#GetConfig) | -| enabled_plugins.tasks.task-plugins | object | `{"default-for-task-types":{"container":"container","container_array":"k8s-array","sidecar":"sidecar"},"enabled-plugins":["container","sidecar","k8s-array"]}` | Plugins configuration, [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#TaskPluginConfig) | -| enabled_plugins.tasks.task-plugins.enabled-plugins | list | `["container","sidecar","k8s-array"]` | [Enabled Plugins](https://pkg.go.dev/github.com/lyft/flyteplugins/go/tasks/config#Config). Enable sagemaker*, athena if you install the backend plugins | +| enabled_plugins.tasks | object | `{"task-plugins":{"default-for-task-types":{"container":"container","container_array":"k8s-array","sidecar":"sidecar"},"enabled-plugins":["container","sidecar","k8s-array","agent-service"]}}` | Tasks specific configuration [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#GetConfig) | +| enabled_plugins.tasks.task-plugins | object | `{"default-for-task-types":{"container":"container","container_array":"k8s-array","sidecar":"sidecar"},"enabled-plugins":["container","sidecar","k8s-array","agent-service"]}` | Plugins configuration, [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#TaskPluginConfig) | +| enabled_plugins.tasks.task-plugins.enabled-plugins | list | `["container","sidecar","k8s-array","agent-service"]` | [Enabled Plugins](https://pkg.go.dev/github.com/lyft/flyteplugins/go/tasks/config#Config). Enable sagemaker*, athena if you install the backend plugins | | flyte-core-components.admin.disableClusterResourceManager | bool | `false` | | | flyte-core-components.admin.disableScheduler | bool | `false` | | | flyte-core-components.admin.disabled | bool | `false` | | diff --git a/charts/flyte-binary/values.yaml b/charts/flyte-binary/values.yaml index 5e555ac890..84ffe00112 100644 --- a/charts/flyte-binary/values.yaml +++ b/charts/flyte-binary/values.yaml @@ -151,11 +151,16 @@ configuration: # tag CoPilot sidecar image tag tag: v1.9.4 # FLYTECOPILOT_TAG # agentService Flyte Agent configuration - agentService: {} + agentService: + defaultAgent: + endpoint: "dns:///flyteagent.flyte.svc.cluster.local:8000" + insecure: true + timeouts: + GetTask: 10s + defaultTimeout: 10s # Uncomment and modify to include configuration for Flyte Agent - # defaultGrpcEndpoint: agent-service.agent-namespace:8000 - # supportedTaskTypes: - # - custom_task_type + supportedTaskTypes: + - default_task # externalConfigMap Specify an existing, external ConfigMap to use as configuration for Flyte # If set, no Flyte configuration will be generated by this chart externalConfigMap: "" @@ -382,8 +387,7 @@ enabled_plugins: - container - sidecar - k8s-array - # -- Uncomment to enable agent service - # - agent-service + - agent-service default-for-task-types: container: container sidecar: sidecar diff --git a/deployment/sandbox-binary/flyte_sandbox_binary_helm_generated.yaml b/deployment/sandbox-binary/flyte_sandbox_binary_helm_generated.yaml index 7c1524af06..bb5e0cd675 100644 --- a/deployment/sandbox-binary/flyte_sandbox_binary_helm_generated.yaml +++ b/deployment/sandbox-binary/flyte_sandbox_binary_helm_generated.yaml @@ -108,6 +108,7 @@ data: - container - sidecar - k8s-array + - agent-service plugins: logs: kubernetes-enabled: false @@ -122,6 +123,15 @@ data: kubernetes-enabled: false cloudwatch-enabled: false stackdriver-enabled: false + agent-service: + defaultAgent: + defaultTimeout: 10s + endpoint: dns:///flyteagent.flyte.svc.cluster.local:8000 + insecure: true + timeouts: + GetTask: 10s + supportedTaskTypes: + - default_task 002-database.yaml: | database: postgres: @@ -357,7 +367,7 @@ spec: app.kubernetes.io/instance: flyte app.kubernetes.io/component: flyte-binary annotations: - checksum/configuration: 528ce4a42638a7810c99802dfd49525967db2a99dbc1019544b7799de2490b61 + checksum/configuration: d220769393e7acbe0372fdccbf3d588797864ec934661f08912e88ec084cdfde checksum/configuration-secret: d5d93f4e67780b21593dc3799f0f6682aab0765e708e4020939975d14d44f929 checksum/cluster-resource-templates: 7dfa59f3d447e9c099b8f8ffad3af466fecbc9cf9f8c97295d9634254a55d4ae spec: diff --git a/docker/sandbox-bundled/Makefile b/docker/sandbox-bundled/Makefile index 709c04caf2..9ae4197673 100644 --- a/docker/sandbox-bundled/Makefile +++ b/docker/sandbox-bundled/Makefile @@ -19,6 +19,7 @@ flyte: manifests: mkdir -p manifests helm dependency update ../../charts/flyte-sandbox + helm dependency update ../../charts/flyteagent kustomize build \ --enable-helm \ --load-restrictor=LoadRestrictionsNone \ @@ -27,6 +28,10 @@ manifests: --enable-helm \ --load-restrictor=LoadRestrictionsNone \ kustomize/dev > manifests/dev.yaml + kustomize build \ + --enable-helm \ + --load-restrictor=LoadRestrictionsNone \ + kustomize/complete-agent > manifests/complete-agent.yaml .PHONY: build build: flyte manifests diff --git a/docker/sandbox-bundled/bootstrap/cmd/bootstrap/main.go b/docker/sandbox-bundled/bootstrap/cmd/bootstrap/main.go index 82bae88151..6afee0e82c 100644 --- a/docker/sandbox-bundled/bootstrap/cmd/bootstrap/main.go +++ b/docker/sandbox-bundled/bootstrap/cmd/bootstrap/main.go @@ -17,13 +17,15 @@ const ( clusterResourceTemplatesConfigMapName = "flyte-sandbox-extra-cluster-resource-templates" deploymentName = "flyte-sandbox" devModeEnvVar = "FLYTE_DEV" + disableAgentModeEnvVar = "DISABLE_AGENT" dockerHost = "host.docker.internal" namespace = "flyte" // Template paths - devTemplatePath = "/var/lib/rancher/k3s/server/manifests-staging/dev.yaml" - fullTemplatePath = "/var/lib/rancher/k3s/server/manifests-staging/complete.yaml" - renderedManifestPath = "/var/lib/rancher/k3s/server/manifests/flyte.yaml" + devTemplatePath = "/var/lib/rancher/k3s/server/manifests-staging/dev.yaml" + fullTemplatePath = "/var/lib/rancher/k3s/server/manifests-staging/complete.yaml" + fullAgentTemplatePath = "/var/lib/rancher/k3s/server/manifests-staging/complete-agent.yaml" + renderedManifestPath = "/var/lib/rancher/k3s/server/manifests/flyte.yaml" ) func main() { @@ -35,7 +37,11 @@ func main() { } else { // If we are not running in dev mode, look for user-specified configuration // to load into the sandbox deployment - tmplPath = fullTemplatePath + tmplPath = fullAgentTemplatePath + if os.Getenv(disableAgentModeEnvVar) == "True" { + tmplPath = fullTemplatePath + } + cOpts := config.LoaderOpts{ ConfigurationConfigMapName: configurationConfigMapName, ClusterResourceTemplatesConfigMapName: clusterResourceTemplatesConfigMapName, diff --git a/docker/sandbox-bundled/kustomize/complete-agent/kustomization.yaml b/docker/sandbox-bundled/kustomize/complete-agent/kustomization.yaml new file mode 100644 index 0000000000..3c6d5c6e5e --- /dev/null +++ b/docker/sandbox-bundled/kustomize/complete-agent/kustomization.yaml @@ -0,0 +1,12 @@ +helmGlobals: + chartHome: ../../../../charts +helmCharts: +- name: flyte-sandbox + releaseName: flyte-sandbox + namespace: flyte +- name: flyteagent + releaseName: flyteagent + namespace: flyte +namespace: flyte +resources: +- ../namespace.yaml diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml new file mode 100644 index 0000000000..b18c5ac84e --- /dev/null +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -0,0 +1,1912 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flyte +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox + namespace: flyte +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: flyte-sandbox-kubernetes-dashboard + namespace: flyte +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + helm.sh/chart: minio-12.1.1 + name: flyte-sandbox-minio + namespace: flyte +secrets: +- name: flyte-sandbox-minio +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyteagent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyteagent + helm.sh/chart: flyteagent-v0.1.10 + name: flyteagent + namespace: flyte +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: flyte-sandbox-kubernetes-dashboard + namespace: flyte +rules: +- apiGroups: + - "" + resourceNames: + - kubernetes-dashboard-key-holder + - kubernetes-dashboard-certs + - kubernetes-dashboard-csrf + resources: + - secrets + verbs: + - get + - update + - delete +- apiGroups: + - "" + resourceNames: + - kubernetes-dashboard-settings + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resourceNames: + - heapster + - dashboard-metrics-scraper + resources: + - services + verbs: + - proxy +- apiGroups: + - "" + resourceNames: + - heapster + - 'http:heapster:' + - 'https:heapster:' + - dashboard-metrics-scraper + - http:dashboard-metrics-scraper + resources: + - services/proxy + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox-cluster-role + namespace: flyte +rules: +- apiGroups: + - "" + resources: + - namespaces + - resourcequotas + - secrets + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - patch + - update +- apiGroups: + - "" + resources: + - podtemplates + verbs: + - get + - list + - watch +- apiGroups: + - flyte.lyft.com + resources: + - flyteworkflows + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - post + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: flyte-sandbox-kubernetes-dashboard-readonly +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - pods + - replicationcontrollers + - replicationcontrollers/scale + - serviceaccounts + - services + - nodes + - persistentvolumeclaims + - persistentvolumes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - bindings + - events + - limitranges + - namespaces/status + - pods/log + - pods/status + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - deployments/scale + - replicasets + - replicasets/scale + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - deployments/scale + - ingresses + - networkpolicies + - replicasets + - replicasets/scale + - replicationcontrollers/scale + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: flyte-sandbox-kubernetes-dashboard + namespace: flyte +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: flyte-sandbox-kubernetes-dashboard +subjects: +- kind: ServiceAccount + name: flyte-sandbox-kubernetes-dashboard + namespace: flyte +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox-cluster-role-binding + namespace: flyte +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flyte-sandbox-cluster-role +subjects: +- kind: ServiceAccount + name: flyte-sandbox + namespace: flyte +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: flyte-sandbox-kubernetes-dashboard-readonly +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flyte-sandbox-kubernetes-dashboard-readonly +subjects: +- kind: ServiceAccount + name: flyte-sandbox-kubernetes-dashboard + namespace: flyte +--- +apiVersion: v1 +data: + namespace.yaml: | + apiVersion: v1 + kind: Namespace + metadata: + name: '{{ namespace }}' +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox-cluster-resource-templates + namespace: flyte +--- +apiVersion: v1 +data: + 000-core.yaml: | + admin: + endpoint: localhost:8089 + insecure: true + catalog-cache: + endpoint: localhost:8081 + insecure: true + type: datacatalog + cluster_resources: + standaloneDeployment: false + templatePath: /etc/flyte/cluster-resource-templates + logger: + show-source: true + level: 6 + propeller: + create-flyteworkflow-crd: true + webhook: + certDir: /var/run/flyte/certs + localCert: true + secretName: flyte-sandbox-webhook-secret + serviceName: flyte-sandbox-webhook + servicePort: 443 + flyte: + admin: + disableClusterResourceManager: false + disableScheduler: false + disabled: false + seedProjects: + - flytesnacks + dataCatalog: + disabled: false + propeller: + disableWebhook: false + disabled: false + 001-plugins.yaml: | + tasks: + task-plugins: + default-for-task-types: + container: container + container_array: k8s-array + sidecar: sidecar + enabled-plugins: + - container + - sidecar + - k8s-array + - agent-service + plugins: + logs: + kubernetes-enabled: true + kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} + cloudwatch-enabled: false + stackdriver-enabled: false + k8s: + co-pilot: + image: "cr.flyte.org/flyteorg/flytecopilot:v1.9.4" + k8s-array: + logs: + config: + kubernetes-enabled: true + kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} + cloudwatch-enabled: false + stackdriver-enabled: false + agent-service: + defaultAgent: + defaultTimeout: 10s + endpoint: dns:///flyteagent.flyte.svc.cluster.local:8000 + insecure: true + timeouts: + GetTask: 10s + supportedTaskTypes: + - default_task + 002-database.yaml: | + database: + postgres: + username: postgres + host: flyte-sandbox-postgresql + port: 5432 + dbname: flyte + options: "sslmode=disable" + 003-storage.yaml: | + propeller: + rawoutput-prefix: s3://my-s3-bucket/data + storage: + type: stow + stow: + kind: s3 + config: + region: us-east-1 + disable_ssl: true + v2_signing: true + endpoint: http://flyte-sandbox-minio.flyte:9000 + auth_type: accesskey + container: my-s3-bucket + 100-inline-config.yaml: | + plugins: + k8s: + default-env-vars: + - FLYTE_AWS_ENDPOINT: http://flyte-sandbox-minio.flyte:9000 + - FLYTE_AWS_ACCESS_KEY_ID: minio + - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage + storage: + signedURL: + stowConfigOverride: + endpoint: http://localhost:30002 + task_resources: + defaults: + cpu: 500m + ephemeralStorage: 0 + gpu: 0 + memory: 1Gi + limits: + cpu: 0 + ephemeralStorage: 0 + gpu: 0 + memory: 0 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox-config + namespace: flyte +--- +apiVersion: v1 +data: + config.yml: |- + health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 + http: + addr: :5000 + debug: + addr: :5001 + prometheus: + enabled: false + path: /metrics + headers: + X-Content-Type-Options: + - nosniff + log: + fields: + service: registry + storage: + cache: + blobdescriptor: inmemory + version: 0.1 +kind: ConfigMap +metadata: + labels: + app: docker-registry + chart: docker-registry-2.2.2 + heritage: Helm + release: flyte-sandbox + name: flyte-sandbox-docker-registry-config + namespace: flyte +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-sandbox-extra-cluster-resource-templates + namespace: flyte +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-sandbox-extra-config + namespace: flyte +--- +apiVersion: v1 +data: + envoy.yaml: | + admin: + access_log_path: /dev/stdout + static_resources: + listeners: + - address: + socket_address: + address: 0.0.0.0 + port_value: 8000 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + codec_type: AUTO + upgrade_configs: + - upgrade_type: websocket + route_config: + name: local_route + virtual_hosts: + - name: backend + domains: + - "*" + routes: + - match: + path: "/" + redirect: + path_redirect: "/console/" + - match: + prefix: "/.well-known" + route: + cluster: flyte + - match: + prefix: "/__webpack_hmr" + route: + cluster: flyte + - match: + prefix: "/api" + route: + cluster: flyte + - match: + prefix: "/callback" + route: + cluster: flyte + - match: + prefix: "/config" + route: + cluster: flyte + - match: + prefix: "/console" + route: + cluster: flyte + - match: + prefix: "/healthcheck" + route: + cluster: flyte + - match: + prefix: "/login" + route: + cluster: flyte + - match: + prefix: "/logout" + route: + cluster: flyte + - match: + prefix: "/me" + route: + cluster: flyte + - match: + prefix: "/oauth2" + route: + cluster: flyte + - match: + prefix: "/v1" + route: + cluster: flyte + - match: + prefix: "/flyteidl.service.AdminService" + route: + cluster: flyte_grpc + - match: + prefix: "/flyteidl.service.AuthMetadataService" + route: + cluster: flyte_grpc + - match: + prefix: "/flyteidl.service.DataProxyService" + route: + cluster: flyte_grpc + - match: + prefix: "/flyteidl.service.IdentityService" + route: + cluster: flyte_grpc + - match: + prefix: "/grpc.health.v1.Health" + route: + cluster: flyte_grpc + - match: + prefix: "/flyteidl.service.SignalService" + route: + cluster: flyte_grpc + - match: + path: "/kubernetes-dashboard" + redirect: + path_redirect: "/kubernetes-dashboard/" + - match: + prefix: "/kubernetes-dashboard/" + route: + cluster: kubernetes-dashboard + prefix_rewrite: / + - match: + path: "/minio" + redirect: + path_redirect: "/minio/" + - match: + prefix: "/minio/" + route: + cluster: minio + prefix_rewrite: / + http_filters: + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: flyte + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: flyte + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: flyte-sandbox-http + port_value: 8088 + - name: flyte_grpc + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + http2_protocol_options: {} + load_assignment: + cluster_name: flyte_grpc + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: flyte-sandbox-grpc + port_value: 8089 + - name: kubernetes-dashboard + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: kubernetes-dashboard + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: flyte-sandbox-kubernetes-dashboard + port_value: 80 + - name: minio + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: minio + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: flyte-sandbox-minio + port_value: 9001 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-sandbox-0.1.0 + name: flyte-sandbox-proxy-config + namespace: flyte +--- +apiVersion: v1 +data: null +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: kubernetes-dashboard-settings + namespace: flyte +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox-config-secret + namespace: flyte +stringData: + 012-database-secrets.yaml: | + database: + postgres: + password: "postgres" + 013-storage-secrets.yaml: | + storage: + stow: + config: + access_key_id: "minio" + secret_key: "miniostorage" +type: Opaque +--- +apiVersion: v1 +data: + haSharedSecret: R2JRWFVRYThnRFVLbHpuSA== + proxyPassword: "" + proxyUsername: "" +kind: Secret +metadata: + labels: + app: docker-registry + chart: docker-registry-2.2.2 + heritage: Helm + release: flyte-sandbox + name: flyte-sandbox-docker-registry-secret + namespace: flyte +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: flyte-sandbox-kubernetes-dashboard-certs + namespace: flyte +type: Opaque +--- +apiVersion: v1 +data: + root-password: bWluaW9zdG9yYWdl + root-user: bWluaW8= +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + helm.sh/chart: minio-12.1.1 + name: flyte-sandbox-minio + namespace: flyte +type: Opaque +--- +apiVersion: v1 +data: + postgres-password: cG9zdGdyZXM= +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-12.1.9 + name: flyte-sandbox-postgresql + namespace: flyte +type: Opaque +--- +apiVersion: v1 +data: + username: User +kind: Secret +metadata: + name: flyteagent + namespace: flyte +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: kubernetes-dashboard-csrf + namespace: flyte +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: kubernetes-dashboard-key-holder + namespace: flyte +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: docker-registry + chart: docker-registry-2.2.2 + heritage: Helm + release: flyte-sandbox + name: flyte-sandbox-docker-registry + namespace: flyte +spec: + ports: + - name: http-5000 + nodePort: 30000 + port: 5000 + protocol: TCP + targetPort: 5000 + selector: + app: docker-registry + release: flyte-sandbox + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox-grpc + namespace: flyte +spec: + ports: + - name: grpc + nodePort: null + port: 8089 + targetPort: grpc + selector: + app.kubernetes.io/component: flyte-binary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox-http + namespace: flyte +spec: + ports: + - name: http + nodePort: null + port: 8088 + targetPort: http + selector: + app.kubernetes.io/component: flyte-binary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kubernetes-dashboard + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + kubernetes.io/cluster-service: "true" + name: flyte-sandbox-kubernetes-dashboard + namespace: flyte +spec: + ports: + - name: http + port: 80 + targetPort: http + selector: + app.kubernetes.io/component: kubernetes-dashboard + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: kubernetes-dashboard + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + helm.sh/chart: minio-12.1.1 + name: flyte-sandbox-minio + namespace: flyte +spec: + externalTrafficPolicy: Cluster + ports: + - name: minio-api + nodePort: 30002 + port: 9000 + targetPort: minio-api + - name: minio-console + port: 9001 + targetPort: minio-console + selector: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: minio + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-12.1.9 + name: flyte-sandbox-postgresql + namespace: flyte +spec: + externalTrafficPolicy: Cluster + ports: + - name: tcp-postgresql + nodePort: 30001 + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: postgresql + sessionAffinity: None + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-12.1.9 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + name: flyte-sandbox-postgresql-hl + namespace: flyte +spec: + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: postgresql + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-sandbox-0.1.0 + name: flyte-sandbox-proxy + namespace: flyte +spec: + ports: + - name: http + nodePort: 30080 + port: 8000 + protocol: TCP + selector: + app.kubernetes.io/component: proxy + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox-webhook + namespace: flyte +spec: + ports: + - name: webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/component: flyte-binary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + projectcontour.io/upstream-protocol.h2c: grpc + labels: + app.kubernetes.io/instance: flyteagent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyteagent + helm.sh/chart: flyteagent-v0.1.10 + name: flyteagent + namespace: flyte +spec: + ports: + - name: agent-grpc + port: 8000 + protocol: TCP + targetPort: agent-grpc + selector: + app.kubernetes.io/instance: flyteagent + app.kubernetes.io/name: flyteagent + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-sandbox-0.1.0 + name: flyte-sandbox-db-storage + namespace: flyte +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi + hostPath: + path: /var/lib/flyte/storage/db + storageClassName: manual +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-sandbox-0.1.0 + name: flyte-sandbox-minio-storage + namespace: flyte +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi + hostPath: + path: /var/lib/flyte/storage/minio + storageClassName: manual +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-sandbox-0.1.0 + name: flyte-sandbox-db-storage + namespace: flyte +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: manual + volumeName: flyte-sandbox-db-storage +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-sandbox-0.1.0 + name: flyte-sandbox-minio-storage + namespace: flyte +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: manual + volumeName: flyte-sandbox-minio-storage +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-binary-v0.1.10 + name: flyte-sandbox + namespace: flyte +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: flyte-binary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/cluster-resource-templates: 6fd9b172465e3089fcc59f738b92b8dc4d8939360c19de8ee65f68b0e7422035 + checksum/configuration: b765a68950c83acd0c069dac2a6569cf2b0f0f76a2760eea3561d1d04d6be831 + checksum/configuration-secret: 09216ffaa3d29e14f88b1f30af580d02a2a5e014de4d750b7f275cc07ed4e914 + labels: + app.kubernetes.io/component: flyte-binary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + spec: + containers: + - args: + - start + - --config + - /etc/flyte/config.d/*.yaml + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: flyte-binary:sandbox + imagePullPolicy: Never + livenessProbe: + httpGet: + path: /healthcheck + port: http + name: flyte + ports: + - containerPort: 8088 + name: http + - containerPort: 8089 + name: grpc + - containerPort: 9443 + name: webhook + readinessProbe: + httpGet: + path: /healthcheck + port: http + volumeMounts: + - mountPath: /etc/flyte/cluster-resource-templates + name: cluster-resource-templates + - mountPath: /etc/flyte/config.d + name: config + - mountPath: /var/run/flyte + name: state + initContainers: + - args: + - | + until pg_isready \ + -h flyte-sandbox-postgresql \ + -p 5432 \ + -U postgres + do + echo waiting for database + sleep 0.1 + done + command: + - sh + - -ec + image: bitnami/postgresql:sandbox + imagePullPolicy: Never + name: wait-for-db + serviceAccountName: flyte-sandbox + volumes: + - name: cluster-resource-templates + projected: + sources: + - configMap: + name: flyte-sandbox-cluster-resource-templates + - configMap: + name: flyte-sandbox-extra-cluster-resource-templates + - name: config + projected: + sources: + - configMap: + name: flyte-sandbox-config + - secret: + name: flyte-sandbox-config-secret + - configMap: + name: flyte-sandbox-extra-config + - emptyDir: {} + name: state +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-sandbox-0.1.0 + name: flyte-sandbox-buildkit + namespace: flyte +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: buildkit + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + template: + metadata: + labels: + app.kubernetes.io/component: buildkit + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + spec: + containers: + - args: + - --addr + - unix:///run/buildkit/buildkitd.sock + - --addr + - tcp://0.0.0.0:30003 + image: moby/buildkit:sandbox + imagePullPolicy: Never + livenessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + name: buildkit + ports: + - containerPort: 30003 + name: tcp + protocol: TCP + readinessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + securityContext: + privileged: true + hostNetwork: true +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: docker-registry + chart: docker-registry-2.2.2 + heritage: Helm + release: flyte-sandbox + name: flyte-sandbox-docker-registry + namespace: flyte +spec: + minReadySeconds: 5 + replicas: 1 + selector: + matchLabels: + app: docker-registry + release: flyte-sandbox + template: + metadata: + annotations: + checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 + checksum/secret: 0ee1553aec7c03152a0a44e7b1a82985795774412a779f7b607a57e59f42c8ef + labels: + app: docker-registry + release: flyte-sandbox + spec: + containers: + - command: + - /bin/registry + - serve + - /etc/docker/registry/config.yml + env: + - name: REGISTRY_HTTP_SECRET + valueFrom: + secretKeyRef: + key: haSharedSecret + name: flyte-sandbox-docker-registry-secret + - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY + value: /var/lib/registry + image: registry:sandbox + imagePullPolicy: Never + livenessProbe: + httpGet: + path: / + port: 5000 + name: docker-registry + ports: + - containerPort: 5000 + readinessProbe: + httpGet: + path: / + port: 5000 + resources: {} + volumeMounts: + - mountPath: /etc/docker/registry + name: flyte-sandbox-docker-registry-config + - mountPath: /var/lib/registry/ + name: data + securityContext: + fsGroup: 1000 + runAsUser: 1000 + volumes: + - configMap: + name: flyte-sandbox-docker-registry-config + name: flyte-sandbox-docker-registry-config + - emptyDir: {} + name: data +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: kubernetes-dashboard + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + name: flyte-sandbox-kubernetes-dashboard + namespace: flyte +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: kubernetes-dashboard + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: kubernetes-dashboard + strategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: null + labels: + app.kubernetes.io/component: kubernetes-dashboard + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kubernetes-dashboard + app.kubernetes.io/version: 2.7.0 + helm.sh/chart: kubernetes-dashboard-6.0.0 + spec: + containers: + - args: + - --namespace=flyte + - --metrics-provider=none + - --enable-insecure-login + - --enable-skip-login + image: kubernetesui/dashboard:sandbox + imagePullPolicy: Never + livenessProbe: + httpGet: + path: / + port: 9090 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 30 + name: kubernetes-dashboard + ports: + - containerPort: 9090 + name: http + protocol: TCP + resources: + limits: + cpu: 2 + memory: 200Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 2001 + runAsUser: 1001 + volumeMounts: + - mountPath: /certs + name: kubernetes-dashboard-certs + - mountPath: /tmp + name: tmp-volume + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: flyte-sandbox-kubernetes-dashboard + volumes: + - name: kubernetes-dashboard-certs + secret: + secretName: flyte-sandbox-kubernetes-dashboard-certs + - emptyDir: {} + name: tmp-volume +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + helm.sh/chart: minio-12.1.1 + name: flyte-sandbox-minio + namespace: flyte +spec: + selector: + matchLabels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + annotations: + checksum/credentials-secret: c199ac45f9d95d97966921c814d6c8b38cbf7416458e19cbe6d001a04c264448 + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + helm.sh/chart: minio-12.1.1 + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: minio + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: BITNAMI_DEBUG + value: "false" + - name: MINIO_SCHEME + value: http + - name: MINIO_FORCE_NEW_KEYS + value: "no" + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + key: root-user + name: flyte-sandbox-minio + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root-password + name: flyte-sandbox-minio + - name: MINIO_DEFAULT_BUCKETS + value: my-s3-bucket + - name: MINIO_BROWSER + value: "on" + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: public + - name: MINIO_CONSOLE_PORT_NUMBER + value: "9001" + - name: MINIO_BROWSER_REDIRECT_URL + value: http://localhost:30080/minio + envFrom: null + image: docker.io/bitnami/minio:sandbox + imagePullPolicy: Never + livenessProbe: + failureThreshold: 5 + httpGet: + path: /minio/health/live + port: minio-api + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + name: minio + ports: + - containerPort: 9000 + name: minio-api + protocol: TCP + - containerPort: 9001 + name: minio-console + protocol: TCP + readinessProbe: + failureThreshold: 5 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + tcpSocket: + port: minio-api + timeoutSeconds: 1 + resources: + limits: {} + requests: {} + securityContext: + runAsNonRoot: true + runAsUser: 1001 + volumeMounts: + - mountPath: /data + name: data + initContainers: + - command: + - /bin/bash + - -ec + - | + chown -R 1001:1001 /data + image: docker.io/bitnami/bitnami-shell:sandbox + imagePullPolicy: Never + name: volume-permissions + resources: + limits: {} + requests: {} + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /data + name: data + securityContext: + fsGroup: 1001 + serviceAccountName: flyte-sandbox-minio + volumes: + - name: data + persistentVolumeClaim: + claimName: flyte-sandbox-minio-storage +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-sandbox + app.kubernetes.io/version: 1.16.0 + helm.sh/chart: flyte-sandbox-0.1.0 + name: flyte-sandbox-proxy + namespace: flyte +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: proxy + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + template: + metadata: + labels: + app.kubernetes.io/component: proxy + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: flyte-sandbox + spec: + containers: + - image: envoyproxy/envoy:sandbox + imagePullPolicy: Never + name: proxy + ports: + - containerPort: 8000 + name: http + volumeMounts: + - mountPath: /etc/envoy + name: config + volumes: + - configMap: + name: flyte-sandbox-proxy-config + name: config +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flyteagent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyteagent + helm.sh/chart: flyteagent-v0.1.10 + name: flyteagent + namespace: flyte +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: flyteagent + app.kubernetes.io/name: flyteagent + template: + metadata: + annotations: null + labels: + app.kubernetes.io/instance: flyteagent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyteagent + helm.sh/chart: flyteagent-v0.1.10 + spec: + containers: + - command: + - pyflyte + - serve + image: ghcr.io/flyteorg/flyteagent:1.9.1 + imagePullPolicy: IfNotPresent + name: flyteagent + ports: + - containerPort: 8000 + name: agent-grpc + resources: + limits: + cpu: 500m + ephemeral-storage: 200Mi + memory: 200Mi + requests: + cpu: 500m + ephemeral-storage: 200Mi + memory: 200Mi + volumeMounts: + - mountPath: /etc/secrets + name: flyteagent + serviceAccountName: flyteagent + volumes: + - name: flyteagent + secret: + secretName: flyteagent +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-12.1.9 + name: flyte-sandbox-postgresql + namespace: flyte +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: postgresql + serviceName: flyte-sandbox-postgresql-hl + template: + metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-12.1.9 + name: flyte-sandbox-postgresql + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: flyte-sandbox + app.kubernetes.io/name: postgresql + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: flyte-sandbox-postgresql + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + - name: POSTGRESQL_ENABLE_TLS + value: "no" + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: docker.io/bitnami/postgresql:sandbox + imagePullPolicy: Never + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1001 + volumeMounts: + - mountPath: /bitnami/postgresql + name: data + hostIPC: false + hostNetwork: false + initContainers: + - command: + - /bin/sh + - -ec + - | + chown 1001:1001 /bitnami/postgresql + mkdir -p /bitnami/postgresql/data + chmod 700 /bitnami/postgresql/data + find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \ + xargs -r chown -R 1001:1001 + image: docker.io/bitnami/bitnami-shell:sandbox + imagePullPolicy: Never + name: init-chmod-data + resources: + limits: {} + requests: {} + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /bitnami/postgresql + name: data + securityContext: + fsGroup: 1001 + serviceAccountName: default + volumes: + - name: data + persistentVolumeClaim: + claimName: flyte-sandbox-db-storage + updateStrategy: + rollingUpdate: {} + type: RollingUpdate diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 175e7aece8..d7f6e8b0cc 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -448,6 +448,7 @@ data: - container - sidecar - k8s-array + - agent-service plugins: logs: kubernetes-enabled: true @@ -464,6 +465,15 @@ data: kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} cloudwatch-enabled: false stackdriver-enabled: false + agent-service: + defaultAgent: + defaultTimeout: 10s + endpoint: dns:///flyteagent.flyte.svc.cluster.local:8000 + insecure: true + timeouts: + GetTask: 10s + supportedTaskTypes: + - default_task 002-database.yaml: | database: postgres: @@ -795,7 +805,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: bzd6QlVrSG9ya1c0MUxBWg== + haSharedSecret: d1l6eWRCOXBJcFhiNEo5QQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1193,7 +1203,7 @@ spec: metadata: annotations: checksum/cluster-resource-templates: 6fd9b172465e3089fcc59f738b92b8dc4d8939360c19de8ee65f68b0e7422035 - checksum/configuration: 91f9c46efb44022473a71c6c25bc6ef20190610644a48f81a9c0e1ae01c2a73d + checksum/configuration: b765a68950c83acd0c069dac2a6569cf2b0f0f76a2760eea3561d1d04d6be831 checksum/configuration-secret: 09216ffaa3d29e14f88b1f30af580d02a2a5e014de4d750b7f275cc07ed4e914 labels: app.kubernetes.io/component: flyte-binary @@ -1356,7 +1366,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: c60195b739184d9ad0f4dd231ec9b2bdbedcbc835c4651806c1fa32d29279994 + checksum/secret: 2f5b6d46fd3276b5b25c8a537298beb6943b13b0b21900db8b2da23e166f0593 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index 164a867eb7..4f3f0592e8 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: S3hhYmcwb1E0enNmZXpHQw== + haSharedSecret: UkFsUVRMRndZeTNJUVNFSA== proxyPassword: "" proxyUsername: "" kind: Secret @@ -933,7 +933,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 32e8e4864e56d8e05e03763b1e04dc6c1821c30c5079087b39a02c1348560d34 + checksum/secret: 25a046ef1aaf34ffb59f7b92554e1cfd0015b9a11f7f165ce06bba31e3bced1b labels: app: docker-registry release: flyte-sandbox