Skip to content

Commit

Permalink
Authentication Config Examples (#970)
Browse files Browse the repository at this point in the history
* Fix broken Kustomize link in docs (#944)

Signed-off-by: Tom Forbes <[email protected]>
Signed-off-by: Haytham Abuelfutuh <[email protected]>

* update getting started guide (#958)

since we're consolidating our docs, we want to use the getting
started example originally from flytesnacks. Here we're moving
it into the flyte repo since the flytesnacks example should be
the canonical getting started guide

Signed-off-by: cosmicBboy <[email protected]>
Signed-off-by: Haytham Abuelfutuh <[email protected]>

* Authentication Config Examples

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* Feedback

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* fix map specification in cluster resource template

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* attempting stdlib fix

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* Fix merge issue

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* Update

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* Spellcheck

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* regenerate

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* Update migration.rst

Signed-off-by: Haytham Abuelfutuh <[email protected]>

* Update setup.rst

Signed-off-by: Haytham Abuelfutuh <[email protected]>

Co-authored-by: Tom Forbes <[email protected]>
Co-authored-by: Niels Bantilan <[email protected]>
Co-authored-by: SandraGH5 <[email protected]>
  • Loading branch information
4 people authored May 5, 2021
1 parent b9dfebe commit 1ede375
Show file tree
Hide file tree
Showing 21 changed files with 1,093 additions and 298 deletions.
127 changes: 99 additions & 28 deletions deployment/eks/flyte_generated.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8106,21 +8106,21 @@ data:
cluster_resources:
templatePath: "/etc/flyte/clusterresource/templates"
customData:
production:
- projectQuotaCpu:
value: "5"
- projectQuotaMemory:
value: "4000Mi"
staging:
- projectQuotaCpu:
value: "2"
- projectQuotaMemory:
value: "3000Mi"
development:
- projectQuotaCpu:
value: "4"
- projectQuotaMemory:
value: "3000Mi"
- production:
- projectQuotaCpu:
value: "5"
- projectQuotaMemory:
value: "4000Mi"
- staging:
- projectQuotaCpu:
value: "2"
- projectQuotaMemory:
value: "3000Mi"
- development:
- projectQuotaCpu:
value: "4"
- projectQuotaMemory:
value: "3000Mi"
refresh: 5m
db.yaml: |
database:
Expand Down Expand Up @@ -8148,14 +8148,43 @@ data:
httpPort: 8088
grpcPort: 8089
security:
# Controls whether to serve requests over SSL/TLS.
secure: false
# Controls whether to enforce authentication. Follow the guide in https://docs.flyte.org/ on how to setup authentication.
useAuth: false
allowCors: true
allowedOrigins:
# Accepting all domains for Sandbox installation
- "*"
allowedHeaders:
- "Content-Type"
- "flyte-authorization"
auth:
authorizedUris:
# This should point at your public http Uri.
- https://localhost:30081
# This will be used by internal services in the same namespace as flyteadmin
- http://flyteadmin:80
# This will be used by internal services in the same cluster but different namespaces
- http://flyteadmin.flyte.svc.cluster.local:80
# Controls app authentication config
appAuth:
thirdPartyConfig:
flyteClient:
clientId: flytectl
redirectUri: https://localhost:53593/callback
scopes:
- offline
- all
# Controls user authentication
userAuth:
openId:
baseUrl: https://accounts.google.com
scopes:
- profile
- openid
clientId: 657465813211-6eog7ek7li5k7i7fvgv2921075063hpe.apps.googleusercontent.com
flyteadmin:
roleNameKey: "iam.amazonaws.com/role"
storage.yaml: |
Expand Down Expand Up @@ -8189,7 +8218,7 @@ data:
gpu: 1
kind: ConfigMap
metadata:
name: flyte-admin-config-ddg9df67hb
name: flyte-admin-config-dck98m94b6
namespace: flyte
---
apiVersion: v1
Expand Down Expand Up @@ -8372,6 +8401,22 @@ metadata:
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: flyte-admin-auth
namespace: flyte
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: flyte-propeller-auth
namespace: flyte
stringData:
client_secret: foobar
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
annotations:
Expand Down Expand Up @@ -8567,7 +8612,7 @@ spec:
- --config
- /etc/datacatalog/config/*.yaml
- serve
image: ghcr.io/flyteorg/datacatalog:v0.3.1
image: ghcr.io/flyteorg/datacatalog:v0.3.2
imagePullPolicy: IfNotPresent
name: datacatalog
ports:
Expand All @@ -8590,7 +8635,7 @@ spec:
- /etc/datacatalog/config/*.yaml
- migrate
- run
image: ghcr.io/flyteorg/datacatalog:v0.3.1
image: ghcr.io/flyteorg/datacatalog:v0.3.2
imagePullPolicy: IfNotPresent
name: run-migrations
volumeMounts:
Expand Down Expand Up @@ -8647,7 +8692,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/flyteorg/flytepropeller:v0.10.0
image: ghcr.io/flyteorg/flytepropeller:v0.10.7
imagePullPolicy: IfNotPresent
name: webhook
volumeMounts:
Expand Down Expand Up @@ -8695,7 +8740,7 @@ spec:
- --config
- /etc/flyte/config/*.yaml
- serve
image: ghcr.io/flyteorg/flyteadmin:v0.4.13
image: ghcr.io/flyteorg/flyteadmin:v0.5.3
imagePullPolicy: IfNotPresent
name: flyteadmin
ports:
Expand All @@ -8713,6 +8758,8 @@ spec:
name: config-volume
- mountPath: /etc/db
name: db-pass
- mountPath: /etc/secrets/
name: auth
- command:
- sh
- -c
Expand Down Expand Up @@ -8740,7 +8787,7 @@ spec:
- /etc/flyte/config/*.yaml
- migrate
- run
image: ghcr.io/flyteorg/flyteadmin:v0.4.13
image: ghcr.io/flyteorg/flyteadmin:v0.5.3
imagePullPolicy: IfNotPresent
name: run-migrations
volumeMounts:
Expand All @@ -8757,7 +8804,7 @@ spec:
- flytesnacks
- flytetester
- flyteexamples
image: ghcr.io/flyteorg/flyteadmin:v0.4.13
image: ghcr.io/flyteorg/flyteadmin:v0.5.3
imagePullPolicy: IfNotPresent
name: seed-projects
volumeMounts:
Expand All @@ -8771,7 +8818,7 @@ spec:
- /etc/flyte/config/*.yaml
- clusterresource
- sync
image: ghcr.io/flyteorg/flyteadmin:v0.4.13
image: ghcr.io/flyteorg/flyteadmin:v0.5.3
imagePullPolicy: IfNotPresent
name: sync-cluster-resources
volumeMounts:
Expand All @@ -8781,19 +8828,38 @@ spec:
name: config-volume
- mountPath: /etc/db
name: db-pass
- args:
- flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/secrets/auth && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --fromPath /etc/secrets/auth
command:
- /bin/sh
- -c
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/flyteorg/flyteadmin:v0.5.3
imagePullPolicy: IfNotPresent
name: generate-secrets
volumeMounts:
- mountPath: /etc/flyte/config
name: config-volume
serviceAccountName: flyteadmin
volumes:
- emptyDir: {}
name: shared-data
- configMap:
name: flyte-admin-config-ddg9df67hb
name: flyte-admin-config-dck98m94b6
name: config-volume
- configMap:
name: clusterresource-template-tkdkkt4cb5
name: resource-templates
- name: db-pass
secret:
secretName: db-pass-bthd2588cc
- name: auth
secret:
secretName: flyte-admin-auth
---
apiVersion: apps/v1
kind: Deployment
Expand Down Expand Up @@ -8862,7 +8928,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: ghcr.io/flyteorg/flytepropeller:v0.10.0
image: ghcr.io/flyteorg/flytepropeller:v0.10.7
imagePullPolicy: IfNotPresent
name: flytepropeller
ports:
Expand All @@ -8875,11 +8941,16 @@ spec:
volumeMounts:
- mountPath: /etc/flyte/config
name: config-volume
- mountPath: /etc/secrets/
name: auth
serviceAccountName: flytepropeller
volumes:
- configMap:
name: flyte-propeller-config-8fdc62895h
name: config-volume
- name: auth
secret:
secretName: flyte-propeller-auth
---
apiVersion: apps/v1
kind: Deployment
Expand Down Expand Up @@ -9049,7 +9120,7 @@ spec:
- /etc/flyte/config/*.yaml
- clusterresource
- sync
image: ghcr.io/flyteorg/flyteadmin:v0.4.13
image: ghcr.io/flyteorg/flyteadmin:v0.5.3
imagePullPolicy: IfNotPresent
name: sync-cluster-resources
volumeMounts:
Expand All @@ -9066,7 +9137,7 @@ spec:
name: clusterresource-template-tkdkkt4cb5
name: resource-templates
- configMap:
name: flyte-admin-config-ddg9df67hb
name: flyte-admin-config-dck98m94b6
name: config-volume
- name: db-pass
secret:
Expand Down Expand Up @@ -9099,7 +9170,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/flyteorg/flytepropeller:v0.10.0
image: ghcr.io/flyteorg/flytepropeller:v0.10.7
imagePullPolicy: IfNotPresent
name: webhook
volumeMounts:
Expand Down
Loading

0 comments on commit 1ede375

Please sign in to comment.