Skip to content

Commit

Permalink
Fix: Stow scope for signing URLs in GKE >= 1.25.0 (#3383)
Browse files Browse the repository at this point in the history
Signed-off-by: Dennis Keck <[email protected]>
  • Loading branch information
fellhorn authored Apr 12, 2023
1 parent 36efb93 commit 0bd4ab9
Show file tree
Hide file tree
Showing 7 changed files with 30 additions and 30 deletions.
2 changes: 1 addition & 1 deletion charts/flyte-binary/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ data:
config:
json: ""
project_id: {{ required "GCP project required for GCS storage provider" .providerConfig.gcs.project }}
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
{{- else }}
{{- printf "Invalid value for storage provider. Expected one of (s3, gcs), but got: %s" .provider | fail }}
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion charts/flyte-core/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ storage:
config:
json: ""
project_id: {{ .Values.storage.gcs.projectId }}
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
container: {{ .Values.storage.bucketName | quote }}
{{- else if eq .Values.storage.type "sandbox" }}
type: minio
Expand Down
22 changes: 11 additions & 11 deletions deployment/gcp/flyte_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8071,7 +8071,7 @@ data:
json: ""
# TODO: replace <project-id> with the GCP project ID
project_id: <project-id>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
# TODO replace with the container (bucket) in GCS used by Flyte as intermediate store
container: "flyte"
# NOTE this cache configuration is purely for propeller. But since we are having a common storage
Expand All @@ -8084,7 +8084,7 @@ data:
maxDownloadMBs: 10
kind: ConfigMap
metadata:
name: datacatalog-config-d56hkd9229
name: datacatalog-config-mk4gcdf6db
namespace: flyte
---
apiVersion: v1
Expand Down Expand Up @@ -8182,7 +8182,7 @@ data:
json: ""
# TODO: replace <project-id> with the GCP project ID
project_id: <project-id>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
# TODO replace with the container (bucket) in GCS used by Flyte as intermediate store
container: "flyte"
# NOTE this cache configuration is purely for propeller. But since we are having a common storage
Expand All @@ -8206,7 +8206,7 @@ data:
gpu: 1
kind: ConfigMap
metadata:
name: flyte-admin-config-7g6ctk6762
name: flyte-admin-config-gf99k75c82
namespace: flyte
---
apiVersion: v1
Expand Down Expand Up @@ -8350,7 +8350,7 @@ data:
json: ""
# TODO: replace <project-id> with the GCP project ID
project_id: <project-id>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
# TODO replace with the container (bucket) in GCS used by Flyte as intermediate store
container: "flyte"
# NOTE this cache configuration is purely for propeller. But since we are having a common storage
Expand All @@ -8374,7 +8374,7 @@ data:
stackdriver-logresourcename: k8s_container
kind: ConfigMap
metadata:
name: flyte-propeller-config-fgbm2gk6tt
name: flyte-propeller-config-kgbdtkgf56
namespace: flyte
---
apiVersion: v1
Expand Down Expand Up @@ -8722,7 +8722,7 @@ spec:
- emptyDir: {}
name: shared-data
- configMap:
name: datacatalog-config-d56hkd9229
name: datacatalog-config-mk4gcdf6db
name: config-volume
- name: db-pass
secret:
Expand Down Expand Up @@ -8806,7 +8806,7 @@ spec:
serviceAccountName: flyte-pod-webhook
volumes:
- configMap:
name: flyte-propeller-config-fgbm2gk6tt
name: flyte-propeller-config-kgbdtkgf56
name: config-volume
- name: webhook-certs
secret:
Expand Down Expand Up @@ -8958,7 +8958,7 @@ spec:
- emptyDir: {}
name: scratch
- configMap:
name: flyte-admin-config-7g6ctk6762
name: flyte-admin-config-gf99k75c82
name: config-volume
- configMap:
name: clusterresource-template-4fbh4bk26k
Expand Down Expand Up @@ -9066,7 +9066,7 @@ spec:
serviceAccountName: flytepropeller
volumes:
- configMap:
name: flyte-propeller-config-fgbm2gk6tt
name: flyte-propeller-config-kgbdtkgf56
name: config-volume
- name: auth
secret:
Expand Down Expand Up @@ -9329,7 +9329,7 @@ spec:
name: clusterresource-template-4fbh4bk26k
name: resource-templates
- configMap:
name: flyte-admin-config-7g6ctk6762
name: flyte-admin-config-gf99k75c82
name: config-volume
- name: db-pass
secret:
Expand Down
10 changes: 5 additions & 5 deletions deployment/gcp/flyte_helm_controlplane_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ data:
config:
json: ""
project_id: <PROJECT-ID>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
container: "<BUCKETNAME>"
enable-multicontainer: false
limits:
Expand Down Expand Up @@ -371,7 +371,7 @@ data:
config:
json: ""
project_id: <PROJECT-ID>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
container: "<BUCKETNAME>"
enable-multicontainer: false
limits:
Expand Down Expand Up @@ -571,7 +571,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "03a38330f086ba10896963aad5434645a54487ca0818f810df0549bf0436be9"
configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
labels:
app.kubernetes.io/name: flyteadmin
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -859,7 +859,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "5decd5143258340704503cb1c89d283b3fa311a33792c0a2751edc6d21b1e94"
configChecksum: "bc69ed841506b28a42ac19bd0884d483472b3d11fe85fe7e546b879aeb30a85"
labels:
app.kubernetes.io/name: datacatalog
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -950,7 +950,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "03a38330f086ba10896963aad5434645a54487ca0818f810df0549bf0436be9"
configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
labels:
app.kubernetes.io/name: flytescheduler
app.kubernetes.io/instance: flyte
Expand Down
6 changes: 3 additions & 3 deletions deployment/gcp/flyte_helm_dataplane_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ data:
config:
json: ""
project_id: <PROJECT-ID>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
container: "<BUCKETNAME>"
enable-multicontainer: false
limits:
Expand Down Expand Up @@ -434,7 +434,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "fe5c992d51159e4ad600993479272953d271a33402834861c4c73ed1204fbad"
configChecksum: "2b07a0c9c6c35263389e46c712af516b2151764867ec2bdd64e5467e0be9b2b"
labels:
app.kubernetes.io/name: flytepropeller
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -515,7 +515,7 @@ spec:
app.kubernetes.io/name: flyte-pod-webhook
app.kubernetes.io/version: v1.1.76
annotations:
configChecksum: "fe5c992d51159e4ad600993479272953d271a33402834861c4c73ed1204fbad"
configChecksum: "2b07a0c9c6c35263389e46c712af516b2151764867ec2bdd64e5467e0be9b2b"
spec:
securityContext:
fsGroup: 65534
Expand Down
16 changes: 8 additions & 8 deletions deployment/gcp/flyte_helm_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ data:
config:
json: ""
project_id: <PROJECT-ID>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
container: "<BUCKETNAME>"
enable-multicontainer: false
limits:
Expand Down Expand Up @@ -402,7 +402,7 @@ data:
config:
json: ""
project_id: <PROJECT-ID>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
container: "<BUCKETNAME>"
enable-multicontainer: false
limits:
Expand Down Expand Up @@ -551,7 +551,7 @@ data:
config:
json: ""
project_id: <PROJECT-ID>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
container: "<BUCKETNAME>"
enable-multicontainer: false
limits:
Expand Down Expand Up @@ -904,7 +904,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "03a38330f086ba10896963aad5434645a54487ca0818f810df0549bf0436be9"
configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
labels:
app.kubernetes.io/name: flyteadmin
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -1192,7 +1192,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "5decd5143258340704503cb1c89d283b3fa311a33792c0a2751edc6d21b1e94"
configChecksum: "bc69ed841506b28a42ac19bd0884d483472b3d11fe85fe7e546b879aeb30a85"
labels:
app.kubernetes.io/name: datacatalog
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -1283,7 +1283,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "03a38330f086ba10896963aad5434645a54487ca0818f810df0549bf0436be9"
configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
labels:
app.kubernetes.io/name: flytescheduler
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -1371,7 +1371,7 @@ spec:
template:
metadata:
annotations:
configChecksum: "fe5c992d51159e4ad600993479272953d271a33402834861c4c73ed1204fbad"
configChecksum: "2b07a0c9c6c35263389e46c712af516b2151764867ec2bdd64e5467e0be9b2b"
labels:
app.kubernetes.io/name: flytepropeller
app.kubernetes.io/instance: flyte
Expand Down Expand Up @@ -1452,7 +1452,7 @@ spec:
app.kubernetes.io/name: flyte-pod-webhook
app.kubernetes.io/version: v1.1.76
annotations:
configChecksum: "fe5c992d51159e4ad600993479272953d271a33402834861c4c73ed1204fbad"
configChecksum: "2b07a0c9c6c35263389e46c712af516b2151764867ec2bdd64e5467e0be9b2b"
spec:
securityContext:
fsGroup: 65534
Expand Down
2 changes: 1 addition & 1 deletion kustomize/overlays/gcp/flyte/config/common/storage.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ storage:
json: ""
# TODO: replace <project-id> with the GCP project ID
project_id: <project-id>
scopes: https://www.googleapis.com/auth/devstorage.read_write
scopes: https://www.googleapis.com/auth/cloud-platform
# TODO replace with the container (bucket) in GCS used by Flyte as intermediate store
container: "flyte"
# NOTE this cache configuration is purely for propeller. But since we are having a common storage
Expand Down

0 comments on commit 0bd4ab9

Please sign in to comment.