diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 6aed892810a..45e2c8b916f 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -191,7 +191,7 @@ helm install gateway bitnami/contour -n flyte | flyteadmin.resources | object | `{"limits":{"cpu":"250m","ephemeral-storage":"100Mi","memory":"500Mi"},"requests":{"cpu":"10m","ephemeral-storage":"50Mi","memory":"50Mi"}}` | Default resources requests and limits for Flyteadmin deployment | | flyteadmin.secrets | object | `{}` | | | flyteadmin.securityContext | object | `{"fsGroup":65534,"fsGroupChangePolicy":"Always","runAsNonRoot":true,"runAsUser":1001,"seLinuxOptions":{"type":"spc_t"}}` | Sets securityContext for flyteadmin pod(s). | -| flyteadmin.service | object | `{"additionalPorts":[],"annotations":{"projectcontour.io/upstream-protocol.h2c":"grpc"},"loadBalancerSourceRanges":[],"type":"ClusterIP"}` | Service settings for Flyteadmin | +| flyteadmin.service | object | `{"additionalPorts":[],"annotations":{"projectcontour.io/upstream-protocol.h2c":"grpc"},"appProtocols":{"enabled":false},"loadBalancerSourceRanges":[],"type":"ClusterIP"}` | Service settings for Flyteadmin | | flyteadmin.service.additionalPorts | list | `[]` | Appends additional ports to the service spec. | | flyteadmin.serviceAccount | object | `{"alwaysCreate":false,"annotations":{},"clusterRole":{"apiGroups":["","flyte.lyft.com","rbac.authorization.k8s.io"],"resources":["configmaps","flyteworkflows","namespaces","pods","resourcequotas","roles","rolebindings","secrets","services","serviceaccounts","spark-role","limitranges"],"verbs":["*"]},"create":true,"createClusterRole":true,"imagePullSecrets":[]}` | Configuration for service accounts for FlyteAdmin | | flyteadmin.serviceAccount.alwaysCreate | bool | `false` | Should a service account always be created for flyteadmin even without an actual flyteadmin deployment running (e.g. for multi-cluster setups) | @@ -234,7 +234,7 @@ helm install gateway bitnami/contour -n flyte | flyteconsole.replicaCount | int | `1` | Replicas count for Flyteconsole deployment | | flyteconsole.resources | object | `{"limits":{"cpu":"500m","memory":"250Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Default resources requests and limits for Flyteconsole deployment | | flyteconsole.securityContext | object | `{"fsGroupChangePolicy":"OnRootMismatch","runAsNonRoot":true,"runAsUser":1000,"seLinuxOptions":{"type":"spc_t"}}` | Sets securityContext for flyteconsole pod(s). | -| flyteconsole.service | object | `{"annotations":{},"type":"ClusterIP"}` | Service settings for Flyteconsole | +| flyteconsole.service | object | `{"annotations":{},"appProtocols":{"enabled":false},"type":"ClusterIP"}` | Service settings for Flyteconsole | | flyteconsole.serviceMonitor | object | `{"enabled":false,"interval":"60s","labels":{},"scrapeTimeout":"30s"}` | Settings for flyteconsole service monitor | | flyteconsole.serviceMonitor.enabled | bool | `false` | If enabled create the flyteconsole service monitor | | flyteconsole.serviceMonitor.interval | string | `"60s"` | Sets the interval at which metrics will be scraped by prometheus | diff --git a/charts/flyte-core/templates/admin/service.yaml b/charts/flyte-core/templates/admin/service.yaml index 9974fcdc4dc..26e85c97f2c 100644 --- a/charts/flyte-core/templates/admin/service.yaml +++ b/charts/flyte-core/templates/admin/service.yaml @@ -20,22 +20,30 @@ spec: - name: http port: 80 protocol: TCP + {{- if .Values.flyteadmin.service.appProtocols.enabled }} appProtocol: TCP + {{- end }} targetPort: 8088 - name: grpc port: 81 protocol: TCP # intentionally set to TCP instead of grpc + {{- if .Values.flyteadmin.service.appProtocols.enabled }} appProtocol: TCP + {{- end }} targetPort: 8089 - name: redoc protocol: TCP + {{- if .Values.flyteadmin.service.appProtocols.enabled }} appProtocol: TCP + {{- end }} port: 87 targetPort: 8087 - name: http-metrics protocol: TCP + {{- if .Values.flyteadmin.service.appProtocols.enabled }} appProtocol: TCP + {{- end }} port: 10254 {{- with .Values.flyteadmin.service.additionalPorts -}} {{ tpl (toYaml .) $ | nindent 4 }} diff --git a/charts/flyte-core/templates/console/service.yaml b/charts/flyte-core/templates/console/service.yaml index 7760cb6fcc8..756fa0c7c97 100644 --- a/charts/flyte-core/templates/console/service.yaml +++ b/charts/flyte-core/templates/console/service.yaml @@ -16,7 +16,9 @@ spec: - name: http port: 80 protocol: TCP + {{- if .Values.flyteconsole.service.appProtocols.enabled }} appProtocol: TCP + {{- end }} targetPort: 8080 {{- if .Values.flyteconsole.serviceMonitor.enabled }} - name: http-metrics diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 9faaed731ac..31b16b72d9d 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -50,6 +50,8 @@ flyteadmin: - flyteexamples # -- Service settings for Flyteadmin service: + appProtocols: + enabled: false annotations: projectcontour.io/upstream-protocol.h2c: grpc type: ClusterIP @@ -407,6 +409,8 @@ flyteconsole: memory: 50Mi # -- Service settings for Flyteconsole service: + appProtocols: + enabled: false annotations: {} type: ClusterIP # -- Annotations for Flyteconsole pods diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index d7cb3500d6a..71a33286812 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -751,22 +751,18 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8088 - name: grpc port: 81 protocol: TCP # intentionally set to TCP instead of grpc - appProtocol: TCP targetPort: 8089 - name: redoc protocol: TCP - appProtocol: TCP port: 87 targetPort: 8087 - name: http-metrics protocol: TCP - appProtocol: TCP port: 10254 selector: app.kubernetes.io/name: flyteadmin @@ -789,7 +785,6 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: flyteconsole diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index 60ca7d1720a..ad96bd5c73a 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -474,22 +474,18 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8088 - name: grpc port: 81 protocol: TCP # intentionally set to TCP instead of grpc - appProtocol: TCP targetPort: 8089 - name: redoc protocol: TCP - appProtocol: TCP port: 87 targetPort: 8087 - name: http-metrics protocol: TCP - appProtocol: TCP port: 10254 selector: app.kubernetes.io/name: flyteadmin @@ -512,7 +508,6 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: flyteconsole diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index 5e0ae72ec25..b568f084b3a 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -782,22 +782,18 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8088 - name: grpc port: 81 protocol: TCP # intentionally set to TCP instead of grpc - appProtocol: TCP targetPort: 8089 - name: redoc protocol: TCP - appProtocol: TCP port: 87 targetPort: 8087 - name: http-metrics protocol: TCP - appProtocol: TCP port: 10254 selector: app.kubernetes.io/name: flyteadmin @@ -820,7 +816,6 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: flyteconsole diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 29367a5b375..56714541d99 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -488,22 +488,18 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8088 - name: grpc port: 81 protocol: TCP # intentionally set to TCP instead of grpc - appProtocol: TCP targetPort: 8089 - name: redoc protocol: TCP - appProtocol: TCP port: 87 targetPort: 8087 - name: http-metrics protocol: TCP - appProtocol: TCP port: 10254 selector: app.kubernetes.io/name: flyteadmin @@ -526,7 +522,6 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: flyteconsole diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index ce1f64c1df7..249392fab45 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -804,22 +804,18 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8088 - name: grpc port: 81 protocol: TCP # intentionally set to TCP instead of grpc - appProtocol: TCP targetPort: 8089 - name: redoc protocol: TCP - appProtocol: TCP port: 87 targetPort: 8087 - name: http-metrics protocol: TCP - appProtocol: TCP port: 10254 selector: app.kubernetes.io/name: flyteadmin @@ -842,7 +838,6 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: flyteconsole diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index 22b48553527..792496d0c92 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -6145,22 +6145,18 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8088 - name: grpc port: 81 protocol: TCP # intentionally set to TCP instead of grpc - appProtocol: TCP targetPort: 8089 - name: redoc protocol: TCP - appProtocol: TCP port: 87 targetPort: 8087 - name: http-metrics protocol: TCP - appProtocol: TCP port: 10254 selector: app.kubernetes.io/name: flyteadmin @@ -6183,7 +6179,6 @@ spec: - name: http port: 80 protocol: TCP - appProtocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: flyteconsole diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml deleted file mode 100644 index f0c418ad959..00000000000 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ /dev/null @@ -1,1952 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flyte ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox - namespace: flyte ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -secrets: -- name: flyte-sandbox-minio ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyteagent - helm.sh/chart: flyteagent-v0.1.10 - name: flyteagent - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -rules: -- apiGroups: - - "" - resourceNames: - - kubernetes-dashboard-key-holder - - kubernetes-dashboard-certs - - kubernetes-dashboard-csrf - resources: - - secrets - verbs: - - get - - update - - delete -- apiGroups: - - "" - resourceNames: - - kubernetes-dashboard-settings - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resourceNames: - - heapster - - dashboard-metrics-scraper - resources: - - services - verbs: - - proxy -- apiGroups: - - "" - resourceNames: - - heapster - - 'http:heapster:' - - 'https:heapster:' - - dashboard-metrics-scraper - - http:dashboard-metrics-scraper - resources: - - services/proxy - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-role - namespace: flyte -rules: -- apiGroups: - - "" - resources: - - namespaces - - resourcequotas - - secrets - - serviceaccounts - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - patch - - update -- apiGroups: - - "" - resources: - - podtemplates - verbs: - - get - - list - - watch -- apiGroups: - - flyte.lyft.com - resources: - - flyteworkflows - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - post - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - get - - list -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-readonly -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - replicationcontrollers/scale - - serviceaccounts - - services - - nodes - - persistentvolumeclaims - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/scale - - ingresses - - networkpolicies - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: flyte-sandbox-kubernetes-dashboard -subjects: -- kind: ServiceAccount - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-role-binding - namespace: flyte -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flyte-sandbox-cluster-role -subjects: -- kind: ServiceAccount - name: flyte-sandbox - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-readonly -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flyte-sandbox-kubernetes-dashboard-readonly -subjects: -- kind: ServiceAccount - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: v1 -data: - namespace.yaml: | - apiVersion: v1 - kind: Namespace - metadata: - name: '{{ namespace }}' -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-resource-templates - namespace: flyte ---- -apiVersion: v1 -data: - 000-core.yaml: | - admin: - endpoint: localhost:8089 - insecure: true - catalog-cache: - endpoint: localhost:8081 - insecure: true - type: datacatalog - cluster_resources: - standaloneDeployment: false - templatePath: /etc/flyte/cluster-resource-templates - logger: - show-source: true - level: 5 - propeller: - create-flyteworkflow-crd: true - webhook: - certDir: /var/run/flyte/certs - localCert: true - secretName: flyte-sandbox-webhook-secret - serviceName: flyte-sandbox-webhook - servicePort: 443 - flyte: - admin: - disableClusterResourceManager: false - disableScheduler: false - disabled: false - seedProjects: - - flytesnacks - seedProjectsWithDetails: - - description: Default project setup. - name: flytesnacks - dataCatalog: - disabled: false - propeller: - disableWebhook: false - disabled: false - 001-plugins.yaml: | - tasks: - task-plugins: - default-for-task-types: - container: container - container_array: k8s-array - sidecar: sidecar - enabled-plugins: - - container - - sidecar - - k8s-array - - agent-service - - echo - plugins: - logs: - kubernetes-enabled: true - kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} - cloudwatch-enabled: false - stackdriver-enabled: false - k8s: - co-pilot: - image: "cr.flyte.org/flyteorg/flytecopilot:v1.13.2" - k8s-array: - logs: - config: - kubernetes-enabled: true - kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} - cloudwatch-enabled: false - stackdriver-enabled: false - agent-service: - defaultAgent: - defaultTimeout: 10s - endpoint: dns:///flyteagent.flyte.svc.cluster.local:8000 - insecure: true - timeouts: - GetTask: 10s - 002-database.yaml: | - database: - postgres: - username: postgres - host: flyte-sandbox-postgresql - port: 5432 - dbname: flyte - options: "sslmode=disable" - 003-storage.yaml: | - propeller: - rawoutput-prefix: s3://my-s3-bucket/data - storage: - type: stow - stow: - kind: s3 - config: - region: us-east-1 - disable_ssl: true - v2_signing: true - endpoint: http://flyte-sandbox-minio.flyte:9000 - auth_type: accesskey - container: my-s3-bucket - 100-inline-config.yaml: | - plugins: - k8s: - default-env-vars: - - FLYTE_AWS_ENDPOINT: http://flyte-sandbox-minio.flyte:9000 - - FLYTE_AWS_ACCESS_KEY_ID: minio - - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage - storage: - signedURL: - stowConfigOverride: - endpoint: http://localhost:30002 - task_resources: - defaults: - cpu: 500m - ephemeralStorage: 0 - gpu: 0 - memory: 1Gi - limits: - cpu: 0 - ephemeralStorage: 0 - gpu: 0 - memory: 0 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-config - namespace: flyte ---- -apiVersion: v1 -data: - config.yml: |- - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - http: - addr: :5000 - debug: - addr: :5001 - prometheus: - enabled: false - path: /metrics - headers: - X-Content-Type-Options: - - nosniff - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - version: 0.1 -kind: ConfigMap -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry-config - namespace: flyte ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: flyte-sandbox-extra-cluster-resource-templates - namespace: flyte ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: flyte-sandbox-extra-config - namespace: flyte ---- -apiVersion: v1 -data: - envoy.yaml: | - admin: - access_log_path: /dev/stdout - static_resources: - listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 8000 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - upgrade_configs: - - upgrade_type: websocket - route_config: - name: local_route - virtual_hosts: - - name: backend - domains: - - "*" - routes: - - match: - path: "/" - redirect: - path_redirect: "/console/" - - match: - prefix: "/.well-known" - route: - cluster: flyte - - match: - prefix: "/__webpack_hmr" - route: - cluster: flyte - - match: - prefix: "/api" - route: - cluster: flyte - - match: - prefix: "/callback" - route: - cluster: flyte - - match: - prefix: "/config" - route: - cluster: flyte - - match: - prefix: "/console" - route: - cluster: flyte - - match: - prefix: "/healthcheck" - route: - cluster: flyte - - match: - prefix: "/login" - route: - cluster: flyte - - match: - prefix: "/logout" - route: - cluster: flyte - - match: - prefix: "/me" - route: - cluster: flyte - - match: - prefix: "/oauth2" - route: - cluster: flyte - - match: - prefix: "/v1" - route: - cluster: flyte - - match: - prefix: "/flyteidl.service.AdminService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.AuthMetadataService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.DataProxyService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.IdentityService" - route: - cluster: flyte_grpc - - match: - prefix: "/grpc.health.v1.Health" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.SignalService" - route: - cluster: flyte_grpc - - match: - path: "/kubernetes-dashboard" - redirect: - path_redirect: "/kubernetes-dashboard/" - - match: - prefix: "/kubernetes-dashboard/" - route: - cluster: kubernetes-dashboard - prefix_rewrite: / - - match: - path: "/minio" - redirect: - path_redirect: "/minio/" - - match: - prefix: "/minio/" - route: - cluster: minio - prefix_rewrite: / - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - clusters: - - name: flyte - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: flyte - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-http - port_value: 8088 - - name: flyte_grpc - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: flyte_grpc - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-grpc - port_value: 8089 - - name: kubernetes-dashboard - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: kubernetes-dashboard - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-kubernetes-dashboard - port_value: 80 - - name: minio - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: minio - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-minio - port_value: 9001 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy-config - namespace: flyte ---- -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-settings - namespace: flyte ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-config-secret - namespace: flyte -stringData: - 012-database-secrets.yaml: | - database: - postgres: - password: "postgres" - 013-storage-secrets.yaml: | - storage: - stow: - config: - access_key_id: "minio" - secret_key: "miniostorage" -type: Opaque ---- -apiVersion: v1 -data: - haSharedSecret: c2Z6ZUdxTjJ1bEc1QlVaeQ== - proxyPassword: "" - proxyUsername: "" -kind: Secret -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry-secret - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-certs - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - root-password: bWluaW9zdG9yYWdl - root-user: bWluaW8= -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - postgres-password: cG9zdGdyZXM= -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - username: User -kind: Secret -metadata: - name: flyteagent - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-csrf - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-key-holder - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry - namespace: flyte -spec: - ports: - - name: http-5000 - nodePort: 30000 - port: 5000 - protocol: TCP - targetPort: 5000 - selector: - app: docker-registry - release: flyte-sandbox - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-grpc - namespace: flyte -spec: - ports: - - name: grpc - nodePort: null - port: 8089 - targetPort: grpc - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-http - namespace: flyte -spec: - ports: - - name: http - nodePort: null - port: 8088 - targetPort: http - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - kubernetes.io/cluster-service: "true" - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -spec: - ports: - - name: http - port: 80 - targetPort: http - selector: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: kubernetes-dashboard - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -spec: - externalTrafficPolicy: Cluster - ports: - - name: minio-api - nodePort: 30002 - port: 9000 - targetPort: minio-api - - name: minio-console - port: 9001 - targetPort: minio-console - selector: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -spec: - externalTrafficPolicy: Cluster - ports: - - name: tcp-postgresql - nodePort: 30001 - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - sessionAffinity: None - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - name: flyte-sandbox-postgresql-hl - namespace: flyte -spec: - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - publishNotReadyAddresses: true - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy - namespace: flyte -spec: - ports: - - name: http - nodePort: 30080 - port: 8000 - protocol: TCP - selector: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-webhook - namespace: flyte -spec: - ports: - - name: webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - projectcontour.io/upstream-protocol.h2c: grpc - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyteagent - helm.sh/chart: flyteagent-v0.1.10 - name: flyteagent - namespace: flyte -spec: - ports: - - appProtocol: TCP - name: agent-grpc - port: 8000 - protocol: TCP - targetPort: agent-grpc - selector: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyteagent - type: ClusterIP ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-db-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/db - storageClassName: manual ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-minio-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/minio - storageClassName: manual ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-db-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-sandbox-db-storage ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-minio-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-sandbox-minio-storage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - strategy: - type: Recreate - template: - metadata: - annotations: - checksum/cluster-resource-templates: 6fd9b172465e3089fcc59f738b92b8dc4d8939360c19de8ee65f68b0e7422035 - checksum/configuration: a823eaadac5f3a4358c8acf628ebeb3719f88312af520d2c253de2579dff262d - checksum/configuration-secret: 09216ffaa3d29e14f88b1f30af580d02a2a5e014de4d750b7f275cc07ed4e914 - labels: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - args: - - start - - --config - - /etc/flyte/config.d/*.yaml - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: flyte-binary:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: /healthcheck - port: http - initialDelaySeconds: 30 - name: flyte - ports: - - containerPort: 8088 - name: http - - containerPort: 8089 - name: grpc - - containerPort: 9443 - name: webhook - readinessProbe: - httpGet: - path: /healthcheck - port: http - initialDelaySeconds: 30 - volumeMounts: - - mountPath: /etc/flyte/cluster-resource-templates - name: cluster-resource-templates - - mountPath: /etc/flyte/config.d - name: config - - mountPath: /var/run/flyte - name: state - initContainers: - - args: - - | - until pg_isready \ - -h flyte-sandbox-postgresql \ - -p 5432 \ - -U postgres - do - echo waiting for database - sleep 0.1 - done - command: - - sh - - -ec - image: bitnami/postgresql:sandbox - imagePullPolicy: Never - name: wait-for-db - serviceAccountName: flyte-sandbox - volumes: - - name: cluster-resource-templates - projected: - sources: - - configMap: - name: flyte-sandbox-cluster-resource-templates - - configMap: - name: flyte-sandbox-extra-cluster-resource-templates - - name: config - projected: - sources: - - configMap: - name: flyte-sandbox-config - - secret: - name: flyte-sandbox-config-secret - - configMap: - name: flyte-sandbox-extra-config - - emptyDir: {} - name: state ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-buildkit - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: buildkit - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - template: - metadata: - labels: - app.kubernetes.io/component: buildkit - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - args: - - --addr - - unix:///run/buildkit/buildkitd.sock - - --addr - - tcp://0.0.0.0:30003 - image: moby/buildkit:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - name: buildkit - ports: - - containerPort: 30003 - name: tcp - protocol: TCP - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: - privileged: true - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry - namespace: flyte -spec: - minReadySeconds: 5 - replicas: 1 - selector: - matchLabels: - app: docker-registry - release: flyte-sandbox - template: - metadata: - annotations: - checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: ad072a5177dfbeacda100d536f1c7d611808b1c7f79dc6d02d9dbf24b8294e3b - labels: - app: docker-registry - release: flyte-sandbox - spec: - containers: - - command: - - /bin/registry - - serve - - /etc/docker/registry/config.yml - env: - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - key: haSharedSecret - name: flyte-sandbox-docker-registry-secret - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: /var/lib/registry - image: registry:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: / - port: 5000 - name: docker-registry - ports: - - containerPort: 5000 - readinessProbe: - httpGet: - path: / - port: 5000 - resources: {} - volumeMounts: - - mountPath: /etc/docker/registry - name: flyte-sandbox-docker-registry-config - - mountPath: /var/lib/registry/ - name: data - securityContext: - fsGroup: 1000 - runAsUser: 1000 - volumes: - - configMap: - name: flyte-sandbox-docker-registry-config - name: flyte-sandbox-docker-registry-config - - emptyDir: {} - name: data ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: kubernetes-dashboard - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: null - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - spec: - containers: - - args: - - --namespace=flyte - - --metrics-provider=none - - --enable-insecure-login - - --enable-skip-login - image: kubernetesui/dashboard:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: / - port: 9090 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 30 - name: kubernetes-dashboard - ports: - - containerPort: 9090 - name: http - protocol: TCP - resources: - limits: - cpu: 2 - memory: 200Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 2001 - runAsUser: 1001 - volumeMounts: - - mountPath: /certs - name: kubernetes-dashboard-certs - - mountPath: /tmp - name: tmp-volume - securityContext: - seccompProfile: - type: RuntimeDefault - serviceAccountName: flyte-sandbox-kubernetes-dashboard - volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: flyte-sandbox-kubernetes-dashboard-certs - - emptyDir: {} - name: tmp-volume ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -spec: - selector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - strategy: - type: Recreate - template: - metadata: - annotations: - checksum/credentials-secret: ecce809e3af19025d134846a9a81e163dd41df7e26abf2c6657895d9d13607a9 - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: MINIO_SCHEME - value: http - - name: MINIO_FORCE_NEW_KEYS - value: "no" - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - key: root-user - name: flyte-sandbox-minio - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: root-password - name: flyte-sandbox-minio - - name: MINIO_DEFAULT_BUCKETS - value: my-s3-bucket - - name: MINIO_BROWSER - value: "on" - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: public - - name: MINIO_CONSOLE_PORT_NUMBER - value: "9001" - - name: MINIO_BROWSER_REDIRECT_URL - value: http://localhost:30080/minio - envFrom: null - image: docker.io/bitnami/minio:sandbox - imagePullPolicy: Never - livenessProbe: - failureThreshold: 5 - httpGet: - path: /minio/health/live - port: minio-api - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - name: minio - ports: - - containerPort: 9000 - name: minio-api - protocol: TCP - - containerPort: 9001 - name: minio-console - protocol: TCP - readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - tcpSocket: - port: minio-api - timeoutSeconds: 1 - resources: - limits: {} - requests: {} - securityContext: - runAsNonRoot: true - runAsUser: 1001 - volumeMounts: - - mountPath: /data - name: data - initContainers: - - command: - - /bin/bash - - -ec - - | - chown -R 1001:1001 /data - image: docker.io/bitnami/os-shell:sandbox - imagePullPolicy: Never - name: volume-permissions - resources: - limits: {} - requests: {} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 1001 - serviceAccountName: flyte-sandbox-minio - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-sandbox-minio-storage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - template: - metadata: - labels: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - image: envoyproxy/envoy:sandbox - imagePullPolicy: Never - livenessProbe: - initialDelaySeconds: 30 - tcpSocket: - port: http - name: proxy - ports: - - containerPort: 8000 - name: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - mountPath: /etc/envoy - name: config - volumes: - - configMap: - name: flyte-sandbox-proxy-config - name: config ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyteagent - helm.sh/chart: flyteagent-v0.1.10 - name: flyteagent - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyteagent - template: - metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyteagent - helm.sh/chart: flyteagent-v0.1.10 - spec: - containers: - - command: - - pyflyte - - serve - - agent - env: - - name: FLYTE_AWS_ENDPOINT - value: http://flyte-sandbox-minio.flyte:9000 - - name: FLYTE_AWS_ACCESS_KEY_ID - value: minio - - name: FLYTE_AWS_SECRET_ACCESS_KEY - value: miniostorage - image: cr.flyte.org/flyteorg/flyteagent:1.13.6 - imagePullPolicy: IfNotPresent - name: flyteagent - ports: - - containerPort: 8000 - name: agent-grpc - readinessProbe: - grpc: - port: 8000 - initialDelaySeconds: 1 - periodSeconds: 3 - resources: - limits: - cpu: 500m - ephemeral-storage: 200Mi - memory: 300Mi - requests: - cpu: 500m - ephemeral-storage: 200Mi - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /etc/secrets - name: flyteagent - securityContext: {} - serviceAccountName: flyteagent - volumes: - - name: flyteagent - secret: - secretName: flyteagent ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - serviceName: flyte-sandbox-postgresql-hl - template: - metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: flyte-sandbox-postgresql - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - - name: POSTGRESQL_ENABLE_TLS - value: "no" - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnami/postgresql:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 0 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - hostIPC: false - hostNetwork: false - initContainers: - - command: - - /bin/sh - - -ec - - | - chown 1001:1001 /bitnami/postgresql - mkdir -p /bitnami/postgresql/data - chmod 700 /bitnami/postgresql/data - find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \ - xargs -r chown -R 1001:1001 - image: docker.io/bitnami/os-shell:sandbox - imagePullPolicy: Never - name: init-chmod-data - resources: - limits: {} - requests: {} - securityContext: - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - securityContext: - fsGroup: 1001 - serviceAccountName: default - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-sandbox-db-storage - updateStrategy: - rollingUpdate: {} - type: RollingUpdate diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml deleted file mode 100644 index c9464636af0..00000000000 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ /dev/null @@ -1,1833 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flyte ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox - namespace: flyte ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -secrets: -- name: flyte-sandbox-minio ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -rules: -- apiGroups: - - "" - resourceNames: - - kubernetes-dashboard-key-holder - - kubernetes-dashboard-certs - - kubernetes-dashboard-csrf - resources: - - secrets - verbs: - - get - - update - - delete -- apiGroups: - - "" - resourceNames: - - kubernetes-dashboard-settings - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resourceNames: - - heapster - - dashboard-metrics-scraper - resources: - - services - verbs: - - proxy -- apiGroups: - - "" - resourceNames: - - heapster - - 'http:heapster:' - - 'https:heapster:' - - dashboard-metrics-scraper - - http:dashboard-metrics-scraper - resources: - - services/proxy - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-role - namespace: flyte -rules: -- apiGroups: - - "" - resources: - - namespaces - - resourcequotas - - secrets - - serviceaccounts - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - patch - - update -- apiGroups: - - "" - resources: - - podtemplates - verbs: - - get - - list - - watch -- apiGroups: - - flyte.lyft.com - resources: - - flyteworkflows - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - post - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - get - - list -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-readonly -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - replicationcontrollers/scale - - serviceaccounts - - services - - nodes - - persistentvolumeclaims - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/scale - - ingresses - - networkpolicies - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: flyte-sandbox-kubernetes-dashboard -subjects: -- kind: ServiceAccount - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-role-binding - namespace: flyte -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flyte-sandbox-cluster-role -subjects: -- kind: ServiceAccount - name: flyte-sandbox - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-readonly -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flyte-sandbox-kubernetes-dashboard-readonly -subjects: -- kind: ServiceAccount - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: v1 -data: - namespace.yaml: | - apiVersion: v1 - kind: Namespace - metadata: - name: '{{ namespace }}' -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-cluster-resource-templates - namespace: flyte ---- -apiVersion: v1 -data: - 000-core.yaml: | - admin: - endpoint: localhost:8089 - insecure: true - catalog-cache: - endpoint: localhost:8081 - insecure: true - type: datacatalog - cluster_resources: - standaloneDeployment: false - templatePath: /etc/flyte/cluster-resource-templates - logger: - show-source: true - level: 5 - propeller: - create-flyteworkflow-crd: true - webhook: - certDir: /var/run/flyte/certs - localCert: true - secretName: flyte-sandbox-webhook-secret - serviceName: flyte-sandbox-webhook - servicePort: 443 - flyte: - admin: - disableClusterResourceManager: false - disableScheduler: false - disabled: false - seedProjects: - - flytesnacks - seedProjectsWithDetails: - - description: Default project setup. - name: flytesnacks - dataCatalog: - disabled: false - propeller: - disableWebhook: false - disabled: false - 001-plugins.yaml: | - tasks: - task-plugins: - default-for-task-types: - container: container - container_array: k8s-array - sidecar: sidecar - enabled-plugins: - - container - - sidecar - - k8s-array - - agent-service - - echo - plugins: - logs: - kubernetes-enabled: true - kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} - cloudwatch-enabled: false - stackdriver-enabled: false - k8s: - co-pilot: - image: "cr.flyte.org/flyteorg/flytecopilot:v1.13.2" - k8s-array: - logs: - config: - kubernetes-enabled: true - kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }} - cloudwatch-enabled: false - stackdriver-enabled: false - 002-database.yaml: | - database: - postgres: - username: postgres - host: flyte-sandbox-postgresql - port: 5432 - dbname: flyte - options: "sslmode=disable" - 003-storage.yaml: | - propeller: - rawoutput-prefix: s3://my-s3-bucket/data - storage: - type: stow - stow: - kind: s3 - config: - region: us-east-1 - disable_ssl: true - v2_signing: true - endpoint: http://flyte-sandbox-minio.flyte:9000 - auth_type: accesskey - container: my-s3-bucket - 100-inline-config.yaml: | - plugins: - k8s: - default-env-vars: - - FLYTE_AWS_ENDPOINT: http://flyte-sandbox-minio.flyte:9000 - - FLYTE_AWS_ACCESS_KEY_ID: minio - - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage - storage: - signedURL: - stowConfigOverride: - endpoint: http://localhost:30002 - task_resources: - defaults: - cpu: 500m - ephemeralStorage: 0 - gpu: 0 - memory: 1Gi - limits: - cpu: 0 - ephemeralStorage: 0 - gpu: 0 - memory: 0 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-config - namespace: flyte ---- -apiVersion: v1 -data: - config.yml: |- - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - http: - addr: :5000 - debug: - addr: :5001 - prometheus: - enabled: false - path: /metrics - headers: - X-Content-Type-Options: - - nosniff - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - version: 0.1 -kind: ConfigMap -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry-config - namespace: flyte ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: flyte-sandbox-extra-cluster-resource-templates - namespace: flyte ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: flyte-sandbox-extra-config - namespace: flyte ---- -apiVersion: v1 -data: - envoy.yaml: | - admin: - access_log_path: /dev/stdout - static_resources: - listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 8000 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - upgrade_configs: - - upgrade_type: websocket - route_config: - name: local_route - virtual_hosts: - - name: backend - domains: - - "*" - routes: - - match: - path: "/" - redirect: - path_redirect: "/console/" - - match: - prefix: "/.well-known" - route: - cluster: flyte - - match: - prefix: "/__webpack_hmr" - route: - cluster: flyte - - match: - prefix: "/api" - route: - cluster: flyte - - match: - prefix: "/callback" - route: - cluster: flyte - - match: - prefix: "/config" - route: - cluster: flyte - - match: - prefix: "/console" - route: - cluster: flyte - - match: - prefix: "/healthcheck" - route: - cluster: flyte - - match: - prefix: "/login" - route: - cluster: flyte - - match: - prefix: "/logout" - route: - cluster: flyte - - match: - prefix: "/me" - route: - cluster: flyte - - match: - prefix: "/oauth2" - route: - cluster: flyte - - match: - prefix: "/v1" - route: - cluster: flyte - - match: - prefix: "/flyteidl.service.AdminService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.AuthMetadataService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.DataProxyService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.IdentityService" - route: - cluster: flyte_grpc - - match: - prefix: "/grpc.health.v1.Health" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.SignalService" - route: - cluster: flyte_grpc - - match: - path: "/kubernetes-dashboard" - redirect: - path_redirect: "/kubernetes-dashboard/" - - match: - prefix: "/kubernetes-dashboard/" - route: - cluster: kubernetes-dashboard - prefix_rewrite: / - - match: - path: "/minio" - redirect: - path_redirect: "/minio/" - - match: - prefix: "/minio/" - route: - cluster: minio - prefix_rewrite: / - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - clusters: - - name: flyte - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: flyte - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-http - port_value: 8088 - - name: flyte_grpc - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: flyte_grpc - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-grpc - port_value: 8089 - - name: kubernetes-dashboard - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: kubernetes-dashboard - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-kubernetes-dashboard - port_value: 80 - - name: minio - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: minio - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-minio - port_value: 9001 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy-config - namespace: flyte ---- -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-settings - namespace: flyte ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-config-secret - namespace: flyte -stringData: - 012-database-secrets.yaml: | - database: - postgres: - password: "postgres" - 013-storage-secrets.yaml: | - storage: - stow: - config: - access_key_id: "minio" - secret_key: "miniostorage" -type: Opaque ---- -apiVersion: v1 -data: - haSharedSecret: TUpUek9Ib3BpWTlEbFRvSw== - proxyPassword: "" - proxyUsername: "" -kind: Secret -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry-secret - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-certs - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - root-password: bWluaW9zdG9yYWdl - root-user: bWluaW8= -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - postgres-password: cG9zdGdyZXM= -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-csrf - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-key-holder - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry - namespace: flyte -spec: - ports: - - name: http-5000 - nodePort: 30000 - port: 5000 - protocol: TCP - targetPort: 5000 - selector: - app: docker-registry - release: flyte-sandbox - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-grpc - namespace: flyte -spec: - ports: - - name: grpc - nodePort: null - port: 8089 - targetPort: grpc - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-http - namespace: flyte -spec: - ports: - - name: http - nodePort: null - port: 8088 - targetPort: http - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - kubernetes.io/cluster-service: "true" - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -spec: - ports: - - name: http - port: 80 - targetPort: http - selector: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: kubernetes-dashboard - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -spec: - externalTrafficPolicy: Cluster - ports: - - name: minio-api - nodePort: 30002 - port: 9000 - targetPort: minio-api - - name: minio-console - port: 9001 - targetPort: minio-console - selector: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -spec: - externalTrafficPolicy: Cluster - ports: - - name: tcp-postgresql - nodePort: 30001 - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - sessionAffinity: None - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - name: flyte-sandbox-postgresql-hl - namespace: flyte -spec: - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - publishNotReadyAddresses: true - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy - namespace: flyte -spec: - ports: - - name: http - nodePort: 30080 - port: 8000 - protocol: TCP - selector: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox-webhook - namespace: flyte -spec: - ports: - - name: webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: ClusterIP ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-db-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/db - storageClassName: manual ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-minio-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/minio - storageClassName: manual ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-db-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-sandbox-db-storage ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-minio-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-sandbox-minio-storage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: flyte-binary-v0.1.10 - name: flyte-sandbox - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - strategy: - type: Recreate - template: - metadata: - annotations: - checksum/cluster-resource-templates: 6fd9b172465e3089fcc59f738b92b8dc4d8939360c19de8ee65f68b0e7422035 - checksum/configuration: c2649df6bcb523f120c73b0fdeec5d9516f555eab12e4eae78b04dea2cf2abae - checksum/configuration-secret: 09216ffaa3d29e14f88b1f30af580d02a2a5e014de4d750b7f275cc07ed4e914 - labels: - app.kubernetes.io/component: flyte-binary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - args: - - start - - --config - - /etc/flyte/config.d/*.yaml - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: flyte-binary:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: /healthcheck - port: http - initialDelaySeconds: 30 - name: flyte - ports: - - containerPort: 8088 - name: http - - containerPort: 8089 - name: grpc - - containerPort: 9443 - name: webhook - readinessProbe: - httpGet: - path: /healthcheck - port: http - initialDelaySeconds: 30 - volumeMounts: - - mountPath: /etc/flyte/cluster-resource-templates - name: cluster-resource-templates - - mountPath: /etc/flyte/config.d - name: config - - mountPath: /var/run/flyte - name: state - initContainers: - - args: - - | - until pg_isready \ - -h flyte-sandbox-postgresql \ - -p 5432 \ - -U postgres - do - echo waiting for database - sleep 0.1 - done - command: - - sh - - -ec - image: bitnami/postgresql:sandbox - imagePullPolicy: Never - name: wait-for-db - serviceAccountName: flyte-sandbox - volumes: - - name: cluster-resource-templates - projected: - sources: - - configMap: - name: flyte-sandbox-cluster-resource-templates - - configMap: - name: flyte-sandbox-extra-cluster-resource-templates - - name: config - projected: - sources: - - configMap: - name: flyte-sandbox-config - - secret: - name: flyte-sandbox-config-secret - - configMap: - name: flyte-sandbox-extra-config - - emptyDir: {} - name: state ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-buildkit - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: buildkit - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - template: - metadata: - labels: - app.kubernetes.io/component: buildkit - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - args: - - --addr - - unix:///run/buildkit/buildkitd.sock - - --addr - - tcp://0.0.0.0:30003 - image: moby/buildkit:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - name: buildkit - ports: - - containerPort: 30003 - name: tcp - protocol: TCP - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: - privileged: true - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry - namespace: flyte -spec: - minReadySeconds: 5 - replicas: 1 - selector: - matchLabels: - app: docker-registry - release: flyte-sandbox - template: - metadata: - annotations: - checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 09204971564694f6090d55069cf0853843456945f781aa7842f33021d09f4f25 - labels: - app: docker-registry - release: flyte-sandbox - spec: - containers: - - command: - - /bin/registry - - serve - - /etc/docker/registry/config.yml - env: - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - key: haSharedSecret - name: flyte-sandbox-docker-registry-secret - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: /var/lib/registry - image: registry:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: / - port: 5000 - name: docker-registry - ports: - - containerPort: 5000 - readinessProbe: - httpGet: - path: / - port: 5000 - resources: {} - volumeMounts: - - mountPath: /etc/docker/registry - name: flyte-sandbox-docker-registry-config - - mountPath: /var/lib/registry/ - name: data - securityContext: - fsGroup: 1000 - runAsUser: 1000 - volumes: - - configMap: - name: flyte-sandbox-docker-registry-config - name: flyte-sandbox-docker-registry-config - - emptyDir: {} - name: data ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: kubernetes-dashboard - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: null - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - spec: - containers: - - args: - - --namespace=flyte - - --metrics-provider=none - - --enable-insecure-login - - --enable-skip-login - image: kubernetesui/dashboard:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: / - port: 9090 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 30 - name: kubernetes-dashboard - ports: - - containerPort: 9090 - name: http - protocol: TCP - resources: - limits: - cpu: 2 - memory: 200Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 2001 - runAsUser: 1001 - volumeMounts: - - mountPath: /certs - name: kubernetes-dashboard-certs - - mountPath: /tmp - name: tmp-volume - securityContext: - seccompProfile: - type: RuntimeDefault - serviceAccountName: flyte-sandbox-kubernetes-dashboard - volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: flyte-sandbox-kubernetes-dashboard-certs - - emptyDir: {} - name: tmp-volume ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -spec: - selector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - strategy: - type: Recreate - template: - metadata: - annotations: - checksum/credentials-secret: ecce809e3af19025d134846a9a81e163dd41df7e26abf2c6657895d9d13607a9 - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: MINIO_SCHEME - value: http - - name: MINIO_FORCE_NEW_KEYS - value: "no" - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - key: root-user - name: flyte-sandbox-minio - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: root-password - name: flyte-sandbox-minio - - name: MINIO_DEFAULT_BUCKETS - value: my-s3-bucket - - name: MINIO_BROWSER - value: "on" - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: public - - name: MINIO_CONSOLE_PORT_NUMBER - value: "9001" - - name: MINIO_BROWSER_REDIRECT_URL - value: http://localhost:30080/minio - envFrom: null - image: docker.io/bitnami/minio:sandbox - imagePullPolicy: Never - livenessProbe: - failureThreshold: 5 - httpGet: - path: /minio/health/live - port: minio-api - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - name: minio - ports: - - containerPort: 9000 - name: minio-api - protocol: TCP - - containerPort: 9001 - name: minio-console - protocol: TCP - readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - tcpSocket: - port: minio-api - timeoutSeconds: 1 - resources: - limits: {} - requests: {} - securityContext: - runAsNonRoot: true - runAsUser: 1001 - volumeMounts: - - mountPath: /data - name: data - initContainers: - - command: - - /bin/bash - - -ec - - | - chown -R 1001:1001 /data - image: docker.io/bitnami/os-shell:sandbox - imagePullPolicy: Never - name: volume-permissions - resources: - limits: {} - requests: {} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 1001 - serviceAccountName: flyte-sandbox-minio - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-sandbox-minio-storage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - template: - metadata: - labels: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - image: envoyproxy/envoy:sandbox - imagePullPolicy: Never - livenessProbe: - initialDelaySeconds: 30 - tcpSocket: - port: http - name: proxy - ports: - - containerPort: 8000 - name: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - mountPath: /etc/envoy - name: config - volumes: - - configMap: - name: flyte-sandbox-proxy-config - name: config ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - serviceName: flyte-sandbox-postgresql-hl - template: - metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: flyte-sandbox-postgresql - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - - name: POSTGRESQL_ENABLE_TLS - value: "no" - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnami/postgresql:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 0 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - hostIPC: false - hostNetwork: false - initContainers: - - command: - - /bin/sh - - -ec - - | - chown 1001:1001 /bitnami/postgresql - mkdir -p /bitnami/postgresql/data - chmod 700 /bitnami/postgresql/data - find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \ - xargs -r chown -R 1001:1001 - image: docker.io/bitnami/os-shell:sandbox - imagePullPolicy: Never - name: init-chmod-data - resources: - limits: {} - requests: {} - securityContext: - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - securityContext: - fsGroup: 1001 - serviceAccountName: default - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-sandbox-db-storage - updateStrategy: - rollingUpdate: {} - type: RollingUpdate diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml deleted file mode 100644 index 05a0924bd13..00000000000 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ /dev/null @@ -1,1402 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flyte ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -secrets: -- name: flyte-sandbox-minio ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -rules: -- apiGroups: - - "" - resourceNames: - - kubernetes-dashboard-key-holder - - kubernetes-dashboard-certs - - kubernetes-dashboard-csrf - resources: - - secrets - verbs: - - get - - update - - delete -- apiGroups: - - "" - resourceNames: - - kubernetes-dashboard-settings - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resourceNames: - - heapster - - dashboard-metrics-scraper - resources: - - services - verbs: - - proxy -- apiGroups: - - "" - resourceNames: - - heapster - - 'http:heapster:' - - 'https:heapster:' - - dashboard-metrics-scraper - - http:dashboard-metrics-scraper - resources: - - services/proxy - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-readonly -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - replicationcontrollers/scale - - serviceaccounts - - services - - nodes - - persistentvolumeclaims - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/scale - - ingresses - - networkpolicies - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: flyte-sandbox-kubernetes-dashboard -subjects: -- kind: ServiceAccount - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-readonly -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flyte-sandbox-kubernetes-dashboard-readonly -subjects: -- kind: ServiceAccount - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte ---- -apiVersion: v1 -data: - config.yml: |- - health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 - http: - addr: :5000 - debug: - addr: :5001 - prometheus: - enabled: false - path: /metrics - headers: - X-Content-Type-Options: - - nosniff - log: - fields: - service: registry - storage: - cache: - blobdescriptor: inmemory - version: 0.1 -kind: ConfigMap -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry-config - namespace: flyte ---- -apiVersion: v1 -data: - envoy.yaml: | - admin: - access_log_path: /dev/stdout - static_resources: - listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 8000 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - upgrade_configs: - - upgrade_type: websocket - route_config: - name: local_route - virtual_hosts: - - name: backend - domains: - - "*" - routes: - - match: - path: "/" - redirect: - path_redirect: "/console/" - - match: - prefix: "/.well-known" - route: - cluster: flyte - - match: - prefix: "/__webpack_hmr" - route: - cluster: flyte - - match: - prefix: "/api" - route: - cluster: flyte - - match: - prefix: "/callback" - route: - cluster: flyte - - match: - prefix: "/config" - route: - cluster: flyte - - match: - prefix: "/console" - route: - cluster: flyte - - match: - prefix: "/healthcheck" - route: - cluster: flyte - - match: - prefix: "/login" - route: - cluster: flyte - - match: - prefix: "/logout" - route: - cluster: flyte - - match: - prefix: "/me" - route: - cluster: flyte - - match: - prefix: "/oauth2" - route: - cluster: flyte - - match: - prefix: "/v1" - route: - cluster: flyte - - match: - prefix: "/flyteidl.service.AdminService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.AuthMetadataService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.DataProxyService" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.IdentityService" - route: - cluster: flyte_grpc - - match: - prefix: "/grpc.health.v1.Health" - route: - cluster: flyte_grpc - - match: - prefix: "/flyteidl.service.SignalService" - route: - cluster: flyte_grpc - - match: - path: "/kubernetes-dashboard" - redirect: - path_redirect: "/kubernetes-dashboard/" - - match: - prefix: "/kubernetes-dashboard/" - route: - cluster: kubernetes-dashboard - prefix_rewrite: / - - match: - path: "/minio" - redirect: - path_redirect: "/minio/" - - match: - prefix: "/minio/" - route: - cluster: minio - prefix_rewrite: / - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - clusters: - - name: flyte - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: flyte - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-local - port_value: 8088 - - name: flyte_grpc - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: flyte_grpc - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-local - port_value: 8089 - - name: kubernetes-dashboard - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: kubernetes-dashboard - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-kubernetes-dashboard - port_value: 80 - - name: minio - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: minio - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: flyte-sandbox-minio - port_value: 9001 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy-config - namespace: flyte ---- -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-settings - namespace: flyte ---- -apiVersion: v1 -data: - haSharedSecret: d2VkcjRnRHkyTmZrOU52cw== - proxyPassword: "" - proxyUsername: "" -kind: Secret -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry-secret - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard-certs - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - root-password: bWluaW9zdG9yYWdl - root-user: bWluaW8= -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -type: Opaque ---- -apiVersion: v1 -data: - postgres-password: cG9zdGdyZXM= -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-csrf - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: kubernetes-dashboard-key-holder - namespace: flyte -type: Opaque ---- -apiVersion: v1 -kind: Endpoints -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-local - namespace: flyte -subsets: -- addresses: - - ip: '%{HOST_GATEWAY_IP}%' - ports: - - name: http - port: 8088 - protocol: TCP - - name: grpc - port: 8089 - protocol: TCP - - name: webhook - port: 9443 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry - namespace: flyte -spec: - ports: - - name: http-5000 - nodePort: 30000 - port: 5000 - protocol: TCP - targetPort: 5000 - selector: - app: docker-registry - release: flyte-sandbox - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - kubernetes.io/cluster-service: "true" - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -spec: - ports: - - name: http - port: 80 - targetPort: http - selector: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: kubernetes-dashboard - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-local - namespace: flyte -spec: - clusterIP: None - ports: - - name: http - port: 8088 - protocol: TCP - - name: grpc - port: 8089 - protocol: TCP - - name: webhook - port: 9443 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -spec: - externalTrafficPolicy: Cluster - ports: - - name: minio-api - nodePort: 30002 - port: 9000 - targetPort: minio-api - - name: minio-console - port: 9001 - targetPort: minio-console - selector: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -spec: - externalTrafficPolicy: Cluster - ports: - - name: tcp-postgresql - nodePort: 30001 - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - sessionAffinity: None - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - name: flyte-sandbox-postgresql-hl - namespace: flyte -spec: - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - publishNotReadyAddresses: true - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy - namespace: flyte -spec: - ports: - - name: http - nodePort: 30080 - port: 8000 - protocol: TCP - selector: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - type: NodePort ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-db-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/db - storageClassName: manual ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-minio-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/minio - storageClassName: manual ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-db-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-sandbox-db-storage ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-minio-storage - namespace: flyte -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-sandbox-minio-storage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-buildkit - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: buildkit - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - template: - metadata: - labels: - app.kubernetes.io/component: buildkit - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - args: - - --addr - - unix:///run/buildkit/buildkitd.sock - - --addr - - tcp://0.0.0.0:30003 - image: moby/buildkit:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - name: buildkit - ports: - - containerPort: 30003 - name: tcp - protocol: TCP - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: - privileged: true - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: docker-registry - chart: docker-registry-2.2.2 - heritage: Helm - release: flyte-sandbox - name: flyte-sandbox-docker-registry - namespace: flyte -spec: - minReadySeconds: 5 - replicas: 1 - selector: - matchLabels: - app: docker-registry - release: flyte-sandbox - template: - metadata: - annotations: - checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 3b1376c2c63f4fff6745ad085844b7a1d7c8ad2cce13cae4e1e9c3ea495cebaa - labels: - app: docker-registry - release: flyte-sandbox - spec: - containers: - - command: - - /bin/registry - - serve - - /etc/docker/registry/config.yml - env: - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - key: haSharedSecret - name: flyte-sandbox-docker-registry-secret - - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY - value: /var/lib/registry - image: registry:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: / - port: 5000 - name: docker-registry - ports: - - containerPort: 5000 - readinessProbe: - httpGet: - path: / - port: 5000 - resources: {} - volumeMounts: - - mountPath: /etc/docker/registry - name: flyte-sandbox-docker-registry-config - - mountPath: /var/lib/registry/ - name: data - securityContext: - fsGroup: 1000 - runAsUser: 1000 - volumes: - - configMap: - name: flyte-sandbox-docker-registry-config - name: flyte-sandbox-docker-registry-config - - emptyDir: {} - name: data ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - name: flyte-sandbox-kubernetes-dashboard - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: kubernetes-dashboard - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: null - labels: - app.kubernetes.io/component: kubernetes-dashboard - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/version: 2.7.0 - helm.sh/chart: kubernetes-dashboard-6.0.0 - spec: - containers: - - args: - - --namespace=flyte - - --metrics-provider=none - - --enable-insecure-login - - --enable-skip-login - image: kubernetesui/dashboard:sandbox - imagePullPolicy: Never - livenessProbe: - httpGet: - path: / - port: 9090 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 30 - name: kubernetes-dashboard - ports: - - containerPort: 9090 - name: http - protocol: TCP - resources: - limits: - cpu: 2 - memory: 200Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 2001 - runAsUser: 1001 - volumeMounts: - - mountPath: /certs - name: kubernetes-dashboard-certs - - mountPath: /tmp - name: tmp-volume - securityContext: - seccompProfile: - type: RuntimeDefault - serviceAccountName: flyte-sandbox-kubernetes-dashboard - volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: flyte-sandbox-kubernetes-dashboard-certs - - emptyDir: {} - name: tmp-volume ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - name: flyte-sandbox-minio - namespace: flyte -spec: - selector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - strategy: - type: Recreate - template: - metadata: - annotations: - checksum/credentials-secret: ecce809e3af19025d134846a9a81e163dd41df7e26abf2c6657895d9d13607a9 - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: minio - helm.sh/chart: minio-12.6.7 - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: minio - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: MINIO_SCHEME - value: http - - name: MINIO_FORCE_NEW_KEYS - value: "no" - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - key: root-user - name: flyte-sandbox-minio - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: root-password - name: flyte-sandbox-minio - - name: MINIO_DEFAULT_BUCKETS - value: my-s3-bucket - - name: MINIO_BROWSER - value: "on" - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: public - - name: MINIO_CONSOLE_PORT_NUMBER - value: "9001" - - name: MINIO_BROWSER_REDIRECT_URL - value: http://localhost:30080/minio - envFrom: null - image: docker.io/bitnami/minio:sandbox - imagePullPolicy: Never - livenessProbe: - failureThreshold: 5 - httpGet: - path: /minio/health/live - port: minio-api - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - name: minio - ports: - - containerPort: 9000 - name: minio-api - protocol: TCP - - containerPort: 9001 - name: minio-console - protocol: TCP - readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - tcpSocket: - port: minio-api - timeoutSeconds: 1 - resources: - limits: {} - requests: {} - securityContext: - runAsNonRoot: true - runAsUser: 1001 - volumeMounts: - - mountPath: /data - name: data - initContainers: - - command: - - /bin/bash - - -ec - - | - chown -R 1001:1001 /data - image: docker.io/bitnami/os-shell:sandbox - imagePullPolicy: Never - name: volume-permissions - resources: - limits: {} - requests: {} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 1001 - serviceAccountName: flyte-sandbox-minio - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-sandbox-minio-storage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-sandbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-sandbox-0.1.0 - name: flyte-sandbox-proxy - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - template: - metadata: - labels: - app.kubernetes.io/component: proxy - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: flyte-sandbox - spec: - containers: - - image: envoyproxy/envoy:sandbox - imagePullPolicy: Never - livenessProbe: - initialDelaySeconds: 30 - tcpSocket: - port: http - name: proxy - ports: - - containerPort: 8000 - name: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - mountPath: /etc/envoy - name: config - volumes: - - configMap: - name: flyte-sandbox-proxy-config - name: config ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - namespace: flyte -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - serviceName: flyte-sandbox-postgresql-hl - template: - metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-12.8.1 - name: flyte-sandbox-postgresql - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: flyte-sandbox - app.kubernetes.io/name: postgresql - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: flyte-sandbox-postgresql - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - - name: POSTGRESQL_ENABLE_TLS - value: "no" - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnami/postgresql:sandbox - imagePullPolicy: Never - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 0 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - hostIPC: false - hostNetwork: false - initContainers: - - command: - - /bin/sh - - -ec - - | - chown 1001:1001 /bitnami/postgresql - mkdir -p /bitnami/postgresql/data - chmod 700 /bitnami/postgresql/data - find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \ - xargs -r chown -R 1001:1001 - image: docker.io/bitnami/os-shell:sandbox - imagePullPolicy: Never - name: init-chmod-data - resources: - limits: {} - requests: {} - securityContext: - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - securityContext: - fsGroup: 1001 - serviceAccountName: default - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-sandbox-db-storage - updateStrategy: - rollingUpdate: {} - type: RollingUpdate