diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml deleted file mode 100644 index eff728a31a..0000000000 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ /dev/null @@ -1,2613 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flyte ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox - namespace: flyte ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.1.1 - name: flyte-sandbox-minio - namespace: flyte -secrets: -- name: flyte-sandbox-minio ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis - namespace: flyte ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyteagent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyteagent - helm.sh/chart: flyteagent-v0.1.10 - name: flyteagent - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -rules: -- apiGroups: - - "" - resourceNames: - - kubernetes-dashboard-key-holder - - kubernetes-dashboard-certs - - kubernetes-dashboard-csrf - resources: - - secrets - verbs: - - get - - update - - delete -- apiGroups: - - "" - resourceNames: - - kubernetes-dashboard-settings - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resourceNames: - - heapster - - dashboard-metrics-scraper - resources: - - services - verbs: - - proxy -- apiGroups: - - "" - resourceNames: - - heapster - - 'http:heapster:' - - 'https:heapster:' - - dashboard-metrics-scraper - - http:dashboard-metrics-scraper - resources: - - services/proxy - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-role - namespace: flyte -rules: -- apiGroups: - - "" - resources: - - namespaces - - resourcequotas - - secrets - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - patch - - update -- apiGroups: - - "" - resources: - - podtemplates - verbs: - - get - - list - - watch -- apiGroups: - - flyte.lyft.com - resources: - - flyteworkflows - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - post - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - get - - list -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-readonly -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - replicationcontrollers/scale - - serviceaccounts - - services - - nodes - - persistentvolumeclaims - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/scale - - ingresses - - networkpolicies - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: flyte-sandbox-kubernetes-dashboard -subjects: -- kind: ServiceAccount - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-role-binding - namespace: flyte -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flyte-sandbox-cluster-role -subjects: -- kind: ServiceAccount - name: flyte-sandbox - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-readonly -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flyte-sandbox-kubernetes-dashboard-readonly -subjects: -- kind: ServiceAccount - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: v1 -data: - namespace.yaml: | - apiVersion: v1 - kind: Namespace - metadata: - name: '{{ namespace }}' -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-resource-templates - namespace: flyte ---- -apiVersion: v1 -data: - 000-core.yaml: | - admin: - endpoint: localhost:8089 - insecure: true - catalog-cache: - endpoint: localhost:8081 - insecure: true - type: datacatalog - cluster_resources: - standaloneDeployment: false - templatePath: /etc/flyte/cluster-resource-templates - logger: - show-source: true - level: 5 - propeller: - create-flyteworkflow-crd: true - webhook: - certDir: /var/run/flyte/certs - localCert: true - secretName: flyte-sandbox-webhook-secret - serviceName: flyte-sandbox-webhook - servicePort: 443 - flyte: - admin: - disableClusterResourceManager: false - disableScheduler: false - disabled: false - seedProjects: - - flytesnacks - dataCatalog: - disabled: false - propeller: - disableWebhook: false - disabled: false - 001-plugins.yaml: | - tasks: - task-plugins: - default-for-task-types: - container: container - container_array: k8s-array - sidecar: sidecar - enabled-plugins: - - container - - sidecar - - k8s-array - - agent-service - plugins: - logs: - kubernetes-enabled: true - kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} - cloudwatch-enabled: false - stackdriver-enabled: false - k8s: - co-pilot: - image: "cr.flyte.org/flyteorg/flytecopilot:v1.9.4" - k8s-array: - logs: - config: - kubernetes-enabled: true - kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} - cloudwatch-enabled: false - stackdriver-enabled: false - agent-service: - defaultAgent: - defaultTimeout: 10s - endpoint: dns:///flyteagent.flyte.svc.cluster.local:8000 - insecure: true - timeouts: - GetTask: 10s - supportedTaskTypes: - - default_task - 002-database.yaml: | - database: - postgres: - username: postgres - host: flyte-sandbox-postgresql - port: 5432 - dbname: flyte - options: "sslmode=disable" - 003-storage.yaml: | - propeller: - rawoutput-prefix: s3://my-s3-bucket/data - storage: - type: stow - stow: - kind: s3 - config: - region: us-east-1 - disable_ssl: true - v2_signing: true - endpoint: http://flyte-sandbox-minio.flyte:9000 - auth_type: accesskey - container: my-s3-bucket - 100-inline-config.yaml: | - artifacts: - host: artifact-service.flyte.svc.cluster.local - insecure: true - port: 50051 - cloudEvents: - enable: true - redis: - addr: flyte-sandbox-redis-headless.flyte.svc.cluster.local:6379 - transformToCloudEvents: true - type: redis - plugins: - k8s: - default-env-vars: - - FLYTE_AWS_ENDPOINT: http://flyte-sandbox-minio.flyte:9000 - - FLYTE_AWS_ACCESS_KEY_ID: minio - - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage - storage: - signedURL: - stowConfigOverride: - endpoint: http://localhost:30002 - task_resources: - defaults: - cpu: 500m - ephemeralStorage: 0 - gpu: 0 - memory: 1Gi - limits: - cpu: 0 - ephemeralStorage: 0 - gpu: 0 - memory: 0 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-config - namespace: flyte ---- -apiVersion: v1 -data: - config.yml: |- - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - http: - addr: :5000 - debug: - addr: :5001 - prometheus: - enabled: false - path: /metrics - headers: - X-Content-Type-Options: - - nosniff - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - version: 0.1 -kind: ConfigMap -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry-config - namespace: flyte ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: flyte-sandbox-extra-cluster-resource-templates - namespace: flyte ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: flyte-sandbox-extra-config - namespace: flyte ---- -apiVersion: v1 -data: - envoy.yaml: | - admin: - access_log_path: /dev/stdout - static_resources: - listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 8000 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - upgrade_configs: - - upgrade_type: websocket - route_config: - name: local_route - virtual_hosts: - - name: backend - domains: - - "*" - routes: - - match: - path: "/" - redirect: - path_redirect: "/console/" - - match: - prefix: "/.well-known" - route: - cluster: flyte - - match: - prefix: "/__webpack_hmr" - route: - cluster: flyte - - match: - prefix: "/api" - route: - cluster: flyte - - match: - prefix: "/callback" - route: - cluster: flyte - - match: - prefix: "/config" - route: - cluster: flyte - - match: - prefix: "/console" - route: - cluster: flyte - - match: - prefix: "/healthcheck" - route: - cluster: flyte - - match: - prefix: "/login" - route: - cluster: flyte - - match: - prefix: "/logout" - route: - cluster: flyte - - match: - prefix: "/me" - route: - cluster: flyte - - match: - prefix: "/oauth2" - route: - cluster: flyte - - match: - prefix: "/v1" - route: - cluster: flyte - - match: - prefix: "/flyteidl.service.AdminService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.AuthMetadataService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.DataProxyService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.IdentityService" - route: - cluster: flyte_grpc - - match: - prefix: "/grpc.health.v1.Health" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.SignalService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.artifact.ArtifactRegistry" - route: - cluster: artifact - - match: - path: "/kubernetes-dashboard" - redirect: - path_redirect: "/kubernetes-dashboard/" - - match: - prefix: "/kubernetes-dashboard/" - route: - cluster: kubernetes-dashboard - prefix_rewrite: / - - match: - path: "/minio" - redirect: - path_redirect: "/minio/" - - match: - prefix: "/minio/" - route: - cluster: minio - prefix_rewrite: / - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - clusters: - - name: flyte - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: flyte - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-http - port_value: 8088 - - name: flyte_grpc - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: flyte_grpc - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-grpc - port_value: 8089 - - name: kubernetes-dashboard - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: kubernetes-dashboard - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-kubernetes-dashboard - port_value: 80 - - name: minio - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: minio - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-minio - port_value: 9001 - - name: artifact - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: artifact - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: artifact-service - port_value: 50051 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy-config - namespace: flyte ---- -apiVersion: v1 -data: - master.conf: |- - dir /data - # User-supplied master configuration: - rename-command FLUSHDB "" - rename-command FLUSHALL "" - # End of master configuration - redis.conf: |- - # User-supplied common configuration: - # Enable AOF https://redis.io/topics/persistence#append-only-file - appendonly yes - # Disable RDB persistence, AOF persistence already enabled. - save "" - # End of common configuration - replica.conf: |- - dir /data - # User-supplied replica configuration: - rename-command FLUSHDB "" - rename-command FLUSHALL "" - # End of replica configuration -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis-configuration - namespace: flyte ---- -apiVersion: v1 -data: - ping_liveness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h localhost \ - -p $REDIS_PORT \ - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then - echo "$response" - exit 1 - fi - ping_liveness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? - "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? - exit $exit_status - ping_liveness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then - echo "$response" - exit 1 - fi - ping_readiness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h localhost \ - -p $REDIS_PORT \ - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_readiness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? - "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? - exit $exit_status - ping_readiness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" - response=$( - timeout -s 15 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis-health - namespace: flyte ---- -apiVersion: v1 -data: - start-master.sh: | - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then - cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf - fi - if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - ARGS=("--port" "${REDIS_PORT}") - ARGS+=("--protected-mode" "no") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") - exec redis-server "${ARGS[@]}" - start-replica.sh: | - #!/bin/bash - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo 26379 - ;; - "REDIS") - echo 6379 - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - full_hostname="${hostname}.${HEADLESS_SERVICE}" - echo "${full_hostname}" - } - - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - HEADLESS_SERVICE="flyte-sandbox-redis-headless.flyte.svc.cluster.local" - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - - echo "" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf - ARGS=("--port" "${REDIS_PORT}") - ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - ARGS+=("--protected-mode" "no") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - exec redis-server "${ARGS[@]}" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis-scripts - namespace: flyte ---- -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-settings - namespace: flyte ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-config-secret - namespace: flyte -stringData: - 012-database-secrets.yaml: | - database: - postgres: - password: "postgres" - 013-storage-secrets.yaml: | - storage: - stow: - config: - access_key_id: "minio" - secret_key: "miniostorage" -type: Opaque ---- -apiVersion: v1 -data: - haSharedSecret: ZWxiQ0JYUUJZSENoeG5FRQ== - proxyPassword: "" - proxyUsername: "" -kind: Secret -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry-secret - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-certs - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - root-password: bWluaW9zdG9yYWdl - root-user: bWluaW8= -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.1.1 - name: flyte-sandbox-minio - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - postgres-password: cG9zdGdyZXM= -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.1.9 - name: flyte-sandbox-postgresql - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - username: User -kind: Secret -metadata: - name: flyteagent - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-csrf - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-key-holder - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: artifact-service - name: artifact-service - namespace: flyte -spec: - ports: - - name: grpc - port: 50051 - targetPort: 50051 - selector: - app: artifact-service - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry - namespace: flyte -spec: - ports: - - name: http-5000 - nodePort: 30000 - port: 5000 - protocol: TCP - targetPort: 5000 - selector: - app: docker-registry - release: flyte-sandbox - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-grpc - namespace: flyte -spec: - ports: - - name: grpc - nodePort: null - port: 8089 - targetPort: grpc - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-http - namespace: flyte -spec: - ports: - - name: http - nodePort: null - port: 8088 - targetPort: http - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - kubernetes.io/cluster-service: "true" - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -spec: - ports: - - name: http - port: 80 - targetPort: http - selector: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: kubernetes-dashboard - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.1.1 - name: flyte-sandbox-minio - namespace: flyte -spec: - externalTrafficPolicy: Cluster - ports: - - name: minio-api - nodePort: 30002 - port: 9000 - targetPort: minio-api - - name: minio-console - port: 9001 - targetPort: minio-console - selector: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.1.9 - name: flyte-sandbox-postgresql - namespace: flyte -spec: - externalTrafficPolicy: Cluster - ports: - - name: tcp-postgresql - nodePort: 30001 - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - sessionAffinity: None - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.1.9 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - name: flyte-sandbox-postgresql-hl - namespace: flyte -spec: - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - publishNotReadyAddresses: true - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy - namespace: flyte -spec: - ports: - - name: http - nodePort: 30080 - port: 8000 - protocol: TCP - selector: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis-headless - namespace: flyte -spec: - clusterIP: None - ports: - - name: tcp-redis - port: 6379 - targetPort: redis - selector: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: master - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis-master - namespace: flyte -spec: - externalTrafficPolicy: Cluster - internalTrafficPolicy: Cluster - ports: - - name: tcp-redis - nodePort: 30004 - port: 6379 - targetPort: redis - selector: - app.kubernetes.io/component: master - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - sessionAffinity: None - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: replica - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis-replicas - namespace: flyte -spec: - internalTrafficPolicy: Cluster - ports: - - name: tcp-redis - nodePort: null - port: 6379 - targetPort: redis - selector: - app.kubernetes.io/component: replica - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - sessionAffinity: None - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-webhook - namespace: flyte -spec: - ports: - - name: webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - projectcontour.io/upstream-protocol.h2c: grpc - labels: - app.kubernetes.io/instance: flyteagent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyteagent - helm.sh/chart: flyteagent-v0.1.10 - name: flyteagent - namespace: flyte -spec: - ports: - - name: agent-grpc - port: 8000 - protocol: TCP - targetPort: agent-grpc - selector: - app.kubernetes.io/instance: flyteagent - app.kubernetes.io/name: flyteagent - type: ClusterIP ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-db-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/db - storageClassName: manual ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-minio-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/minio - storageClassName: manual ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-db-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-sandbox-db-storage ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-minio-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-sandbox-minio-storage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: artifact-service - name: artifact-service - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app: artifact-service - template: - metadata: - labels: - app: artifact-service - spec: - containers: - - env: - - name: DATABASE_URL - value: postgresql://postgres:postgres@flyte-sandbox-postgresql.flyte:5432/postgres - - name: REDIS_HOST - value: flyte-sandbox-redis-headless.flyte.svc.cluster.local - - name: REDIS_PORT - value: "6379" - image: ghcr.io/unionai/artifacts:sandbox - livenessProbe: - initialDelaySeconds: 30 - tcpSocket: - port: grpc - name: main - ports: - - containerPort: 50051 - name: grpc - readinessProbe: - tcpSocket: - port: grpc ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - strategy: - type: Recreate - template: - metadata: - annotations: - checksum/cluster-resource-templates: 6fd9b172465e3089fcc59f738b92b8dc4d8939360c19de8ee65f68b0e7422035 - checksum/configuration: c86a3f997d43ba1f7612d3f5e9675ef534131308a682edc09d06cf4f6e79be64 - checksum/configuration-secret: 09216ffaa3d29e14f88b1f30af580d02a2a5e014de4d750b7f275cc07ed4e914 - labels: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - args: - - start - - --config - - /etc/flyte/config.d/*.yaml - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: flyte-binary:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: /healthcheck - port: http - name: flyte - ports: - - containerPort: 8088 - name: http - - containerPort: 8089 - name: grpc - - containerPort: 9443 - name: webhook - readinessProbe: - httpGet: - path: /healthcheck - port: http - volumeMounts: - - mountPath: /etc/flyte/cluster-resource-templates - name: cluster-resource-templates - - mountPath: /etc/flyte/config.d - name: config - - mountPath: /var/run/flyte - name: state - initContainers: - - args: - - | - until pg_isready \ - -h flyte-sandbox-postgresql \ - -p 5432 \ - -U postgres - do - echo waiting for database - sleep 0.1 - done - command: - - sh - - -ec - image: bitnami/postgresql:sandbox - imagePullPolicy: Never - name: wait-for-db - serviceAccountName: flyte-sandbox - volumes: - - name: cluster-resource-templates - projected: - sources: - - configMap: - name: flyte-sandbox-cluster-resource-templates - - configMap: - name: flyte-sandbox-extra-cluster-resource-templates - - name: config - projected: - sources: - - configMap: - name: flyte-sandbox-config - - secret: - name: flyte-sandbox-config-secret - - configMap: - name: flyte-sandbox-extra-config - - emptyDir: {} - name: state ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-buildkit - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: buildkit - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - template: - metadata: - labels: - app.kubernetes.io/component: buildkit - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - args: - - --addr - - unix:///run/buildkit/buildkitd.sock - - --addr - - tcp://0.0.0.0:30003 - image: moby/buildkit:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - name: buildkit - ports: - - containerPort: 30003 - name: tcp - protocol: TCP - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: - privileged: true - hostNetwork: true ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry - namespace: flyte -spec: - minReadySeconds: 5 - replicas: 1 - selector: - matchLabels: - app: docker-registry - release: flyte-sandbox - template: - metadata: - annotations: - checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 183acc4de162cc63bff13b9da701693fc3c02ac26c9d7ff1bca65ba1fae0d388 - labels: - app: docker-registry - release: flyte-sandbox - spec: - containers: - - command: - - /bin/registry - - serve - - /etc/docker/registry/config.yml - env: - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - key: haSharedSecret - name: flyte-sandbox-docker-registry-secret - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: /var/lib/registry - image: registry:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: / - port: 5000 - name: docker-registry - ports: - - containerPort: 5000 - readinessProbe: - httpGet: - path: / - port: 5000 - resources: {} - volumeMounts: - - mountPath: /etc/docker/registry - name: flyte-sandbox-docker-registry-config - - mountPath: /var/lib/registry/ - name: data - securityContext: - fsGroup: 1000 - runAsUser: 1000 - volumes: - - configMap: - name: flyte-sandbox-docker-registry-config - name: flyte-sandbox-docker-registry-config - - emptyDir: {} - name: data ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: kubernetes-dashboard - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: null - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - spec: - containers: - - args: - - --namespace=flyte - - --metrics-provider=none - - --enable-insecure-login - - --enable-skip-login - image: kubernetesui/dashboard:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: / - port: 9090 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 30 - name: kubernetes-dashboard - ports: - - containerPort: 9090 - name: http - protocol: TCP - resources: - limits: - cpu: 2 - memory: 200Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 2001 - runAsUser: 1001 - volumeMounts: - - mountPath: /certs - name: kubernetes-dashboard-certs - - mountPath: /tmp - name: tmp-volume - securityContext: - seccompProfile: - type: RuntimeDefault - serviceAccountName: flyte-sandbox-kubernetes-dashboard - volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: flyte-sandbox-kubernetes-dashboard-certs - - emptyDir: {} - name: tmp-volume ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.1.1 - name: flyte-sandbox-minio - namespace: flyte -spec: - selector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - strategy: - type: Recreate - template: - metadata: - annotations: - checksum/credentials-secret: c199ac45f9d95d97966921c814d6c8b38cbf7416458e19cbe6d001a04c264448 - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.1.1 - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: MINIO_SCHEME - value: http - - name: MINIO_FORCE_NEW_KEYS - value: "no" - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - key: root-user - name: flyte-sandbox-minio - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: root-password - name: flyte-sandbox-minio - - name: MINIO_DEFAULT_BUCKETS - value: my-s3-bucket - - name: MINIO_BROWSER - value: "on" - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: public - - name: MINIO_CONSOLE_PORT_NUMBER - value: "9001" - - name: MINIO_BROWSER_REDIRECT_URL - value: http://localhost:30080/minio - envFrom: null - image: docker.io/bitnami/minio:sandbox - imagePullPolicy: Never - livenessProbe: - failureThreshold: 5 - httpGet: - path: /minio/health/live - port: minio-api - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - name: minio - ports: - - containerPort: 9000 - name: minio-api - protocol: TCP - - containerPort: 9001 - name: minio-console - protocol: TCP - readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - tcpSocket: - port: minio-api - timeoutSeconds: 1 - resources: - limits: {} - requests: {} - securityContext: - runAsNonRoot: true - runAsUser: 1001 - volumeMounts: - - mountPath: /data - name: data - initContainers: - - command: - - /bin/bash - - -ec - - | - chown -R 1001:1001 /data - image: docker.io/bitnami/bitnami-shell:sandbox - imagePullPolicy: Never - name: volume-permissions - resources: - limits: {} - requests: {} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 1001 - serviceAccountName: flyte-sandbox-minio - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-sandbox-minio-storage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - template: - metadata: - labels: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - image: envoyproxy/envoy:sandbox - imagePullPolicy: Never - name: proxy - ports: - - containerPort: 8000 - name: http - volumeMounts: - - mountPath: /etc/envoy - name: config - volumes: - - configMap: - name: flyte-sandbox-proxy-config - name: config ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyteagent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyteagent - helm.sh/chart: flyteagent-v0.1.10 - name: flyteagent - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: flyteagent - app.kubernetes.io/name: flyteagent - template: - metadata: - annotations: null - labels: - app.kubernetes.io/instance: flyteagent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyteagent - helm.sh/chart: flyteagent-v0.1.10 - spec: - containers: - - command: - - pyflyte - - serve - image: ghcr.io/flyteorg/flyteagent:1.9.1 - imagePullPolicy: IfNotPresent - name: flyteagent - ports: - - containerPort: 8000 - name: agent-grpc - resources: - limits: - cpu: 500m - ephemeral-storage: 200Mi - memory: 200Mi - requests: - cpu: 500m - ephemeral-storage: 200Mi - memory: 200Mi - volumeMounts: - - mountPath: /etc/secrets - name: flyteagent - serviceAccountName: flyteagent - volumes: - - name: flyteagent - secret: - secretName: flyteagent ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.1.9 - name: flyte-sandbox-postgresql - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - serviceName: flyte-sandbox-postgresql-hl - template: - metadata: - annotations: null - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.1.9 - name: flyte-sandbox-postgresql - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: flyte-sandbox-postgresql - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - - name: POSTGRESQL_ENABLE_TLS - value: "no" - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnami/postgresql:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - runAsUser: 1001 - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - hostIPC: false - hostNetwork: false - initContainers: - - command: - - /bin/sh - - -ec - - | - chown 1001:1001 /bitnami/postgresql - mkdir -p /bitnami/postgresql/data - chmod 700 /bitnami/postgresql/data - find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \ - xargs -r chown -R 1001:1001 - image: docker.io/bitnami/bitnami-shell:sandbox - imagePullPolicy: Never - name: init-chmod-data - resources: - limits: {} - requests: {} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - securityContext: - fsGroup: 1001 - serviceAccountName: default - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-sandbox-db-storage - updateStrategy: - rollingUpdate: {} - type: RollingUpdate ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: master - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis-master - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: master - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - serviceName: flyte-sandbox-redis-headless - template: - metadata: - annotations: - checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 - checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 - checksum/scripts: d8e7bccfb1b74138543285406c65b9316cacb0f2da164a6baa00faed05079b7f - checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - labels: - app.kubernetes.io/component: master - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: master - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - topologyKey: kubernetes.io/hostname - weight: 1 - automountServiceAccountToken: true - containers: - - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-master.sh - command: - - /bin/bash - env: - - name: BITNAMI_DEBUG - value: "false" - - name: REDIS_REPLICATION_MODE - value: master - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - - name: REDIS_TLS_ENABLED - value: "no" - - name: REDIS_PORT - value: "6379" - image: docker.io/bitnami/redis:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh 5 - failureThreshold: 5 - initialDelaySeconds: 20 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 6 - name: redis - ports: - - containerPort: 6379 - name: redis - readinessProbe: - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh 1 - failureThreshold: 5 - initialDelaySeconds: 20 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 2 - resources: - limits: {} - requests: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 0 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /opt/bitnami/scripts/start-scripts - name: start-scripts - - mountPath: /health - name: health - - mountPath: /data - name: redis-data - - mountPath: /opt/bitnami/redis/mounted-etc - name: config - - mountPath: /opt/bitnami/redis/etc/ - name: redis-tmp-conf - - mountPath: /tmp - name: tmp - securityContext: - fsGroup: 1001 - serviceAccountName: flyte-sandbox-redis - terminationGracePeriodSeconds: 30 - volumes: - - configMap: - defaultMode: 493 - name: flyte-sandbox-redis-scripts - name: start-scripts - - configMap: - defaultMode: 493 - name: flyte-sandbox-redis-health - name: health - - configMap: - name: flyte-sandbox-redis-configuration - name: config - - emptyDir: {} - name: redis-tmp-conf - - emptyDir: {} - name: tmp - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - labels: - app.kubernetes.io/component: master - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - name: redis-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: replica - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - name: flyte-sandbox-redis-replicas - namespace: flyte -spec: - replicas: 0 - selector: - matchLabels: - app.kubernetes.io/component: replica - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - serviceName: flyte-sandbox-redis-headless - template: - metadata: - annotations: - checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 - checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 - checksum/scripts: d8e7bccfb1b74138543285406c65b9316cacb0f2da164a6baa00faed05079b7f - checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - labels: - app.kubernetes.io/component: replica - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: redis - helm.sh/chart: redis-17.15.6 - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: replica - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - topologyKey: kubernetes.io/hostname - weight: 1 - automountServiceAccountToken: true - containers: - - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-replica.sh - command: - - /bin/bash - env: - - name: BITNAMI_DEBUG - value: "false" - - name: REDIS_REPLICATION_MODE - value: replica - - name: REDIS_MASTER_HOST - value: flyte-sandbox-redis-master-0.flyte-sandbox-redis-headless.flyte.svc.cluster.local - - name: REDIS_MASTER_PORT_NUMBER - value: "6379" - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - - name: REDIS_TLS_ENABLED - value: "no" - - name: REDIS_PORT - value: "6379" - image: docker.io/bitnami/redis:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - sh - - -c - - /health/ping_liveness_local_and_master.sh 5 - failureThreshold: 5 - initialDelaySeconds: 20 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 6 - name: redis - ports: - - containerPort: 6379 - name: redis - readinessProbe: - exec: - command: - - sh - - -c - - /health/ping_readiness_local_and_master.sh 1 - failureThreshold: 5 - initialDelaySeconds: 20 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 2 - resources: - limits: {} - requests: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 0 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - startupProbe: - failureThreshold: 22 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: redis - timeoutSeconds: 5 - volumeMounts: - - mountPath: /opt/bitnami/scripts/start-scripts - name: start-scripts - - mountPath: /health - name: health - - mountPath: /data - name: redis-data - - mountPath: /opt/bitnami/redis/mounted-etc - name: config - - mountPath: /opt/bitnami/redis/etc - name: redis-tmp-conf - securityContext: - fsGroup: 1001 - serviceAccountName: flyte-sandbox-redis - terminationGracePeriodSeconds: 30 - volumes: - - configMap: - defaultMode: 493 - name: flyte-sandbox-redis-scripts - name: start-scripts - - configMap: - defaultMode: 493 - name: flyte-sandbox-redis-health - name: health - - configMap: - name: flyte-sandbox-redis-configuration - name: config - - emptyDir: {} - name: redis-tmp-conf - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - labels: - app.kubernetes.io/component: replica - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: redis - name: redis-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi