From fdc1097dd618bde9c463c4f2d640f8cf7b65679c Mon Sep 17 00:00:00 2001 From: "yini.gao@schibsted.com" Date: Fri, 15 Mar 2024 13:28:50 +0100 Subject: [PATCH 01/11] add 'create' key for adminOauthClientCredentials Signed-off-by: yini.gao@schibsted.com Signed-off-by: Yini --- charts/flyte-core/templates/common/secret-auth.yaml | 2 +- charts/flyte-core/values.yaml | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/flyte-core/templates/common/secret-auth.yaml b/charts/flyte-core/templates/common/secret-auth.yaml index 50290357d8..3fa7a257b2 100644 --- a/charts/flyte-core/templates/common/secret-auth.yaml +++ b/charts/flyte-core/templates/common/secret-auth.yaml @@ -1,4 +1,4 @@ -{{- if .Values.secrets.adminOauthClientCredentials.enabled }} +{{- if .Values.secrets.adminOauthClientCredentials.create }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index b8d4431e78..534710cc56 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -430,10 +430,13 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. - # If enabled is false, it's up to the user to create `flyte-secret-auth` as described in + # -- If enabled is true, helm will populate `flyte-secret-auth` with `clientSecret`. + # If enabled is false, helm will not populate `flyte-secret-auth`. + # If create is true, helm will create the `flyte-secret-auth`. + # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server enabled: true + create: true clientSecret: foobar clientId: flytepropeller From 9c10c708006d5fcda9430e54c0e86c563ba58357 Mon Sep 17 00:00:00 2001 From: "yini.gao@schibsted.com" Date: Fri, 15 Mar 2024 13:55:09 +0100 Subject: [PATCH 02/11] Update README.md Signed-off-by: yini.gao@schibsted.com Signed-off-by: Yini --- charts/flyte-core/README.md | 3 ++- ...keycloak-idp-flyteclients-without-browser.yaml | 7 +++++-- charts/flyte-core/values.yaml | 4 ++-- docs/deployment/configuration/auth_setup.rst | 15 +++++++++++---- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 33901da7be..89fcee52a5 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -273,7 +273,8 @@ helm install gateway bitnami/contour -n flyte | flytescheduler.tolerations | list | `[]` | tolerations for Flytescheduler deployment | | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | | | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | | -| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. If enabled is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | +| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will mount `flyte-secret-auth`. If enabled is false, helm will not mount `flyte-secret-auth` | + | secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration | diff --git a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml index edfd9478bc..b136149298 100644 --- a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml +++ b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml @@ -298,10 +298,13 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. - # If enabled is false, it's up to the user to create `flyte-secret-auth` as described in + # If enabled is true, helm will mount `flyte-secret-auth`. + # If enabled is false, helm will not mount `flyte-secret-auth`. + # If create is true, helm will create the `flyte-secret-auth`. + # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server enabled: true + create: true clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP clientId: "flytepropeller" #use this client id and secret in the flytectl config with ClientSecret option diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 534710cc56..8fc46ea529 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -430,8 +430,8 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # -- If enabled is true, helm will populate `flyte-secret-auth` with `clientSecret`. - # If enabled is false, helm will not populate `flyte-secret-auth`. + # If enabled is true, helm will mount `flyte-secret-auth`. + # If enabled is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index 2887e830ed..89cb61dba0 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -345,9 +345,13 @@ Apply OIDC Configuration secrets: adminOauthClientCredentials: - # -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. - # If enabled is false, it's up to the user to create `flyte-secret-auth` + # If enabled is true, helm will mount `flyte-secret-auth`. + # If enabled is false, helm will not mount `flyte-secret-auth`. + # If create is true, helm will create the `flyte-secret-auth`. + # If create is false, it's up to the user to create `flyte-secret-auth` as described in + # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server enabled: true + create: true # Use the non-encoded version of the random password clientSecret: "" clientId: flytepropeller @@ -597,7 +601,8 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - enabled: true # see the section "Disable Helm secret management" if you require to do so + enabled: true + create: true # see the section "Disable Helm secret management" if you require to do so # Replace with the client_secret provided by your IdP for flytepropeller. clientSecret: # Replace with the client_id provided by provided by your IdP for flytepropeller. @@ -617,6 +622,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: enabled: true + create: true clientSecret: clientId: --- @@ -673,7 +679,8 @@ Alternatively, you can instruct Helm not to create and manage the secret for ``f secrets: adminOauthClientCredentials: - enabled: false #set to false + enabled: true # mount the flyte-secret-auth secret to the flytepropeller. + create: false # set to false # Replace with the client_id provided by provided by your IdP for flytepropeller. clientId: From 003c8296debe3ae9728edf3c3bfc472467f4659d Mon Sep 17 00:00:00 2001 From: Yini Date: Mon, 18 Mar 2024 11:20:19 +0100 Subject: [PATCH 03/11] update README Signed-off-by: Yini --- charts/flyte-core/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 89fcee52a5..c9a663f016 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -274,7 +274,7 @@ helm install gateway bitnami/contour -n flyte | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | | | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | | | secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will mount `flyte-secret-auth`. If enabled is false, helm will not mount `flyte-secret-auth` | - | secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | +| secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration | From aca862fbd5a828bb27f11292baf65cb464230466 Mon Sep 17 00:00:00 2001 From: Yini Date: Mon, 18 Mar 2024 18:03:46 +0100 Subject: [PATCH 04/11] rename 'enabled' to 'mount' Signed-off-by: Yini --- charts/flyte-core/README.md | 2 +- .../templates/clusterresourcesync/deployment.yaml | 4 ++-- .../templates/flytescheduler/deployment.yaml | 6 +++--- .../flyte-core/templates/propeller/deployment.yaml | 4 ++-- charts/flyte-core/templates/propeller/manager.yaml | 4 ++-- ...es-keycloak-idp-flyteclients-without-browser.yaml | 6 +++--- charts/flyte-core/values.yaml | 6 +++--- docs/deployment/configuration/auth_setup.rst | 12 ++++++------ 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index c9a663f016..26eb6ed2f9 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -273,7 +273,7 @@ helm install gateway bitnami/contour -n flyte | flytescheduler.tolerations | list | `[]` | tolerations for Flytescheduler deployment | | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | | | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | | -| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will mount `flyte-secret-auth`. If enabled is false, helm will not mount `flyte-secret-auth` | +| secrets.adminOauthClientCredentials.mount | bool | `true` | If mount is true, helm will mount `flyte-secret-auth`. If mount is false, helm will not mount `flyte-secret-auth` | | secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | diff --git a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml index a2fb5d04ae..531b89f699 100644 --- a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml +++ b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml @@ -42,7 +42,7 @@ spec: {{- if not .Values.cluster_resource_manager.config.cluster_resources.standaloneDeployment }} {{- include "databaseSecret.volumeMount" . | nindent 10 }} {{- else }} - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -69,7 +69,7 @@ spec: secretName: cluster-credentials {{- end }} {{- if .Values.cluster_resource_manager.config.cluster_resources.standaloneDeployment }} - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/flytescheduler/deployment.yaml b/charts/flyte-core/templates/flytescheduler/deployment.yaml index 14db8c48a7..96feae2841 100755 --- a/charts/flyte-core/templates/flytescheduler/deployment.yaml +++ b/charts/flyte-core/templates/flytescheduler/deployment.yaml @@ -48,7 +48,7 @@ spec: volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} - mountPath: /etc/flyte/config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -78,7 +78,7 @@ spec: volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} - mountPath: /etc/flyte/config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -95,7 +95,7 @@ spec: - configMap: name: flyte-scheduler-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/propeller/deployment.yaml b/charts/flyte-core/templates/propeller/deployment.yaml index 5fd09e5d5d..21ecb05690 100644 --- a/charts/flyte-core/templates/propeller/deployment.yaml +++ b/charts/flyte-core/templates/propeller/deployment.yaml @@ -82,7 +82,7 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/flyte/config - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -100,7 +100,7 @@ spec: - configMap: name: flyte-propeller-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/propeller/manager.yaml b/charts/flyte-core/templates/propeller/manager.yaml index 21eb894ba8..1bbb436e87 100644 --- a/charts/flyte-core/templates/propeller/manager.yaml +++ b/charts/flyte-core/templates/propeller/manager.yaml @@ -43,7 +43,7 @@ template: volumeMounts: - name: config-volume mountPath: /etc/flyte/config - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -55,7 +55,7 @@ template: - configMap: name: flyte-propeller-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.enabled }} + {{- if .Values.secrets.adminOauthClientCredentials.mount }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml index b136149298..2b55bb83f5 100644 --- a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml +++ b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml @@ -298,12 +298,12 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # If enabled is true, helm will mount `flyte-secret-auth`. - # If enabled is false, helm will not mount `flyte-secret-auth`. + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - enabled: true + mount: true create: true clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP clientId: "flytepropeller" #use this client id and secret in the flytectl config with ClientSecret option diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 8fc46ea529..280ef6045a 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -430,12 +430,12 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # If enabled is true, helm will mount `flyte-secret-auth`. - # If enabled is false, helm will not mount `flyte-secret-auth`. + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - enabled: true + mount: true create: true clientSecret: foobar clientId: flytepropeller diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index 89cb61dba0..b9f318fb77 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -345,12 +345,12 @@ Apply OIDC Configuration secrets: adminOauthClientCredentials: - # If enabled is true, helm will mount `flyte-secret-auth`. - # If enabled is false, helm will not mount `flyte-secret-auth`. + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - enabled: true + mount: true create: true # Use the non-encoded version of the random password clientSecret: "" @@ -601,7 +601,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - enabled: true + mount: true create: true # see the section "Disable Helm secret management" if you require to do so # Replace with the client_secret provided by your IdP for flytepropeller. clientSecret: @@ -621,7 +621,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - enabled: true + mount: true create: true clientSecret: clientId: @@ -679,7 +679,7 @@ Alternatively, you can instruct Helm not to create and manage the secret for ``f secrets: adminOauthClientCredentials: - enabled: true # mount the flyte-secret-auth secret to the flytepropeller. + mount: true # mount the flyte-secret-auth secret to the flytepropeller. create: false # set to false # Replace with the client_id provided by provided by your IdP for flytepropeller. clientId: From 759bf3d24dedb730fba98ded2eb64702e3332e31 Mon Sep 17 00:00:00 2001 From: Yini Date: Tue, 19 Mar 2024 13:59:28 +0100 Subject: [PATCH 05/11] switch order of keys Signed-off-by: Yini --- ...es-keycloak-idp-flyteclients-without-browser.yaml | 6 +++--- charts/flyte-core/values.yaml | 6 +++--- docs/deployment/configuration/auth_setup.rst | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml index 2b55bb83f5..68dbeb594d 100644 --- a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml +++ b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml @@ -298,13 +298,13 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # If mount is true, helm will mount `flyte-secret-auth`. - # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - mount: true + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. create: true + mount: true clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP clientId: "flytepropeller" #use this client id and secret in the flytectl config with ClientSecret option diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 280ef6045a..ae59ef1754 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -430,13 +430,13 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # If mount is true, helm will mount `flyte-secret-auth`. - # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - mount: true + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. create: true + mount: true clientSecret: foobar clientId: flytepropeller diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index b9f318fb77..026874650f 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -345,13 +345,13 @@ Apply OIDC Configuration secrets: adminOauthClientCredentials: - # If mount is true, helm will mount `flyte-secret-auth`. - # If mount is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - mount: true + # If mount is true, helm will mount `flyte-secret-auth`. + # If mount is false, helm will not mount `flyte-secret-auth`. create: true + mount: true # Use the non-encoded version of the random password clientSecret: "" clientId: flytepropeller @@ -601,8 +601,8 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - mount: true create: true # see the section "Disable Helm secret management" if you require to do so + mount: true # Replace with the client_secret provided by your IdP for flytepropeller. clientSecret: # Replace with the client_id provided by provided by your IdP for flytepropeller. @@ -621,8 +621,8 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - mount: true create: true + mount: true clientSecret: clientId: --- @@ -679,8 +679,8 @@ Alternatively, you can instruct Helm not to create and manage the secret for ``f secrets: adminOauthClientCredentials: - mount: true # mount the flyte-secret-auth secret to the flytepropeller. create: false # set to false + mount: true # mount the flyte-secret-auth secret to the flytepropeller. # Replace with the client_id provided by provided by your IdP for flytepropeller. clientId: From 6e6048d2e5e223366f1e5fb7f0f7bc8156b367dd Mon Sep 17 00:00:00 2001 From: Yini Date: Tue, 19 Mar 2024 14:05:49 +0100 Subject: [PATCH 06/11] add comment to warn user the unsupported combo Signed-off-by: Yini --- .../values-keycloak-idp-flyteclients-without-browser.yaml | 1 + charts/flyte-core/values.yaml | 1 + docs/deployment/configuration/auth_setup.rst | 1 + 3 files changed, 3 insertions(+) diff --git a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml index 68dbeb594d..505ac17149 100644 --- a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml +++ b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml @@ -303,6 +303,7 @@ secrets: # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server # If mount is true, helm will mount `flyte-secret-auth`. # If mount is false, helm will not mount `flyte-secret-auth`. + # Note: Unsupported combination: create.true and mount.false. create: true mount: true clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index ae59ef1754..c2ae55acf1 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -435,6 +435,7 @@ secrets: # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server # If mount is true, helm will mount `flyte-secret-auth`. # If mount is false, helm will not mount `flyte-secret-auth`. + # Note: Unsupported combination: create.true and mount.false. create: true mount: true clientSecret: foobar diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index 026874650f..46e8a0df36 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -350,6 +350,7 @@ Apply OIDC Configuration # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server # If mount is true, helm will mount `flyte-secret-auth`. # If mount is false, helm will not mount `flyte-secret-auth`. + # Note: Unsupported combination: create.true and mount.false. create: true mount: true # Use the non-encoded version of the random password From a17f82b602debee096a249e9b339f6b1df73052c Mon Sep 17 00:00:00 2001 From: Yini Date: Mon, 25 Mar 2024 11:48:10 +0100 Subject: [PATCH 07/11] run make helm Signed-off-by: Yini --- charts/flyte-core/README.md | 4 ++-- docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 26eb6ed2f9..75334114d8 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -273,8 +273,8 @@ helm install gateway bitnami/contour -n flyte | flytescheduler.tolerations | list | `[]` | tolerations for Flytescheduler deployment | | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | | | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | | -| secrets.adminOauthClientCredentials.mount | bool | `true` | If mount is true, helm will mount `flyte-secret-auth`. If mount is false, helm will not mount `flyte-secret-auth` | -| secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | +| secrets.adminOauthClientCredentials.create | bool | `true` | | +| secrets.adminOauthClientCredentials.mount | bool | `true` | | | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration | diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index 3d40c5a8f8..176ba5593d 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -816,7 +816,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: QWVsREJpZnlIR2N1UXJSMg== + haSharedSecret: MjNzVm1lMnZUMjVTRko0Rg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1412,7 +1412,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 6eadd3a29b61a78cf3a7712f3370a10fc0ec1a61c40753a48c7fa8bea69a6ec6 + checksum/secret: 8f2e8007c0b097bdbf6dd6eb401be15a732de47c1af5dfe27f5a583bc28f607b labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 69739d52d7..853996bfba 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -796,7 +796,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: NmtkWjAwUWhadWlzb0xNcA== + haSharedSecret: VEJlM3hVeGY4THdOcW05Sw== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1360,7 +1360,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 98727a2bd78c4e88ef413663ebff406f78c8fdbda001f7ba7b6b784934cd4d4a + checksum/secret: 7a204b2b8b091adba24f59ce9f38b15d04c72f115ee240c17d7717b005dcea4e labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index fd77ad44e0..3dae1588eb 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: WG01UkdoN2dNTzBMRjJDVA== + haSharedSecret: ZkVuVWdDZ01WODEyR1B3UQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 5400c48803b4ae9d08115e0f52f00245498c0b06d11d318a36590b01f91e2753 + checksum/secret: 1b570a4c7f3c210ff9c35040bc1f1c7505d81802369bf90ada961fd7e262d0dd labels: app: docker-registry release: flyte-sandbox From 6cbf2def9750824cad60f824106f6614c96a7e40 Mon Sep 17 00:00:00 2001 From: Yini Date: Tue, 2 Apr 2024 16:27:30 +0200 Subject: [PATCH 08/11] refactor on removing the create key Signed-off-by: Yini --- charts/flyte-core/README.md | 3 +-- .../clusterresourcesync/deployment.yaml | 4 +-- .../templates/common/secret-auth.yaml | 2 +- .../templates/flytescheduler/deployment.yaml | 6 ++--- .../templates/propeller/deployment.yaml | 4 +-- .../templates/propeller/manager.yaml | 4 +-- ...loak-idp-flyteclients-without-browser.yaml | 13 +++++----- charts/flyte-core/values.yaml | 13 +++++----- .../manifests/complete-agent.yaml | 4 +-- .../sandbox-bundled/manifests/complete.yaml | 4 +-- docker/sandbox-bundled/manifests/dev.yaml | 4 +-- docs/deployment/configuration/auth_setup.rst | 25 ++++++++----------- 12 files changed, 40 insertions(+), 46 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 75334114d8..a22bf5c541 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -273,8 +273,7 @@ helm install gateway bitnami/contour -n flyte | flytescheduler.tolerations | list | `[]` | tolerations for Flytescheduler deployment | | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | | | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | | -| secrets.adminOauthClientCredentials.create | bool | `true` | | -| secrets.adminOauthClientCredentials.mount | bool | `true` | | +| secrets.adminOauthClientCredentials.enabled | bool | `true` | | | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration | diff --git a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml index 531b89f699..a2fb5d04ae 100644 --- a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml +++ b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml @@ -42,7 +42,7 @@ spec: {{- if not .Values.cluster_resource_manager.config.cluster_resources.standaloneDeployment }} {{- include "databaseSecret.volumeMount" . | nindent 10 }} {{- else }} - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -69,7 +69,7 @@ spec: secretName: cluster-credentials {{- end }} {{- if .Values.cluster_resource_manager.config.cluster_resources.standaloneDeployment }} - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/common/secret-auth.yaml b/charts/flyte-core/templates/common/secret-auth.yaml index 3fa7a257b2..d13247bd9a 100644 --- a/charts/flyte-core/templates/common/secret-auth.yaml +++ b/charts/flyte-core/templates/common/secret-auth.yaml @@ -1,4 +1,4 @@ -{{- if .Values.secrets.adminOauthClientCredentials.create }} +{{- if and (.Values.secrets.adminOauthClientCredentials.enabled) (not (empty .Values.secrets.adminOauthClientCredentials.clientSecret)) }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/flyte-core/templates/flytescheduler/deployment.yaml b/charts/flyte-core/templates/flytescheduler/deployment.yaml index 96feae2841..14db8c48a7 100755 --- a/charts/flyte-core/templates/flytescheduler/deployment.yaml +++ b/charts/flyte-core/templates/flytescheduler/deployment.yaml @@ -48,7 +48,7 @@ spec: volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} - mountPath: /etc/flyte/config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -78,7 +78,7 @@ spec: volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} - mountPath: /etc/flyte/config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -95,7 +95,7 @@ spec: - configMap: name: flyte-scheduler-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/propeller/deployment.yaml b/charts/flyte-core/templates/propeller/deployment.yaml index 21ecb05690..5fd09e5d5d 100644 --- a/charts/flyte-core/templates/propeller/deployment.yaml +++ b/charts/flyte-core/templates/propeller/deployment.yaml @@ -82,7 +82,7 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/flyte/config - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -100,7 +100,7 @@ spec: - configMap: name: flyte-propeller-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/templates/propeller/manager.yaml b/charts/flyte-core/templates/propeller/manager.yaml index 1bbb436e87..21eb894ba8 100644 --- a/charts/flyte-core/templates/propeller/manager.yaml +++ b/charts/flyte-core/templates/propeller/manager.yaml @@ -43,7 +43,7 @@ template: volumeMounts: - name: config-volume mountPath: /etc/flyte/config - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth mountPath: /etc/secrets/ {{- end }} @@ -55,7 +55,7 @@ template: - configMap: name: flyte-propeller-config name: config-volume - {{- if .Values.secrets.adminOauthClientCredentials.mount }} + {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth secret: secretName: flyte-secret-auth diff --git a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml index 505ac17149..626ba2c703 100644 --- a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml +++ b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml @@ -298,14 +298,13 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # If create is true, helm will create the `flyte-secret-auth`. - # If create is false, it's up to the user to create `flyte-secret-auth` as described in + # If enabled is true, and `clientSecret` is specified, helm will create and mount `flyte-secret-auth`. + # If enabled is true, and `clientSecret` is null, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - # If mount is true, helm will mount `flyte-secret-auth`. - # If mount is false, helm will not mount `flyte-secret-auth`. - # Note: Unsupported combination: create.true and mount.false. - create: true - mount: true + # and helm will mount `flyte-secret-auth`. + # If enabled is false, auth is not turned on. + # Note: Unsupported combination: enabled.false and clientSecret.someValue + enabled: true clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP clientId: "flytepropeller" #use this client id and secret in the flytectl config with ClientSecret option diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index c2ae55acf1..f1cda7b9cc 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -430,14 +430,13 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # If create is true, helm will create the `flyte-secret-auth`. - # If create is false, it's up to the user to create `flyte-secret-auth` as described in + # If enabled is true, and `clientSecret` is specified, helm will create and mount `flyte-secret-auth`. + # If enabled is true, and `clientSecret` is null, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - # If mount is true, helm will mount `flyte-secret-auth`. - # If mount is false, helm will not mount `flyte-secret-auth`. - # Note: Unsupported combination: create.true and mount.false. - create: true - mount: true + # and helm will mount `flyte-secret-auth`. + # If enabled is false, auth is not turned on. + # Note: Unsupported combination: enabled.false and clientSecret.someValue + enabled: true clientSecret: foobar clientId: flytepropeller diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index 176ba5593d..a211f29b1f 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -816,7 +816,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: MjNzVm1lMnZUMjVTRko0Rg== + haSharedSecret: OGhQd0NpeUl1RnpDNDFQVg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1412,7 +1412,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 8f2e8007c0b097bdbf6dd6eb401be15a732de47c1af5dfe27f5a583bc28f607b + checksum/secret: eaa74e074204713bddb4743a7fe25a5a49b88c602fb369fb485d070677cf8e5e labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 853996bfba..2785a4f854 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -796,7 +796,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: VEJlM3hVeGY4THdOcW05Sw== + haSharedSecret: TTVMSkIyQmtYeGk2YlM5cg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1360,7 +1360,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 7a204b2b8b091adba24f59ce9f38b15d04c72f115ee240c17d7717b005dcea4e + checksum/secret: fa760467509e23068ef72572911a2ac3cb019bc48044136cca197999f8b8d2eb labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index 3dae1588eb..a116359153 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: ZkVuVWdDZ01WODEyR1B3UQ== + haSharedSecret: emdtTHRaSmg0cWZEWnk3VQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 1b570a4c7f3c210ff9c35040bc1f1c7505d81802369bf90ada961fd7e262d0dd + checksum/secret: f671582a166da291c5bb7644dc719e5ed5f6d22f3a4dd9e598fe964b309858cd labels: app: docker-registry release: flyte-sandbox diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index 46e8a0df36..96d8f09236 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -345,14 +345,13 @@ Apply OIDC Configuration secrets: adminOauthClientCredentials: - # If create is true, helm will create the `flyte-secret-auth`. - # If create is false, it's up to the user to create `flyte-secret-auth` as described in - # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server - # If mount is true, helm will mount `flyte-secret-auth`. - # If mount is false, helm will not mount `flyte-secret-auth`. - # Note: Unsupported combination: create.true and mount.false. - create: true - mount: true + # If enabled is true, and `clientSecret` is specified, helm will create and mount `flyte-secret-auth`. + # If enabled is true, and `clientSecret` is null, it's up to the user to create `flyte-secret-auth` as described in + # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server + # and helm will mount `flyte-secret-auth`. + # If enabled is false, auth is not turned on. + # Note: Unsupported combination: enabled.false and clientSecret.someValue + enabled: true # Use the non-encoded version of the random password clientSecret: "" clientId: flytepropeller @@ -602,8 +601,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - create: true # see the section "Disable Helm secret management" if you require to do so - mount: true + enabled: true # see the section "Disable Helm secret management" if you require to do so # Replace with the client_secret provided by your IdP for flytepropeller. clientSecret: # Replace with the client_id provided by provided by your IdP for flytepropeller. @@ -622,8 +620,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - create: true - mount: true + enabled: true clientSecret: clientId: --- @@ -680,8 +677,8 @@ Alternatively, you can instruct Helm not to create and manage the secret for ``f secrets: adminOauthClientCredentials: - create: false # set to false - mount: true # mount the flyte-secret-auth secret to the flytepropeller. + enabled: true # enable mounting the flyte-secret-auth secret to the flytepropeller. + clientSecret: null # disable Helm from creating the flyte-secret-auth secret. # Replace with the client_id provided by provided by your IdP for flytepropeller. clientId: From b256aaf7d4ec8d6153b67e55374f9bcc2744682d Mon Sep 17 00:00:00 2001 From: Yini Date: Tue, 2 Apr 2024 16:46:33 +0200 Subject: [PATCH 09/11] run make helm Signed-off-by: Yini --- deployment/eks/flyte_aws_scheduler_helm_generated.yaml | 6 +++--- deployment/eks/flyte_helm_controlplane_generated.yaml | 4 ++-- deployment/eks/flyte_helm_dataplane_generated.yaml | 4 ++-- deployment/eks/flyte_helm_generated.yaml | 8 ++++---- deployment/gcp/flyte_helm_controlplane_generated.yaml | 4 ++-- deployment/gcp/flyte_helm_dataplane_generated.yaml | 4 ++-- deployment/gcp/flyte_helm_generated.yaml | 8 ++++---- docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 10 files changed, 25 insertions(+), 25 deletions(-) diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index 200fe365f2..1de7db3436 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -849,7 +849,7 @@ spec: template: metadata: annotations: - configChecksum: "d50d9b515795be1f4937c58f37335ec9bd505ba4c51f96caf8491fa323abb56" + configChecksum: "618a516ca42e8bbe5222a76f7865a0a444b6048002d7fcc06144c9188f3fd3d" labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: flyte @@ -1269,7 +1269,7 @@ spec: template: metadata: annotations: - configChecksum: "e7d99d3cce2e4e6d410d7c61f8c05bbb6b5dc901f5e9a199849438d31d5e467" + configChecksum: "e7a065fd96ff8a6564199b17e054fac2da37f402b421e20fbe2160fc43f11cc" labels: app.kubernetes.io/name: flytepropeller app.kubernetes.io/instance: flyte @@ -1351,7 +1351,7 @@ spec: app.kubernetes.io/name: flyte-pod-webhook app.kubernetes.io/version: v1.11.1-b1 annotations: - configChecksum: "e7d99d3cce2e4e6d410d7c61f8c05bbb6b5dc901f5e9a199849438d31d5e467" + configChecksum: "e7a065fd96ff8a6564199b17e054fac2da37f402b421e20fbe2160fc43f11cc" spec: securityContext: fsGroup: 65534 diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index 36667d78f8..45689f769c 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -554,7 +554,7 @@ spec: template: metadata: annotations: - configChecksum: "b6087931f4457971d5fcd17d64491188322ffc2f86e31f943b142c76edb9e67" + configChecksum: "5ce6f593fb92c9a6fd183825231d187471b5f10fe948f601f6d5b56edd02b51" labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: flyte @@ -974,7 +974,7 @@ spec: template: metadata: annotations: - configChecksum: "b6087931f4457971d5fcd17d64491188322ffc2f86e31f943b142c76edb9e67" + configChecksum: "5ce6f593fb92c9a6fd183825231d187471b5f10fe948f601f6d5b56edd02b51" labels: app.kubernetes.io/name: flytescheduler app.kubernetes.io/instance: flyte diff --git a/deployment/eks/flyte_helm_dataplane_generated.yaml b/deployment/eks/flyte_helm_dataplane_generated.yaml index 8627896512..41c7a5aef7 100644 --- a/deployment/eks/flyte_helm_dataplane_generated.yaml +++ b/deployment/eks/flyte_helm_dataplane_generated.yaml @@ -428,7 +428,7 @@ spec: template: metadata: annotations: - configChecksum: "e7d99d3cce2e4e6d410d7c61f8c05bbb6b5dc901f5e9a199849438d31d5e467" + configChecksum: "e7a065fd96ff8a6564199b17e054fac2da37f402b421e20fbe2160fc43f11cc" labels: app.kubernetes.io/name: flytepropeller app.kubernetes.io/instance: flyte @@ -510,7 +510,7 @@ spec: app.kubernetes.io/name: flyte-pod-webhook app.kubernetes.io/version: v1.11.1-b1 annotations: - configChecksum: "e7d99d3cce2e4e6d410d7c61f8c05bbb6b5dc901f5e9a199849438d31d5e467" + configChecksum: "e7a065fd96ff8a6564199b17e054fac2da37f402b421e20fbe2160fc43f11cc" spec: securityContext: fsGroup: 65534 diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index 4bec7d622f..85011afcda 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -880,7 +880,7 @@ spec: template: metadata: annotations: - configChecksum: "b6087931f4457971d5fcd17d64491188322ffc2f86e31f943b142c76edb9e67" + configChecksum: "5ce6f593fb92c9a6fd183825231d187471b5f10fe948f601f6d5b56edd02b51" labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: flyte @@ -1300,7 +1300,7 @@ spec: template: metadata: annotations: - configChecksum: "b6087931f4457971d5fcd17d64491188322ffc2f86e31f943b142c76edb9e67" + configChecksum: "5ce6f593fb92c9a6fd183825231d187471b5f10fe948f601f6d5b56edd02b51" labels: app.kubernetes.io/name: flytescheduler app.kubernetes.io/instance: flyte @@ -1399,7 +1399,7 @@ spec: template: metadata: annotations: - configChecksum: "e7d99d3cce2e4e6d410d7c61f8c05bbb6b5dc901f5e9a199849438d31d5e467" + configChecksum: "e7a065fd96ff8a6564199b17e054fac2da37f402b421e20fbe2160fc43f11cc" labels: app.kubernetes.io/name: flytepropeller app.kubernetes.io/instance: flyte @@ -1481,7 +1481,7 @@ spec: app.kubernetes.io/name: flyte-pod-webhook app.kubernetes.io/version: v1.11.1-b1 annotations: - configChecksum: "e7d99d3cce2e4e6d410d7c61f8c05bbb6b5dc901f5e9a199849438d31d5e467" + configChecksum: "e7a065fd96ff8a6564199b17e054fac2da37f402b421e20fbe2160fc43f11cc" spec: securityContext: fsGroup: 65534 diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 68fb7acb6b..56ed910d63 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -569,7 +569,7 @@ spec: template: metadata: annotations: - configChecksum: "b35a14d8bfd46ac863acf50bc4f338954b2f1315b66dc1fc17123885cc4dc37" + configChecksum: "0705f122f2535babec96a6083827c3e6d27e6e9b0e460b4d07292c858079ac7" labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: flyte @@ -989,7 +989,7 @@ spec: template: metadata: annotations: - configChecksum: "b35a14d8bfd46ac863acf50bc4f338954b2f1315b66dc1fc17123885cc4dc37" + configChecksum: "0705f122f2535babec96a6083827c3e6d27e6e9b0e460b4d07292c858079ac7" labels: app.kubernetes.io/name: flytescheduler app.kubernetes.io/instance: flyte diff --git a/deployment/gcp/flyte_helm_dataplane_generated.yaml b/deployment/gcp/flyte_helm_dataplane_generated.yaml index 4048f53c17..ab1be7e891 100644 --- a/deployment/gcp/flyte_helm_dataplane_generated.yaml +++ b/deployment/gcp/flyte_helm_dataplane_generated.yaml @@ -436,7 +436,7 @@ spec: template: metadata: annotations: - configChecksum: "8a15e3074047b226537f0c506efa34aa2459b94274bbd3073f597126f81a59a" + configChecksum: "ddc04c6de49a20c7b297c49103fb428ea5c5f46124331c2546848ac1e2d4bf1" labels: app.kubernetes.io/name: flytepropeller app.kubernetes.io/instance: flyte @@ -517,7 +517,7 @@ spec: app.kubernetes.io/name: flyte-pod-webhook app.kubernetes.io/version: v1.11.1-b1 annotations: - configChecksum: "8a15e3074047b226537f0c506efa34aa2459b94274bbd3073f597126f81a59a" + configChecksum: "ddc04c6de49a20c7b297c49103fb428ea5c5f46124331c2546848ac1e2d4bf1" spec: securityContext: fsGroup: 65534 diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index a5a028f15c..ff869a8322 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -903,7 +903,7 @@ spec: template: metadata: annotations: - configChecksum: "b35a14d8bfd46ac863acf50bc4f338954b2f1315b66dc1fc17123885cc4dc37" + configChecksum: "0705f122f2535babec96a6083827c3e6d27e6e9b0e460b4d07292c858079ac7" labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: flyte @@ -1323,7 +1323,7 @@ spec: template: metadata: annotations: - configChecksum: "b35a14d8bfd46ac863acf50bc4f338954b2f1315b66dc1fc17123885cc4dc37" + configChecksum: "0705f122f2535babec96a6083827c3e6d27e6e9b0e460b4d07292c858079ac7" labels: app.kubernetes.io/name: flytescheduler app.kubernetes.io/instance: flyte @@ -1422,7 +1422,7 @@ spec: template: metadata: annotations: - configChecksum: "8a15e3074047b226537f0c506efa34aa2459b94274bbd3073f597126f81a59a" + configChecksum: "ddc04c6de49a20c7b297c49103fb428ea5c5f46124331c2546848ac1e2d4bf1" labels: app.kubernetes.io/name: flytepropeller app.kubernetes.io/instance: flyte @@ -1503,7 +1503,7 @@ spec: app.kubernetes.io/name: flyte-pod-webhook app.kubernetes.io/version: v1.11.1-b1 annotations: - configChecksum: "8a15e3074047b226537f0c506efa34aa2459b94274bbd3073f597126f81a59a" + configChecksum: "ddc04c6de49a20c7b297c49103fb428ea5c5f46124331c2546848ac1e2d4bf1" spec: securityContext: fsGroup: 65534 diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index a9b42ba661..a5b2880e6e 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -816,7 +816,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: ZjEwSmt1RUY3aDlCdDVsRg== + haSharedSecret: d1lEYXc5ckRCSm1JTmFkOQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1412,7 +1412,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: d7249c11a963bd048b55d03454927119ba2f4bbf0a6328ded80c2579cf224f1d + checksum/secret: 9864cd5018cca419cae8935a5d7622552b3a930d4b1eae413e16e99b98fccb99 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 05e80e3a30..2579aba08c 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -796,7 +796,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: aWRqOTR0QTVZRE1CaGVRdw== + haSharedSecret: OHBWcEpOdXhqZHVIRFJHbQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1360,7 +1360,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: fa760467509e23068ef72572911a2ac3cb019bc48044136cca197999f8b8d2eb + checksum/secret: 2a295dba90805d8df9af4250a168421fa16934a6365bfd7c2a75884acd469bc1 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index 57001b01f3..1321cbf0e1 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: Z0xGR25hRVd6TlZoOERxZA== + haSharedSecret: NWd2OVBoOVg5Q2xCQjRiWA== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 6c870dc393e0c203d57b719e52c73856e98c35788dd05e75b2d00194cb4392f2 + checksum/secret: 90abe8e666f3feb903aac09499eb8b9c8a4c3a5616f51345cfe635b7810a1987 labels: app: docker-registry release: flyte-sandbox From e4a2deadda2f821a9c5d7eaaa0eb3f5452ab5107 Mon Sep 17 00:00:00 2001 From: Yini Date: Tue, 9 Apr 2024 21:08:50 +0200 Subject: [PATCH 10/11] run make helm Signed-off-by: Yini --- docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index ad926e6109..6cc6e3351a 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -816,7 +816,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: SDRTOVJwQzU0WURYTG1NbQ== + haSharedSecret: b21Wb1RDSEJTTlZtdE9kdw== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1412,7 +1412,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 1d977a1daf6338c6d55444d6c0565a40353efd71d0a8bef422cfc6387b20a39f + checksum/secret: ec1d3f5f583d49c1391ba826ce8902ccab1176d54ec85fddf650af30e9a4288a labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 13dc038d3f..1b3c414830 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -796,7 +796,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: MGs1QlJSY2VKM3I0cEQ2bw== + haSharedSecret: RGlPWTNTd2FSalUyeExhRw== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1360,7 +1360,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: d2a40d222d6f4b81e6186400d7fc9818c90e07068ccc2569cfdb212ad7782e98 + checksum/secret: b9b7e397079b78ef59f2319194edbbd8304404b1cc83fddae42be22028f8f9de labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index c258d27b9c..91dac5c712 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: SVFrS2JhOWVndXFEYlE3WA== + haSharedSecret: Q1lhdnJPSUpuNE1INFpldQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: b5ff29721af068e75a80eff30c7402def61a64a87c73e8e716d5d06cf05c4bd8 + checksum/secret: 395260d1bf8400be7613e9cc87617407754212fc015fb1f216f1ed4e8119ec59 labels: app: docker-registry release: flyte-sandbox From be46ef6217bfc7b681d225f68845e555103ee55f Mon Sep 17 00:00:00 2001 From: Yini Date: Thu, 11 Apr 2024 22:00:42 +0200 Subject: [PATCH 11/11] run make helm Signed-off-by: Yini --- docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index 7b4a0c8df6..4b31375fc3 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -816,7 +816,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: RUtrQlNrYU9tQ21hT2NQdg== + haSharedSecret: WlVScnNIb3I2RFM4UFhrcA== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1412,7 +1412,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: f32ac7770d546bb970d5cdfb8280be16ee0a852fc6f9e23f8be29bc3cdcdc080 + checksum/secret: a041f8b1e9c41f465e4f113957cc10f1b48b2e259a5d193657571ae597305e2c labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index af43ea6ecd..4f5f878a00 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -796,7 +796,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: OVJPbVVSY1pnbGhYZ3VnMA== + haSharedSecret: VU5MNDc1MDZUU05OWmZOYw== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1360,7 +1360,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 78488724c19da8da25ffdbe6f64179a0ff50e13ad607d9ad62f6ed26f39f391b + checksum/secret: 0c9fcdc5ba4f5091dbd31e0a907c4748391313df162b5e1d3ace3084b62cdd40 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index acbd5264be..43144186ce 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: d2ZQSFBRbTdndktaVG1uYQ== + haSharedSecret: RXhwTzhZT25HZzJjdUllSQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 82243571f71a234dddb18728159976b6d944626310a65e5f2c2e5a39b0497415 + checksum/secret: 6f8a6d8c2b4e54840abf28822833192923adeb062f926c962e8e0785b96877d5 labels: app: docker-registry release: flyte-sandbox