From a6c81caf388d7f3c3be223ac9a0ce4effd71ca87 Mon Sep 17 00:00:00 2001 From: Ryan Lo Date: Sat, 24 Feb 2024 16:04:47 +0800 Subject: [PATCH] make helm Signed-off-by: Ryan Lo --- charts/flyte-core/README.md | 6 +- .../flyte_aws_scheduler_helm_generated.yaml | 214 +++++++++--------- .../flyte_helm_controlplane_generated.yaml | 214 +++++++++--------- .../eks/flyte_helm_dataplane_generated.yaml | 214 +++++++++--------- deployment/eks/flyte_helm_generated.yaml | 214 +++++++++--------- .../flyte_helm_controlplane_generated.yaml | 186 ++++++++------- .../gcp/flyte_helm_dataplane_generated.yaml | 186 ++++++++------- deployment/gcp/flyte_helm_generated.yaml | 186 ++++++++------- deployment/sandbox/flyte_helm_generated.yaml | 6 +- 9 files changed, 695 insertions(+), 731 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 460151fcbb2..063efdc041d 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -73,17 +73,17 @@ helm install gateway bitnami/contour -n flyte | cluster_resource_manager.service_account_name | string | `"flyteadmin"` | Service account name to run with | | cluster_resource_manager.templates | list | `[{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"},{"key":"ab_project_resource_quota","value":"apiVersion: v1\nkind: ResourceQuota\nmetadata:\n name: project-quota\n namespace: {{ namespace }}\nspec:\n hard:\n limits.cpu: {{ projectQuotaCpu }}\n limits.memory: {{ projectQuotaMemory }}\n"}]` | Resource templates that should be applied | | cluster_resource_manager.templates[0] | object | `{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"}` | Template for namespaces resources | -| common | object | `{"databaseSecret":{"name":"","secretManifest":{}},"flyteNamespaceTemplate":{"enabled":false},"ingress":{"albSSLRedirect":false,"annotations":{"nginx.ingress.kubernetes.io/app-root":"/console"},"enabled":true,"ingressClassName":null,"separateGrpcIngress":false,"separateGrpcIngressAnnotations":{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"},"tls":{"enabled":false},"webpackHMR":false}}` | ---------------------------------------------- COMMON SETTINGS | +| common | object | `{"databaseSecret":{"name":"","secretManifest":{}},"flyteNamespaceTemplate":{"enabled":false},"ingress":{"albSSLRedirect":false,"annotations":{"nginx.ingress.kubernetes.io/app-root":"/console"},"enabled":true,"host":"","ingressClassName":"","separateGrpcIngress":false,"separateGrpcIngressAnnotations":{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"},"tls":{"enabled":false},"webpackHMR":false}}` | ---------------------------------------------- COMMON SETTINGS | | common.databaseSecret.name | string | `""` | Specify name of K8s Secret which contains Database password. Leave it empty if you don't need this Secret | | common.databaseSecret.secretManifest | object | `{}` | Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See https://github.com/godaddy/kubernetes-external-secrets | | common.flyteNamespaceTemplate.enabled | bool | `false` | - Enable or disable creating Flyte namespace in template. Enable when using helm as template-engine only. Disable when using `helm install ...`. | | common.ingress.albSSLRedirect | bool | `false` | - albSSLRedirect adds a special route for ssl redirect. Only useful in combination with the AWS LoadBalancer Controller. | | common.ingress.annotations | object | `{"nginx.ingress.kubernetes.io/app-root":"/console"}` | - Ingress annotations applied to both HTTP and GRPC ingresses. | | common.ingress.enabled | bool | `true` | - Enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. | -| common.ingress.ingressClassName | string | `nil` | - Sets the ingressClassName | +| common.ingress.host | string | `""` | - Ingress hostname | +| common.ingress.ingressClassName | string | `""` | - Sets the ingressClassName | | common.ingress.separateGrpcIngress | bool | `false` | - separateGrpcIngress puts GRPC routes into a separate ingress if true. Required for certain ingress controllers like nginx. | | common.ingress.separateGrpcIngressAnnotations | object | `{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"}` | - Extra Ingress annotations applied only to the GRPC ingress. Only makes sense if `separateGrpcIngress` is enabled. | -| common.ingress.tls | object | `{"enabled":false}` | - Ingress hostname host: | | common.ingress.webpackHMR | bool | `false` | - Enable or disable HMR route to flyteconsole. This is useful only for frontend development. | | configmap.admin | object | `{"admin":{"clientId":"{{ .Values.secrets.adminOauthClientCredentials.clientId }}","clientSecretLocation":"/etc/secrets/client_secret","endpoint":"flyteadmin:81","insecure":true},"event":{"capacity":1000,"rate":500,"type":"admin"}}` | Admin Client configuration [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/subworkflow/launchplan#AdminConfig) | | configmap.adminServer | object | `{"auth":{"appAuth":{"thirdPartyConfig":{"flyteClient":{"clientId":"flytectl","redirectUri":"http://localhost:53593/callback","scopes":["offline","all"]}}},"authorizedUris":["https://localhost:30081","http://flyteadmin:80","http://flyteadmin.flyte.svc.cluster.local:80"],"userAuth":{"openId":{"baseUrl":"https://accounts.google.com","clientId":"657465813211-6eog7ek7li5k7i7fvgv2921075063hpe.apps.googleusercontent.com","scopes":["profile","openid"]}}},"flyteadmin":{"eventVersion":2,"metadataStoragePrefix":["metadata","admin"],"metricsScope":"flyte:","profilerPort":10254,"roleNameKey":"iam.amazonaws.com/role","testing":{"host":"http://flyteadmin"}},"server":{"grpcPort":8089,"httpPort":8088,"security":{"allowCors":true,"allowedHeaders":["Content-Type","flyte-authorization"],"allowedOrigins":["*"],"secure":false,"useAuth":false}}}` | FlyteAdmin server configuration | diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index 324828a9663..660c06a131a 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -1426,16 +1426,18 @@ spec: secret: secretName: flyte-pod-webhook --- -# Source: flyte-core/templates/common/ingress.yaml +# Source: flyte-core/templates/common/ingress-separateGrpc.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: flyte-core + name: flyte-core-grpc namespace: flyte - annotations: + annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/certificate-arn: '' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + alb.ingress.kubernetes.io/certificate-arn: '{{ .Values.userSettings.certificateArn + }}' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing @@ -1443,272 +1445,266 @@ metadata: alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: - ingressClassName: + ingressClassName: "" rules: - - http: + - host: "" + http: paths: - - path: /* + - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: - name: ssl-redirect + name: flyteadmin port: - name: use-annotation - # This is useful only for frontend development - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console + number: 81 + - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /console/* + number: 81 + - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /api + number: 81 + - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /api/* + number: 81 + - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /healthcheck + number: 81 + - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /v1/* + number: 81 + - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known + number: 81 + - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known/* + number: 81 + - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login + number: 81 + - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login/* + number: 81 + - path: /grpc.health.v1.Health pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout + number: 81 + - path: /grpc.health.v1.Health/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout/* + number: 81 + # - backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + # path: /* + # pathType: ImplementationSpecific +--- +# Source: flyte-core/templates/common/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flyte-core + namespace: flyte + annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": + { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/certificate-arn: '{{ .Values.userSettings.certificateArn + }}' + alb.ingress.kubernetes.io/group.name: flyte + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/tags: service_instance=production + alb.ingress.kubernetes.io/target-type: ip + kubernetes.io/ingress.class: alb + nginx.ingress.kubernetes.io/app-root: /console +spec: + ingressClassName: "" + rules: + - http: + paths: + - path: /* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: ssl-redirect port: - number: 80 - - path: /callback + name: use-annotation + # This is useful only for frontend development + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /callback/* + - path: /console/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /me + - path: /api pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config + - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config/* + - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2 + - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2/* + - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - host: null -# Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only -# enabled on the ingress object, not on backend services (GRPC annotation is set on the ingress, not on the services). ---- -# Source: flyte-core/templates/common/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flyte-core-grpc - namespace: flyte - annotations: - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": - { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/backend-protocol-version: GRPC - alb.ingress.kubernetes.io/certificate-arn: '' - alb.ingress.kubernetes.io/group.name: flyte - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/tags: service_instance=production - alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb - nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/backend-protocol: GRPC -spec: - ingressClassName: - rules: - - host: null - http: - paths: - # - # - backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - # path: /* - # pathType: ImplementationSpecific - # - - # NOTE: Port 81 in flyteadmin is the GRPC server port for FlyteAdmin. - - path: /flyteidl.service.SignalService + - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.SignalService/* + number: 80 + - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService + number: 80 + - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService/* + number: 80 + - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService + number: 80 + - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService/* + number: 80 + - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService + number: 80 + - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService/* + number: 80 + - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService + number: 80 + - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService/* + number: 80 + - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health + number: 80 + - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health/* + number: 80 + - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + number: 80 + host: "" diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index 166446ce796..d53263af267 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -1052,16 +1052,18 @@ spec: secret: secretName: flyte-secret-auth --- -# Source: flyte-core/templates/common/ingress.yaml +# Source: flyte-core/templates/common/ingress-separateGrpc.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: flyte-core + name: flyte-core-grpc namespace: flyte - annotations: + annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/certificate-arn: '' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + alb.ingress.kubernetes.io/certificate-arn: '{{ .Values.userSettings.certificateArn + }}' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing @@ -1069,272 +1071,266 @@ metadata: alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: - ingressClassName: + ingressClassName: "" rules: - - http: + - host: "" + http: paths: - - path: /* + - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: - name: ssl-redirect + name: flyteadmin port: - name: use-annotation - # This is useful only for frontend development - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console + number: 81 + - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /console/* + number: 81 + - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /api + number: 81 + - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /api/* + number: 81 + - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /healthcheck + number: 81 + - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /v1/* + number: 81 + - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known + number: 81 + - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known/* + number: 81 + - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login + number: 81 + - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login/* + number: 81 + - path: /grpc.health.v1.Health pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout + number: 81 + - path: /grpc.health.v1.Health/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout/* + number: 81 + # - backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + # path: /* + # pathType: ImplementationSpecific +--- +# Source: flyte-core/templates/common/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flyte-core + namespace: flyte + annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": + { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/certificate-arn: '{{ .Values.userSettings.certificateArn + }}' + alb.ingress.kubernetes.io/group.name: flyte + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/tags: service_instance=production + alb.ingress.kubernetes.io/target-type: ip + kubernetes.io/ingress.class: alb + nginx.ingress.kubernetes.io/app-root: /console +spec: + ingressClassName: "" + rules: + - http: + paths: + - path: /* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: ssl-redirect port: - number: 80 - - path: /callback + name: use-annotation + # This is useful only for frontend development + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /callback/* + - path: /console/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /me + - path: /api pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config + - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config/* + - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2 + - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2/* + - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - host: null -# Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only -# enabled on the ingress object, not on backend services (GRPC annotation is set on the ingress, not on the services). ---- -# Source: flyte-core/templates/common/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flyte-core-grpc - namespace: flyte - annotations: - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": - { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/backend-protocol-version: GRPC - alb.ingress.kubernetes.io/certificate-arn: '' - alb.ingress.kubernetes.io/group.name: flyte - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/tags: service_instance=production - alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb - nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/backend-protocol: GRPC -spec: - ingressClassName: - rules: - - host: null - http: - paths: - # - # - backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - # path: /* - # pathType: ImplementationSpecific - # - - # NOTE: Port 81 in flyteadmin is the GRPC server port for FlyteAdmin. - - path: /flyteidl.service.SignalService + - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.SignalService/* + number: 80 + - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService + number: 80 + - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService/* + number: 80 + - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService + number: 80 + - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService/* + number: 80 + - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService + number: 80 + - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService/* + number: 80 + - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService + number: 80 + - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService/* + number: 80 + - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health + number: 80 + - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health/* + number: 80 + - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + number: 80 + host: "" diff --git a/deployment/eks/flyte_helm_dataplane_generated.yaml b/deployment/eks/flyte_helm_dataplane_generated.yaml index b6dd553ba44..4546e587d49 100644 --- a/deployment/eks/flyte_helm_dataplane_generated.yaml +++ b/deployment/eks/flyte_helm_dataplane_generated.yaml @@ -586,16 +586,18 @@ spec: secret: secretName: flyte-pod-webhook --- -# Source: flyte-core/templates/common/ingress.yaml +# Source: flyte-core/templates/common/ingress-separateGrpc.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: flyte-core + name: flyte-core-grpc namespace: flyte - annotations: + annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/certificate-arn: '' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + alb.ingress.kubernetes.io/certificate-arn: '{{ .Values.userSettings.certificateArn + }}' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing @@ -603,272 +605,266 @@ metadata: alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: - ingressClassName: + ingressClassName: "" rules: - - http: + - host: "" + http: paths: - - path: /* + - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: - name: ssl-redirect + name: flyteadmin port: - name: use-annotation - # This is useful only for frontend development - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console + number: 81 + - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /console/* + number: 81 + - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /api + number: 81 + - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /api/* + number: 81 + - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /healthcheck + number: 81 + - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /v1/* + number: 81 + - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known + number: 81 + - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known/* + number: 81 + - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login + number: 81 + - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login/* + number: 81 + - path: /grpc.health.v1.Health pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout + number: 81 + - path: /grpc.health.v1.Health/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout/* + number: 81 + # - backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + # path: /* + # pathType: ImplementationSpecific +--- +# Source: flyte-core/templates/common/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flyte-core + namespace: flyte + annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": + { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/certificate-arn: '{{ .Values.userSettings.certificateArn + }}' + alb.ingress.kubernetes.io/group.name: flyte + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/tags: service_instance=production + alb.ingress.kubernetes.io/target-type: ip + kubernetes.io/ingress.class: alb + nginx.ingress.kubernetes.io/app-root: /console +spec: + ingressClassName: "" + rules: + - http: + paths: + - path: /* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: ssl-redirect port: - number: 80 - - path: /callback + name: use-annotation + # This is useful only for frontend development + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /callback/* + - path: /console/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /me + - path: /api pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config + - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config/* + - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2 + - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2/* + - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - host: null -# Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only -# enabled on the ingress object, not on backend services (GRPC annotation is set on the ingress, not on the services). ---- -# Source: flyte-core/templates/common/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flyte-core-grpc - namespace: flyte - annotations: - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": - { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/backend-protocol-version: GRPC - alb.ingress.kubernetes.io/certificate-arn: '' - alb.ingress.kubernetes.io/group.name: flyte - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/tags: service_instance=production - alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb - nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/backend-protocol: GRPC -spec: - ingressClassName: - rules: - - host: null - http: - paths: - # - # - backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - # path: /* - # pathType: ImplementationSpecific - # - - # NOTE: Port 81 in flyteadmin is the GRPC server port for FlyteAdmin. - - path: /flyteidl.service.SignalService + - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.SignalService/* + number: 80 + - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService + number: 80 + - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService/* + number: 80 + - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService + number: 80 + - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService/* + number: 80 + - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService + number: 80 + - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService/* + number: 80 + - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService + number: 80 + - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService/* + number: 80 + - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health + number: 80 + - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health/* + number: 80 + - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + number: 80 + host: "" diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index 94743f22aa9..dddc78fd14d 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -1556,16 +1556,18 @@ spec: secret: secretName: flyte-pod-webhook --- -# Source: flyte-core/templates/common/ingress.yaml +# Source: flyte-core/templates/common/ingress-separateGrpc.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: flyte-core + name: flyte-core-grpc namespace: flyte - annotations: + annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/certificate-arn: '' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + alb.ingress.kubernetes.io/certificate-arn: '{{ .Values.userSettings.certificateArn + }}' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing @@ -1573,272 +1575,266 @@ metadata: alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: - ingressClassName: + ingressClassName: "" rules: - - http: + - host: "" + http: paths: - - path: /* + - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: - name: ssl-redirect + name: flyteadmin port: - name: use-annotation - # This is useful only for frontend development - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console + number: 81 + - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /console/* + number: 81 + - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /api + number: 81 + - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /api/* + number: 81 + - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /healthcheck + number: 81 + - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /v1/* + number: 81 + - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known + number: 81 + - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known/* + number: 81 + - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login + number: 81 + - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login/* + number: 81 + - path: /grpc.health.v1.Health pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout + number: 81 + - path: /grpc.health.v1.Health/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout/* + number: 81 + # - backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + # path: /* + # pathType: ImplementationSpecific +--- +# Source: flyte-core/templates/common/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flyte-core + namespace: flyte + annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": + { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/certificate-arn: '{{ .Values.userSettings.certificateArn + }}' + alb.ingress.kubernetes.io/group.name: flyte + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/tags: service_instance=production + alb.ingress.kubernetes.io/target-type: ip + kubernetes.io/ingress.class: alb + nginx.ingress.kubernetes.io/app-root: /console +spec: + ingressClassName: "" + rules: + - http: + paths: + - path: /* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: ssl-redirect port: - number: 80 - - path: /callback + name: use-annotation + # This is useful only for frontend development + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /callback/* + - path: /console/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /me + - path: /api pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config + - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config/* + - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2 + - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2/* + - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - host: null -# Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only -# enabled on the ingress object, not on backend services (GRPC annotation is set on the ingress, not on the services). ---- -# Source: flyte-core/templates/common/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flyte-core-grpc - namespace: flyte - annotations: - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": - { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/backend-protocol-version: GRPC - alb.ingress.kubernetes.io/certificate-arn: '' - alb.ingress.kubernetes.io/group.name: flyte - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/tags: service_instance=production - alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb - nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/backend-protocol: GRPC -spec: - ingressClassName: - rules: - - host: null - http: - paths: - # - # - backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - # path: /* - # pathType: ImplementationSpecific - # - - # NOTE: Port 81 in flyteadmin is the GRPC server port for FlyteAdmin. - - path: /flyteidl.service.SignalService + - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.SignalService/* + number: 80 + - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService + number: 80 + - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService/* + number: 80 + - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService + number: 80 + - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService/* + number: 80 + - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService + number: 80 + - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService/* + number: 80 + - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService + number: 80 + - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService/* + number: 80 + - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health + number: 80 + - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health/* + number: 80 + - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + number: 80 + host: "" diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 38dfe201ddb..3d0b24c3af0 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -1067,271 +1067,265 @@ spec: secret: secretName: flyte-secret-auth --- -# Source: flyte-core/templates/common/ingress.yaml +# Source: flyte-core/templates/common/ingress-separateGrpc.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: flyte-core + name: flyte-core-grpc namespace: flyte - annotations: + annotations: cert-manager.io/issuer: letsencrypt-production kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/backend-protocol: GRPC nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: - ingressClassName: + ingressClassName: "" rules: - - http: + - host: '' + http: paths: - # This is useful only for frontend development - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console + - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /console/* + number: 81 + - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /api + number: 81 + - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /api/* + number: 81 + - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /healthcheck + number: 81 + - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /v1/* + number: 81 + - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known + number: 81 + - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known/* + number: 81 + - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login + number: 81 + - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login/* + number: 81 + - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout + number: 81 + - path: /grpc.health.v1.Health pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout/* + number: 81 + - path: /grpc.health.v1.Health/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /callback + number: 81 + tls: + - secretName: flyte-flyte-tls + hosts: + - '' +--- +# Source: flyte-core/templates/common/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flyte-core + namespace: flyte + annotations: + cert-manager.io/issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/ssl-redirect: "true" +spec: + ingressClassName: "" + rules: + - http: + paths: + # This is useful only for frontend development + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /callback/* + - path: /console/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /me + - path: /api pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config + - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config/* + - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2 + - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2/* + - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - host: '' - tls: - - secretName: flyte-flyte-tls - hosts: - - '' - -# Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only -# enabled on the ingress object, not on backend services (GRPC annotation is set on the ingress, not on the services). ---- -# Source: flyte-core/templates/common/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flyte-core-grpc - namespace: flyte - annotations: - cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/backend-protocol: GRPC - nginx.ingress.kubernetes.io/ssl-redirect: "true" -spec: - ingressClassName: - rules: - - host: '' - http: - paths: - # - - # NOTE: Port 81 in flyteadmin is the GRPC server port for FlyteAdmin. - - path: /flyteidl.service.SignalService + - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.SignalService/* + number: 80 + - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService + number: 80 + - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService/* + number: 80 + - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService + number: 80 + - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService/* + number: 80 + - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService + number: 80 + - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService/* + number: 80 + - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService + number: 80 + - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService/* + number: 80 + - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health + number: 80 + - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health/* + number: 80 + - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + number: 80 + host: '' tls: - secretName: flyte-flyte-tls hosts: diff --git a/deployment/gcp/flyte_helm_dataplane_generated.yaml b/deployment/gcp/flyte_helm_dataplane_generated.yaml index 4ba186eb481..29800902036 100644 --- a/deployment/gcp/flyte_helm_dataplane_generated.yaml +++ b/deployment/gcp/flyte_helm_dataplane_generated.yaml @@ -593,271 +593,265 @@ spec: secret: secretName: flyte-pod-webhook --- -# Source: flyte-core/templates/common/ingress.yaml +# Source: flyte-core/templates/common/ingress-separateGrpc.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: flyte-core + name: flyte-core-grpc namespace: flyte - annotations: + annotations: cert-manager.io/issuer: letsencrypt-production kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/backend-protocol: GRPC nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: - ingressClassName: + ingressClassName: "" rules: - - http: + - host: '' + http: paths: - # This is useful only for frontend development - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console + - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /console/* + number: 81 + - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /api + number: 81 + - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /api/* + number: 81 + - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /healthcheck + number: 81 + - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /v1/* + number: 81 + - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known + number: 81 + - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known/* + number: 81 + - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login + number: 81 + - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login/* + number: 81 + - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout + number: 81 + - path: /grpc.health.v1.Health pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout/* + number: 81 + - path: /grpc.health.v1.Health/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /callback + number: 81 + tls: + - secretName: flyte-flyte-tls + hosts: + - '' +--- +# Source: flyte-core/templates/common/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flyte-core + namespace: flyte + annotations: + cert-manager.io/issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/ssl-redirect: "true" +spec: + ingressClassName: "" + rules: + - http: + paths: + # This is useful only for frontend development + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /callback/* + - path: /console/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /me + - path: /api pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config + - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config/* + - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2 + - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2/* + - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - host: '' - tls: - - secretName: flyte-flyte-tls - hosts: - - '' - -# Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only -# enabled on the ingress object, not on backend services (GRPC annotation is set on the ingress, not on the services). ---- -# Source: flyte-core/templates/common/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flyte-core-grpc - namespace: flyte - annotations: - cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/backend-protocol: GRPC - nginx.ingress.kubernetes.io/ssl-redirect: "true" -spec: - ingressClassName: - rules: - - host: '' - http: - paths: - # - - # NOTE: Port 81 in flyteadmin is the GRPC server port for FlyteAdmin. - - path: /flyteidl.service.SignalService + - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.SignalService/* + number: 80 + - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService + number: 80 + - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService/* + number: 80 + - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService + number: 80 + - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService/* + number: 80 + - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService + number: 80 + - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService/* + number: 80 + - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService + number: 80 + - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService/* + number: 80 + - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health + number: 80 + - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health/* + number: 80 + - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + number: 80 + host: '' tls: - secretName: flyte-flyte-tls hosts: diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index 659babf8389..c331127a2f5 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -1578,271 +1578,265 @@ spec: secret: secretName: flyte-pod-webhook --- -# Source: flyte-core/templates/common/ingress.yaml +# Source: flyte-core/templates/common/ingress-separateGrpc.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: flyte-core + name: flyte-core-grpc namespace: flyte - annotations: + annotations: cert-manager.io/issuer: letsencrypt-production kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/backend-protocol: GRPC nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: - ingressClassName: + ingressClassName: "" rules: - - http: + - host: '' + http: paths: - # This is useful only for frontend development - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console + - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /console/* + number: 81 + - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: - name: flyteconsole + name: flyteadmin port: - number: 80 - - path: /api + number: 81 + - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /api/* + number: 81 + - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /healthcheck + number: 81 + - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /v1/* + number: 81 + - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known + number: 81 + - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /.well-known/* + number: 81 + - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login + number: 81 + - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /login/* + number: 81 + - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout + number: 81 + - path: /grpc.health.v1.Health pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /logout/* + number: 81 + - path: /grpc.health.v1.Health/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 - - path: /callback + number: 81 + tls: + - secretName: flyte-flyte-tls + hosts: + - '' +--- +# Source: flyte-core/templates/common/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flyte-core + namespace: flyte + annotations: + cert-manager.io/issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/app-root: /console + nginx.ingress.kubernetes.io/ssl-redirect: "true" +spec: + ingressClassName: "" + rules: + - http: + paths: + # This is useful only for frontend development + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /callback/* + - path: /console/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteconsole port: number: 80 - - path: /me + - path: /api pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config + - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /config/* + - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2 + - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - - path: /oauth2/* + - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: number: 80 - host: '' - tls: - - secretName: flyte-flyte-tls - hosts: - - '' - -# Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only -# enabled on the ingress object, not on backend services (GRPC annotation is set on the ingress, not on the services). ---- -# Source: flyte-core/templates/common/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flyte-core-grpc - namespace: flyte - annotations: - cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/backend-protocol: GRPC - nginx.ingress.kubernetes.io/ssl-redirect: "true" -spec: - ingressClassName: - rules: - - host: '' - http: - paths: - # - - # NOTE: Port 81 in flyteadmin is the GRPC server port for FlyteAdmin. - - path: /flyteidl.service.SignalService + - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.SignalService/* + number: 80 + - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService + number: 80 + - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AdminService/* + number: 80 + - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService + number: 80 + - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.DataProxyService/* + number: 80 + - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService + number: 80 + - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.AuthMetadataService/* + number: 80 + - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService + number: 80 + - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /flyteidl.service.IdentityService/* + number: 80 + - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health + number: 80 + - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 - - path: /grpc.health.v1.Health/* + number: 80 + - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + number: 80 + host: '' tls: - secretName: flyte-flyte-tls hosts: diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index 7417c9bdf27..6d6c83cc7f0 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -7596,10 +7596,10 @@ kind: Ingress metadata: name: flyte namespace: flyte - annotations: + annotations: nginx.ingress.kubernetes.io/app-root: /console spec: - ingressClassName: + ingressClassName: "" rules: - http: paths: @@ -7761,8 +7761,6 @@ spec: name: flyteadmin port: number: 80 - - # NOTE: Port 81 in flyteadmin is the GRPC server port for FlyteAdmin. - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: