Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
Signed-off-by: [email protected] <[email protected]>
Signed-off-by: Yini <[email protected]>
  • Loading branch information
[email protected] authored and yini7777 committed Mar 18, 2024
1 parent 3619926 commit 1de6d0d
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 9 deletions.
3 changes: 2 additions & 1 deletion charts/flyte-core/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -273,7 +273,8 @@ helm install gateway bitnami/contour -n flyte
| flytescheduler.tolerations | list | `[]` | tolerations for Flytescheduler deployment |
| secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | |
| secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | |
| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. If enabled is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server |
| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will mount `flyte-secret-auth`. If enabled is false, helm will not mount `flyte-secret-auth` |
| secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server |
| sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator |
| sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation |
| sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -298,10 +298,13 @@ deployRedoc: false

secrets:
adminOauthClientCredentials:
# -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`.
# If enabled is false, it's up to the user to create `flyte-secret-auth` as described in
# If enabled is true, helm will mount `flyte-secret-auth`.
# If enabled is false, helm will not mount `flyte-secret-auth`.
# If create is true, helm will create the `flyte-secret-auth`.
# If create is false, it's up to the user to create `flyte-secret-auth` as described in
# https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server
enabled: true
create: true
clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP
clientId: "flytepropeller" #use this client id and secret in the flytectl config with ClientSecret option

Expand Down
4 changes: 2 additions & 2 deletions charts/flyte-core/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -430,8 +430,8 @@ deployRedoc: false

secrets:
adminOauthClientCredentials:
# -- If enabled is true, helm will populate `flyte-secret-auth` with `clientSecret`.
# If enabled is false, helm will not populate `flyte-secret-auth`.
# If enabled is true, helm will mount `flyte-secret-auth`.
# If enabled is false, helm will not mount `flyte-secret-auth`.
# If create is true, helm will create the `flyte-secret-auth`.
# If create is false, it's up to the user to create `flyte-secret-auth` as described in
# https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server
Expand Down
15 changes: 11 additions & 4 deletions docs/deployment/configuration/auth_setup.rst
Original file line number Diff line number Diff line change
Expand Up @@ -345,9 +345,13 @@ Apply OIDC Configuration
secrets:
adminOauthClientCredentials:
# -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`.
# If enabled is false, it's up to the user to create `flyte-secret-auth`
# If enabled is true, helm will mount `flyte-secret-auth`.
# If enabled is false, helm will not mount `flyte-secret-auth`.
# If create is true, helm will create the `flyte-secret-auth`.
# If create is false, it's up to the user to create `flyte-secret-auth` as described in
# https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server
enabled: true
create: true
# Use the non-encoded version of the random password
clientSecret: "<your-random-password>"
clientId: flytepropeller
Expand Down Expand Up @@ -597,7 +601,8 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
secrets:
adminOauthClientCredentials:
enabled: true # see the section "Disable Helm secret management" if you require to do so
enabled: true
create: true # see the section "Disable Helm secret management" if you require to do so
# Replace with the client_secret provided by your IdP for flytepropeller.
clientSecret: <client_secret>
# Replace with the client_id provided by provided by your IdP for flytepropeller.
Expand All @@ -617,6 +622,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
secrets:
adminOauthClientCredentials:
enabled: true
create: true
clientSecret: <client secret>
clientId: <client id>
---
Expand Down Expand Up @@ -673,7 +679,8 @@ Alternatively, you can instruct Helm not to create and manage the secret for ``f
secrets:
adminOauthClientCredentials:
enabled: false #set to false
enabled: true # mount the flyte-secret-auth secret to the flytepropeller.
create: false # set to false
# Replace with the client_id provided by provided by your IdP for flytepropeller.
clientId: <client_id>
Expand Down

0 comments on commit 1de6d0d

Please sign in to comment.