Skip to content

Commit

Permalink
Flyte-core flyteadmin / datacatalog expose ports
Browse files Browse the repository at this point in the history
 - Flyteadmin setting for the grpc port is nested and grpcPort should
   not be used. Address incorrect config / documentation

 - Both flyteadmin and datacatalog have configurable ports to use for
   HTTP and GRPC, but the k8s spec for the containers doesn't expose
   matching ports.

   Fix that!

Signed-off-by: ddl-ebrown <[email protected]>
  • Loading branch information
ddl-ebrown committed Mar 22, 2024
1 parent b6f35ad commit 53b70b7
Show file tree
Hide file tree
Showing 22 changed files with 180 additions and 165 deletions.
2 changes: 1 addition & 1 deletion charts/flyte-core/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ helm install gateway bitnami/contour -n flyte
| common.ingress.tls | object | `{"enabled":false}` | - Ingress hostname host: |
| common.ingress.webpackHMR | bool | `false` | - Enable or disable HMR route to flyteconsole. This is useful only for frontend development. |
| configmap.admin | object | `{"admin":{"clientId":"{{ .Values.secrets.adminOauthClientCredentials.clientId }}","clientSecretLocation":"/etc/secrets/client_secret","endpoint":"flyteadmin:81","insecure":true},"event":{"capacity":1000,"rate":500,"type":"admin"}}` | Admin Client configuration [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/subworkflow/launchplan#AdminConfig) |
| configmap.adminServer | object | `{"auth":{"appAuth":{"thirdPartyConfig":{"flyteClient":{"clientId":"flytectl","redirectUri":"http://localhost:53593/callback","scopes":["offline","all"]}}},"authorizedUris":["https://localhost:30081","http://flyteadmin:80","http://flyteadmin.flyte.svc.cluster.local:80"],"userAuth":{"openId":{"baseUrl":"https://accounts.google.com","clientId":"657465813211-6eog7ek7li5k7i7fvgv2921075063hpe.apps.googleusercontent.com","scopes":["profile","openid"]}}},"flyteadmin":{"eventVersion":2,"metadataStoragePrefix":["metadata","admin"],"metricsScope":"flyte:","profilerPort":10254,"roleNameKey":"iam.amazonaws.com/role","testing":{"host":"http://flyteadmin"}},"server":{"grpcPort":8089,"httpPort":8088,"security":{"allowCors":true,"allowedHeaders":["Content-Type","flyte-authorization"],"allowedOrigins":["*"],"secure":false,"useAuth":false}}}` | FlyteAdmin server configuration |
| configmap.adminServer | object | `{"auth":{"appAuth":{"thirdPartyConfig":{"flyteClient":{"clientId":"flytectl","redirectUri":"http://localhost:53593/callback","scopes":["offline","all"]}}},"authorizedUris":["https://localhost:30081","http://flyteadmin:80","http://flyteadmin.flyte.svc.cluster.local:80"],"userAuth":{"openId":{"baseUrl":"https://accounts.google.com","clientId":"657465813211-6eog7ek7li5k7i7fvgv2921075063hpe.apps.googleusercontent.com","scopes":["profile","openid"]}}},"flyteadmin":{"eventVersion":2,"metadataStoragePrefix":["metadata","admin"],"metricsScope":"flyte:","profilerPort":10254,"roleNameKey":"iam.amazonaws.com/role","testing":{"host":"http://flyteadmin"}},"server":{"grpc":{"port":8089},"httpPort":8088,"security":{"allowCors":true,"allowedHeaders":["Content-Type","flyte-authorization"],"allowedOrigins":["*"],"secure":false,"useAuth":false}}}` | FlyteAdmin server configuration |
| configmap.adminServer.auth | object | `{"appAuth":{"thirdPartyConfig":{"flyteClient":{"clientId":"flytectl","redirectUri":"http://localhost:53593/callback","scopes":["offline","all"]}}},"authorizedUris":["https://localhost:30081","http://flyteadmin:80","http://flyteadmin.flyte.svc.cluster.local:80"],"userAuth":{"openId":{"baseUrl":"https://accounts.google.com","clientId":"657465813211-6eog7ek7li5k7i7fvgv2921075063hpe.apps.googleusercontent.com","scopes":["profile","openid"]}}}` | Authentication configuration |
| configmap.adminServer.server.security.secure | bool | `false` | Controls whether to serve requests over SSL/TLS. |
| configmap.adminServer.server.security.useAuth | bool | `false` | Controls whether to enforce authentication. Follow the guide in https://docs.flyte.org/ on how to setup authentication. |
Expand Down
4 changes: 2 additions & 2 deletions charts/flyte-core/templates/admin/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -151,8 +151,8 @@ spec:
imagePullPolicy: "{{ .Values.flyteadmin.image.pullPolicy }}"
name: flyteadmin
ports:
- containerPort: 8088
- containerPort: 8089
- containerPort: {{ .Values.configmap.adminServer.server.httpPort }}
- containerPort: {{ .Values.configmap.adminServer.server.grpc.port }}
- containerPort: {{ .Values.configmap.adminServer.flyteadmin.profilerPort }}
readinessProbe:
exec:
Expand Down
4 changes: 2 additions & 2 deletions charts/flyte-core/templates/datacatalog/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,8 @@ spec:
imagePullPolicy: "{{ .Values.datacatalog.image.pullPolicy }}"
name: datacatalog
ports:
- containerPort: 8088
- containerPort: 8089
- containerPort: {{ .Values.configmap.datacatalogServer.application.httpPort }}
- containerPort: {{ .Values.configmap.datacatalogServer.application.grpcPort }}
- containerPort: {{ index .Values.configmap.datacatalogServer.datacatalog "profiler-port" }}
securityContext:
allowPrivilegeEscalation: false
Expand Down
5 changes: 3 additions & 2 deletions charts/flyte-core/values-eks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ common:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/tags: service_instance=production
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/target-type: ip
# -- This is the certificate arn of the cert imported in AWS certificate manager.
alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.userSettings.certificateArn }}"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
Expand Down Expand Up @@ -216,7 +216,8 @@ configmap:
adminServer:
server:
httpPort: 8088
grpcPort: 8089
grpc:
port: 8089
security:
secure: false
useAuth: false
Expand Down
3 changes: 2 additions & 1 deletion charts/flyte-core/values-gcp.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,8 @@ configmap:
adminServer:
server:
httpPort: 8088
grpcPort: 8089
grpc:
port: 8089
security:
secure: false
useAuth: false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ flyteadmin:
- configMap:
name: sslcerts # name of the ca-certificates.crt configmap in the cluster
name: sslcerts
additionalVolumeMounts:
additionalVolumeMounts:
- mountPath: /etc/ssl/certs/ # where to mount the above certificate
name: sslcerts
# -- Appends extra command line arguments to the serve command
Expand Down Expand Up @@ -459,11 +459,11 @@ configmap:
console:
BASE_URL: /console
CONFIG_DIR: /etc/flyte/config

logger:
show-source: true
level: 6

# -- Domains configuration for Flyte projects. This enables the specified number of domains across all projects in Flyte.
domain:
domains:
Expand All @@ -485,7 +485,8 @@ configmap:
# Refer to the [server config](https://pkg.go.dev/github.com/lyft/[email protected]/pkg/config#ServerConfig).
server:
httpPort: 8088
grpcPort: 8089
grpc:
port: 8089
security:
# -- Controls whether to serve requests over SSL/TLS.
secure: false
Expand Down Expand Up @@ -552,7 +553,7 @@ configmap:
- profile
- openid
- offline_access
clientId: <clientid declared in IDP for the UI access>
clientId: <clientid declared in IDP for the UI access>

# -- Datacatalog server config
datacatalogServer:
Expand Down
3 changes: 2 additions & 1 deletion charts/flyte-core/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -626,7 +626,8 @@ configmap:
# Refer to the [server config](https://pkg.go.dev/github.com/lyft/[email protected]/pkg/config#ServerConfig).
server:
httpPort: 8088
grpcPort: 8089
grpc:
port: 8089
security:
# -- Controls whether to serve requests over SSL/TLS.
secure: false
Expand Down
6 changes: 3 additions & 3 deletions charts/flyte/README.md

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion charts/flyte/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -377,7 +377,8 @@ flyte:
# Refer to the [server config](https://pkg.go.dev/github.com/lyft/[email protected]/pkg/config#ServerConfig).
server:
httpPort: 8088
grpcPort: 8089
grpc:
port: 8089
security:
# -- Controls whether to serve requests over SSL/TLS.
secure: false
Expand Down
7 changes: 4 additions & 3 deletions deployment/eks/flyte_aws_scheduler_helm_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,8 @@ data:
testing:
host: http://flyteadmin
server:
grpcPort: 8089
grpc:
port: 8089
httpPort: 8088
security:
allowCors: true
Expand Down Expand Up @@ -848,7 +849,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "2b5c85969f2bd85bb51a084f9fd72c20c3aca94be99e53cb4c4e9f78e77ebc5"
configChecksum: "d50d9b515795be1f4937c58f37335ec9bd505ba4c51f96caf8491fa323abb56"
labels:
app.kubernetes.io/name: flyteadmin
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -1209,7 +1210,7 @@ spec:
imagePullPolicy: "IfNotPresent"
name: datacatalog
ports:
- containerPort: 8088
- containerPort: 8080
- containerPort: 8089
- containerPort: 10254
securityContext:
Expand Down
9 changes: 5 additions & 4 deletions deployment/eks/flyte_helm_controlplane_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,8 @@ data:
testing:
host: http://flyteadmin
server:
grpcPort: 8089
grpc:
port: 8089
httpPort: 8088
security:
allowCors: true
Expand Down Expand Up @@ -553,7 +554,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "053b20ebc40227f6ed8ddc61f5997ee7997c604158f773779f20ec61af11a2f"
configChecksum: "b6087931f4457971d5fcd17d64491188322ffc2f86e31f943b142c76edb9e67"
labels:
app.kubernetes.io/name: flyteadmin
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -914,7 +915,7 @@ spec:
imagePullPolicy: "IfNotPresent"
name: datacatalog
ports:
- containerPort: 8088
- containerPort: 8080
- containerPort: 8089
- containerPort: 10254
securityContext:
Expand Down Expand Up @@ -973,7 +974,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "053b20ebc40227f6ed8ddc61f5997ee7997c604158f773779f20ec61af11a2f"
configChecksum: "b6087931f4457971d5fcd17d64491188322ffc2f86e31f943b142c76edb9e67"
labels:
app.kubernetes.io/name: flytescheduler
app.kubernetes.io/instance: flyte
Expand Down
9 changes: 5 additions & 4 deletions deployment/eks/flyte_helm_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,8 @@ data:
testing:
host: http://flyteadmin
server:
grpcPort: 8089
grpc:
port: 8089
httpPort: 8088
security:
allowCors: true
Expand Down Expand Up @@ -879,7 +880,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "053b20ebc40227f6ed8ddc61f5997ee7997c604158f773779f20ec61af11a2f"
configChecksum: "b6087931f4457971d5fcd17d64491188322ffc2f86e31f943b142c76edb9e67"
labels:
app.kubernetes.io/name: flyteadmin
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -1240,7 +1241,7 @@ spec:
imagePullPolicy: "IfNotPresent"
name: datacatalog
ports:
- containerPort: 8088
- containerPort: 8080
- containerPort: 8089
- containerPort: 10254
securityContext:
Expand Down Expand Up @@ -1299,7 +1300,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "053b20ebc40227f6ed8ddc61f5997ee7997c604158f773779f20ec61af11a2f"
configChecksum: "b6087931f4457971d5fcd17d64491188322ffc2f86e31f943b142c76edb9e67"
labels:
app.kubernetes.io/name: flytescheduler
app.kubernetes.io/instance: flyte
Expand Down
9 changes: 5 additions & 4 deletions deployment/gcp/flyte_helm_controlplane_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,8 @@ data:
testing:
host: http://flyteadmin
server:
grpcPort: 8089
grpc:
port: 8089
httpPort: 8088
security:
allowCors: true
Expand Down Expand Up @@ -568,7 +569,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
configChecksum: "b35a14d8bfd46ac863acf50bc4f338954b2f1315b66dc1fc17123885cc4dc37"
labels:
app.kubernetes.io/name: flyteadmin
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -929,7 +930,7 @@ spec:
imagePullPolicy: "IfNotPresent"
name: datacatalog
ports:
- containerPort: 8088
- containerPort: 8080
- containerPort: 8089
- containerPort: 10254
securityContext:
Expand Down Expand Up @@ -988,7 +989,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
configChecksum: "b35a14d8bfd46ac863acf50bc4f338954b2f1315b66dc1fc17123885cc4dc37"
labels:
app.kubernetes.io/name: flytescheduler
app.kubernetes.io/instance: flyte
Expand Down
9 changes: 5 additions & 4 deletions deployment/gcp/flyte_helm_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,8 @@ data:
testing:
host: http://flyteadmin
server:
grpcPort: 8089
grpc:
port: 8089
httpPort: 8088
security:
allowCors: true
Expand Down Expand Up @@ -902,7 +903,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
configChecksum: "b35a14d8bfd46ac863acf50bc4f338954b2f1315b66dc1fc17123885cc4dc37"
labels:
app.kubernetes.io/name: flyteadmin
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -1263,7 +1264,7 @@ spec:
imagePullPolicy: "IfNotPresent"
name: datacatalog
ports:
- containerPort: 8088
- containerPort: 8080
- containerPort: 8089
- containerPort: 10254
securityContext:
Expand Down Expand Up @@ -1322,7 +1323,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
configChecksum: "b35a14d8bfd46ac863acf50bc4f338954b2f1315b66dc1fc17123885cc4dc37"
labels:
app.kubernetes.io/name: flytescheduler
app.kubernetes.io/instance: flyte
Expand Down
9 changes: 5 additions & 4 deletions deployment/sandbox/flyte_helm_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,8 @@ data:
testing:
host: http://flyteadmin
server:
grpcPort: 8089
grpc:
port: 8089
httpPort: 8088
security:
allowCors: true
Expand Down Expand Up @@ -6686,7 +6687,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "8702cc3d688d44938e6974b267f70fb01ce7fec4780de86b8f2e65f9446c711"
configChecksum: "88625d852360c42642190e21751f32f7dd9501ce3d479fa68b86478995ff689"
labels:
app.kubernetes.io/name: flyteadmin
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -7028,7 +7029,7 @@ spec:
imagePullPolicy: "IfNotPresent"
name: datacatalog
ports:
- containerPort: 8088
- containerPort: 8080
- containerPort: 8089
- containerPort: 10254
securityContext:
Expand Down Expand Up @@ -7077,7 +7078,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "8702cc3d688d44938e6974b267f70fb01ce7fec4780de86b8f2e65f9446c711"
configChecksum: "88625d852360c42642190e21751f32f7dd9501ce3d479fa68b86478995ff689"
labels:
app.kubernetes.io/name: flytescheduler
app.kubernetes.io/instance: flyte
Expand Down
3 changes: 2 additions & 1 deletion deployment/test/flyte_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,8 @@ data:
server.yaml: |
server:
httpPort: 8088
grpcPort: 8089
grpc:
port: 8089
security:
# Controls whether to serve requests over SSL/TLS.
secure: false
Expand Down
4 changes: 2 additions & 2 deletions docker/sandbox-bundled/manifests/complete-agent.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -816,7 +816,7 @@ type: Opaque
---
apiVersion: v1
data:
haSharedSecret: QWVsREJpZnlIR2N1UXJSMg==
haSharedSecret: bkdUMzhmMjNBYmN0RDlIRg==
proxyPassword: ""
proxyUsername: ""
kind: Secret
Expand Down Expand Up @@ -1412,7 +1412,7 @@ spec:
metadata:
annotations:
checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
checksum/secret: 6eadd3a29b61a78cf3a7712f3370a10fc0ec1a61c40753a48c7fa8bea69a6ec6
checksum/secret: c99a8645b27f263998822ca7fcbfc861f9011d267550c2c1b683193928d21a5a
labels:
app: docker-registry
release: flyte-sandbox
Expand Down
4 changes: 2 additions & 2 deletions docker/sandbox-bundled/manifests/complete.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -796,7 +796,7 @@ type: Opaque
---
apiVersion: v1
data:
haSharedSecret: NmtkWjAwUWhadWlzb0xNcA==
haSharedSecret: Yk10amxRNGE2a2cxQkNudw==
proxyPassword: ""
proxyUsername: ""
kind: Secret
Expand Down Expand Up @@ -1360,7 +1360,7 @@ spec:
metadata:
annotations:
checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
checksum/secret: 98727a2bd78c4e88ef413663ebff406f78c8fdbda001f7ba7b6b784934cd4d4a
checksum/secret: 78a0277052e7c7d0a17e1d0dcddb270ba05856222a35324fa54aec8f8a9d0f4e
labels:
app: docker-registry
release: flyte-sandbox
Expand Down
4 changes: 2 additions & 2 deletions docker/sandbox-bundled/manifests/dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -499,7 +499,7 @@ metadata:
---
apiVersion: v1
data:
haSharedSecret: WG01UkdoN2dNTzBMRjJDVA==
haSharedSecret: QkZrajZUUmFvMWRtYUtOeA==
proxyPassword: ""
proxyUsername: ""
kind: Secret
Expand Down Expand Up @@ -934,7 +934,7 @@ spec:
metadata:
annotations:
checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
checksum/secret: 5400c48803b4ae9d08115e0f52f00245498c0b06d11d318a36590b01f91e2753
checksum/secret: 18ef21d160b64cc1bc13e82bdbf675a7592da97786d648686aa4ea1f15b7cafb
labels:
app: docker-registry
release: flyte-sandbox
Expand Down
Loading

0 comments on commit 53b70b7

Please sign in to comment.