diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 96b527a367a..a99aed01b03 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -273,7 +273,7 @@ helm install gateway bitnami/contour -n flyte | flytescheduler.tolerations | list | `[]` | tolerations for Flytescheduler deployment | | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | | | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | | -| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will mount `flyte-secret-auth`. If enabled is false, helm will not mount `flyte-secret-auth` | +| secrets.adminOauthClientCredentials.mount | bool | `true` | If mount is true, helm will mount `flyte-secret-auth`. If mount is false, helm will not mount `flyte-secret-auth` | | secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | diff --git a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml index a2fb5d04ae0..531b89f6998 100644 --- a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml +++ b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml @@ -42,7 +42,7 @@ spec: {{- if not .Values.cluster_resource_manager.config.cluster_resources.standaloneDeployment }} {{- include "databaseSecret.volumeMount" . | nindent 10 }} {{- else }} - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -69,7 +69,7 @@ spec: secretName: cluster-credentials {{- end }} {{- if .Values.cluster_resource_manager.config.cluster_resources.standaloneDeployment }} - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/flytescheduler/deployment.yaml b/charts/flyte-core/templates/flytescheduler/deployment.yaml index 14db8c48a79..96feae2841f 100755 --- a/charts/flyte-core/templates/flytescheduler/deployment.yaml +++ b/charts/flyte-core/templates/flytescheduler/deployment.yaml @@ -48,7 +48,7 @@ spec: volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} - mountPath: /etc/flyte/config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -78,7 +78,7 @@ spec: volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} - mountPath: /etc/flyte/config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -95,7 +95,7 @@ spec: - configMap: name: flyte-scheduler-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/propeller/deployment.yaml b/charts/flyte-core/templates/propeller/deployment.yaml index 5fd09e5d5da..21ecb056901 100644 --- a/charts/flyte-core/templates/propeller/deployment.yaml +++ b/charts/flyte-core/templates/propeller/deployment.yaml @@ -82,7 +82,7 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/flyte/config - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -100,7 +100,7 @@ spec: - configMap: name: flyte-propeller-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/propeller/manager.yaml b/charts/flyte-core/templates/propeller/manager.yaml index 21eb894ba84..1bbb436e877 100644 --- a/charts/flyte-core/templates/propeller/manager.yaml +++ b/charts/flyte-core/templates/propeller/manager.yaml @@ -43,7 +43,7 @@ template: volumeMounts: - name: config-volume mountPath: /etc/flyte/config - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -55,7 +55,7 @@ template: - configMap: name: flyte-propeller-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml index b1361492987..2b55bb83f56 100644 --- a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml +++ b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml @@ -298,12 +298,12 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # If enabled is true, helm will mount `flyte-secret-auth`. - # If enabled is false, helm will not mount `flyte-secret-auth`. + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - enabled: true + mount: true create: true clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP clientId: "flytepropeller" #use this client id and secret in the flytectl config with ClientSecret option diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index a368305fcb4..becda27de6b 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -430,12 +430,12 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # If enabled is true, helm will mount `flyte-secret-auth`. - # If enabled is false, helm will not mount `flyte-secret-auth`. + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - enabled: true + mount: true create: true clientSecret: foobar clientId: flytepropeller diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index 89cb61dba0a..b9f318fb778 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -345,12 +345,12 @@ Apply OIDC Configuration secrets: adminOauthClientCredentials: - # If enabled is true, helm will mount `flyte-secret-auth`. - # If enabled is false, helm will not mount `flyte-secret-auth`. + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - enabled: true + mount: true create: true # Use the non-encoded version of the random password clientSecret: "" @@ -601,7 +601,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - enabled: true + mount: true create: true # see the section "Disable Helm secret management" if you require to do so # Replace with the client_secret provided by your IdP for flytepropeller. clientSecret: @@ -621,7 +621,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - enabled: true + mount: true create: true clientSecret: clientId: @@ -679,7 +679,7 @@ Alternatively, you can instruct Helm not to create and manage the secret for ``f secrets: adminOauthClientCredentials: - enabled: true # mount the flyte-secret-auth secret to the flytepropeller. + mount: true # mount the flyte-secret-auth secret to the flytepropeller. create: false # set to false # Replace with the client_id provided by provided by your IdP for flytepropeller. clientId: