From 334f59ec22fc82a26ac18e72cbd0fa18f48a640a Mon Sep 17 00:00:00 2001 From: Haytham Abuelfutuh Date: Mon, 15 Mar 2021 08:21:04 -0700 Subject: [PATCH] Move alb ingress to addons --- deployment/eks/flyte_generated.yaml | 53 +---- deployment/gcp/flyte_generated.yaml | 150 ++++++++++++-- deployment/sandbox/flyte_generated.yaml | 159 ++++++++++++--- deployment/test/flyte_generated.yaml | 49 +---- kustomize/base/addons/alb_ingress/README.md | 4 + .../base/addons/alb_ingress/ingress.yaml | 166 ++++++++++++---- .../addons}/alb_ingress/ingress_grpc.yaml | 11 +- .../addons/alb_ingress/kustomization.yaml | 6 + kustomize/base/addons/storage/storage.yaml | 53 ++--- kustomize/base/ingress/ingress.yaml | 185 ++++++++++++++---- kustomize/base/ingress/kustomization.yaml | 5 +- .../headless/kustomization.yaml | 101 +++++----- .../flyte/dependencies/alb_ingress/README.md | 5 - .../dependencies/alb_ingress/ingress.yaml | 140 ------------- .../overlays/eks/flyte/kustomization.yaml | 2 - kustomize/overlays/eks/kustomization.yaml | 3 +- kustomize/overlays/gcp/kustomization.yaml | 1 + kustomize/overlays/sandbox/kustomization.yaml | 1 + 18 files changed, 652 insertions(+), 442 deletions(-) rename kustomize/{overlays/eks/flyte/dependencies => base/addons}/alb_ingress/ingress_grpc.yaml (73%) create mode 100644 kustomize/base/addons/alb_ingress/kustomization.yaml delete mode 100644 kustomize/overlays/eks/flyte/dependencies/alb_ingress/README.md delete mode 100644 kustomize/overlays/eks/flyte/dependencies/alb_ingress/ingress.yaml diff --git a/deployment/eks/flyte_generated.yaml b/deployment/eks/flyte_generated.yaml index e2add5c94a5..da4a7757576 100644 --- a/deployment/eks/flyte_generated.yaml +++ b/deployment/eks/flyte_generated.yaml @@ -9017,52 +9017,12 @@ spec: restartPolicy: Never serviceAccountName: sparkoperator --- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "false" - name: flytesystem - namespace: flyte -spec: - rules: - - http: - paths: - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /console - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /api - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /healthcheck - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 - - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService - - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:590375264460:certificate/e2f04275-2dff-4118-a493-ed3ec8f41605 + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 alb.ingress.kubernetes.io/group.name: flytesystem alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing @@ -9202,9 +9162,9 @@ metadata: annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' alb.ingress.kubernetes.io/backend-protocol-version: GRPC - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:590375264460:certificate/e2f04275-2dff-4118-a493-ed3ec8f41605 + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 alb.ingress.kubernetes.io/group.name: flytesystem - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production kubernetes.io/ingress.class: alb @@ -9217,13 +9177,6 @@ spec: rules: - http: paths: - - backend: - service: - name: ssl-redirect - port: - name: ssl-redirect - path: /* - pathType: ImplementationSpecific - backend: service: name: flyteadmin diff --git a/deployment/gcp/flyte_generated.yaml b/deployment/gcp/flyte_generated.yaml index 0d9529e1bac..20b741c4a08 100644 --- a/deployment/gcp/flyte_generated.yaml +++ b/deployment/gcp/flyte_generated.yaml @@ -9049,7 +9049,7 @@ spec: restartPolicy: Never serviceAccountName: sparkoperator --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -9061,30 +9061,142 @@ spec: - http: paths: - backend: - serviceName: flyteconsole - servicePort: 80 + service: + name: flyteconsole + port: + number: 80 + path: /__webpack_hmr + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 81 + path: /flyteidl.service.AdminService + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 87 + path: /openapi + pathType: ImplementationSpecific + - backend: + service: + name: flyteconsole + port: + number: 80 path: /console + pathType: ImplementationSpecific - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr + service: + name: flyteconsole + port: + number: 80 + path: /console/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /api + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /api/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /healthcheck + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 + service: + name: flyteadmin + port: + number: 80 + path: /v1/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService + service: + name: flyteadmin + port: + number: 80 + path: /openapi/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi + service: + name: flyteadmin + port: + number: 80 + path: /.well-known/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /me + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config/* + pathType: ImplementationSpecific diff --git a/deployment/sandbox/flyte_generated.yaml b/deployment/sandbox/flyte_generated.yaml index 1a40a7ac5a1..736454efa88 100644 --- a/deployment/sandbox/flyte_generated.yaml +++ b/deployment/sandbox/flyte_generated.yaml @@ -3401,7 +3401,7 @@ spec: serviceAccountName: contour-certgen ttlSecondsAfterFinished: 0 --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -3413,35 +3413,147 @@ spec: - http: paths: - backend: - serviceName: flyteconsole - servicePort: 80 + service: + name: flyteconsole + port: + number: 80 + path: /__webpack_hmr + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 81 + path: /flyteidl.service.AdminService + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 87 + path: /openapi + pathType: ImplementationSpecific + - backend: + service: + name: flyteconsole + port: + number: 80 path: /console + pathType: ImplementationSpecific - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr + service: + name: flyteconsole + port: + number: 80 + path: /console/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /api + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /api/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 + service: + name: flyteadmin + port: + number: 80 path: /healthcheck + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 + service: + name: flyteadmin + port: + number: 80 + path: /v1/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService + service: + name: flyteadmin + port: + number: 80 + path: /openapi/* + pathType: ImplementationSpecific - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi + service: + name: flyteadmin + port: + number: 80 + path: /.well-known/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /login/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /logout/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /callback/* + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /me + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config + pathType: ImplementationSpecific + - backend: + service: + name: flyteadmin + port: + number: 80 + path: /config/* + pathType: ImplementationSpecific --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -3453,6 +3565,9 @@ spec: - http: paths: - backend: - serviceName: minio - servicePort: 9000 + service: + name: minio + port: + number: 9000 path: /minio + pathType: ImplementationSpecific diff --git a/deployment/test/flyte_generated.yaml b/deployment/test/flyte_generated.yaml index 067d8df2de8..0efb4347d39 100644 --- a/deployment/test/flyte_generated.yaml +++ b/deployment/test/flyte_generated.yaml @@ -814,47 +814,7 @@ spec: - emptyDir: {} name: postgres-storage --- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "false" - name: flytesystem - namespace: flyte -spec: - rules: - - http: - paths: - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /console - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /api - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /healthcheck - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 - - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService - - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi ---- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -866,6 +826,9 @@ spec: - http: paths: - backend: - serviceName: minio - servicePort: 9000 + service: + name: minio + port: + number: 9000 path: /minio + pathType: ImplementationSpecific diff --git a/kustomize/base/addons/alb_ingress/README.md b/kustomize/base/addons/alb_ingress/README.md index 4d6403e0fe3..28fa058659a 100644 --- a/kustomize/base/addons/alb_ingress/README.md +++ b/kustomize/base/addons/alb_ingress/README.md @@ -1 +1,5 @@ # :construction: Instructions to deploy ALB Ingress controller + +Follow instructions here to install ALB Ingress Controller: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html + +Replace `alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6` in ingress.yaml and ingress_grpc.yaml with your own SSL cert (that you will create by following ALB Instructions above) diff --git a/kustomize/base/addons/alb_ingress/ingress.yaml b/kustomize/base/addons/alb_ingress/ingress.yaml index 69ed75f223a..7299bb1d8bd 100644 --- a/kustomize/base/addons/alb_ingress/ingress.yaml +++ b/kustomize/base/addons/alb_ingress/ingress.yaml @@ -1,47 +1,139 @@ -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: "flytesystem" - namespace: "flyte" + name: flytesystem + namespace: flyte annotations: - # TODO ALB can only be used for REST non grpc endpoints kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/group.name: flytesystem labels: app: flyteadmin spec: rules: - - http: - paths: - - path: /console - backend: - serviceName: flyteconsole - servicePort: 80 - - path: /console/* - backend: - serviceName: flyteconsole - servicePort: 80 - - path: /api/* - backend: - serviceName: flyteadmin - servicePort: 80 - - path: /healthcheck - backend: - serviceName: flyteadmin - servicePort: 80 - - path: /v1/* - backend: - serviceName: flyteadmin - servicePort: 80 - # NOTE: Port 81 in flyteadmin is the GRPC server port for - # FlyteAdmin. - - path: /flyteidl.service.AdminService/* - backend: - serviceName: flyteadmin - servicePort: 81 - # Port 87 in FlyteAdmin maps to the redoc container. - - path: /openapi/* - backend: - serviceName: flyteadmin - servicePort: 87 + - http: + paths: + - path: /* + pathType: ImplementationSpecific + backend: + service: + name: ssl-redirect + port: + name: use-annotation + - path: /console + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /console/* + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /api/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /healthcheck + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /v1/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + # Port 87 in FlyteAdmin maps to the redoc container. + - path: /openapi/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /.well-known/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /me + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 diff --git a/kustomize/overlays/eks/flyte/dependencies/alb_ingress/ingress_grpc.yaml b/kustomize/base/addons/alb_ingress/ingress_grpc.yaml similarity index 73% rename from kustomize/overlays/eks/flyte/dependencies/alb_ingress/ingress_grpc.yaml rename to kustomize/base/addons/alb_ingress/ingress_grpc.yaml index e46cf93e01c..acddedd9f8e 100644 --- a/kustomize/overlays/eks/flyte/dependencies/alb_ingress/ingress_grpc.yaml +++ b/kustomize/base/addons/alb_ingress/ingress_grpc.yaml @@ -5,8 +5,8 @@ metadata: annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' alb.ingress.kubernetes.io/backend-protocol-version: GRPC - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:590375264460:certificate/e2f04275-2dff-4118-a493-ed3ec8f41605 - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production kubernetes.io/ingress.class: alb @@ -20,13 +20,6 @@ spec: rules: - http: paths: - - backend: - service: - name: ssl-redirect - port: - name: ssl-redirect - path: /* - pathType: ImplementationSpecific - backend: service: name: flyteadmin diff --git a/kustomize/base/addons/alb_ingress/kustomization.yaml b/kustomize/base/addons/alb_ingress/kustomization.yaml new file mode 100644 index 00000000000..2cb8f8d97aa --- /dev/null +++ b/kustomize/base/addons/alb_ingress/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ingress.yaml + - ingress_grpc.yaml diff --git a/kustomize/base/addons/storage/storage.yaml b/kustomize/base/addons/storage/storage.yaml index 2f72d3c9a64..b14b37be81c 100644 --- a/kustomize/base/addons/storage/storage.yaml +++ b/kustomize/base/addons/storage/storage.yaml @@ -14,25 +14,25 @@ spec: app: minio spec: volumes: - - name: minio-storage - emptyDir: {} + - name: minio-storage + emptyDir: {} containers: - - image: "minio/minio:RELEASE.2020-12-16T05-05-17Z" - name: minio - env: - - name: MINIO_ACCESS_KEY - value: minio - - name: MINIO_SECRET_KEY - value: miniostorage - args: - - server - - /data - ports: - - containerPort: 9000 + - image: "minio/minio:RELEASE.2020-12-16T05-05-17Z" name: minio - volumeMounts: - - name: minio-storage - mountPath: /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: miniostorage + args: + - server + - /data + ports: + - containerPort: 9000 + name: minio + volumeMounts: + - name: minio-storage + mountPath: /data --- apiVersion: v1 kind: Service @@ -42,11 +42,11 @@ metadata: spec: externalName: minio ports: - - port: 9000 + - port: 9000 selector: app: minio --- -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: minio @@ -55,9 +55,12 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - - http: - paths: - - path: /minio - backend: - serviceName: minio - servicePort: 9000 + - http: + paths: + - path: /minio + pathType: ImplementationSpecific + backend: + service: + name: minio + port: + number: 9000 diff --git a/kustomize/base/ingress/ingress.yaml b/kustomize/base/ingress/ingress.yaml index 431cbede0a0..041421259f4 100644 --- a/kustomize/base/ingress/ingress.yaml +++ b/kustomize/base/ingress/ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: flytesystem @@ -7,38 +7,151 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - - http: - paths: - # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - - path: /console - backend: - serviceName: flyteconsole - servicePort: 80 - # This is useful only for sandbox mode and should be templatized/removed in non-sandbox environments - - path: /__webpack_hmr - backend: - serviceName: flyteconsole - servicePort: 80 - - path: /api - backend: - serviceName: flyteadmin - servicePort: 80 - - path: /healthcheck - backend: - serviceName: flyteadmin - servicePort: 80 - - path: /v1 - backend: - serviceName: flyteadmin - servicePort: 80 - # NOTE: Port 81 in flyteadmin is the GRPC server port for - # FlyteAdmin. - - path: /flyteidl.service.AdminService - backend: - serviceName: flyteadmin - servicePort: 81 - # Port 87 in FlyteAdmin maps to the redoc container. - - path: /openapi - backend: - serviceName: flyteadmin - servicePort: 87 + - http: + paths: + # This is useful only for sandbox mode and should be templatized/removed in non-sandbox environments + - path: /__webpack_hmr + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + # NOTE: Port 81 in flyteadmin is the GRPC server port for + # FlyteAdmin. + - path: /flyteidl.service.AdminService + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 81 + # Port 87 in FlyteAdmin maps to the redoc container. + - path: /openapi + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 87 + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /console/* + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /api + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /api/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /healthcheck + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /v1/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + # Port 87 in FlyteAdmin maps to the redoc container. + - path: /openapi/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /.well-known/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /me + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 diff --git a/kustomize/base/ingress/kustomization.yaml b/kustomize/base/ingress/kustomization.yaml index 36e8c40ae51..14d8f3a54fd 100644 --- a/kustomize/base/ingress/kustomization.yaml +++ b/kustomize/base/ingress/kustomization.yaml @@ -1,2 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: -- ingress.yaml + - ingress.yaml diff --git a/kustomize/base/single_cluster/headless/kustomization.yaml b/kustomize/base/single_cluster/headless/kustomization.yaml index 4373a33e41a..c63c457102f 100644 --- a/kustomize/base/single_cluster/headless/kustomization.yaml +++ b/kustomize/base/single_cluster/headless/kustomization.yaml @@ -3,62 +3,61 @@ kind: Kustomization # All the resources that make up the deployment resources: -# global resources -- ../../namespace -- ../../ingress -- ../../admindeployment -- ../../datacatalog -- ../../wf_crd -- ../../propeller -- ../../adminserviceaccount + # global resources + - ../../namespace + - ../../admindeployment + - ../../datacatalog + - ../../wf_crd + - ../../propeller + - ../../adminserviceaccount configMapGenerator: -# the main admin configmap -- name: flyte-admin-config - files: - - ./config/admin/server.yaml - - ./config/admin/domain.yaml - - ./config/admin/db.yaml - - ./config/admin/cluster_resources.yaml - - ./config/admin/remote_data.yaml - - ./config/admin/task_resource_defaults.yaml - - ./config/common/storage.yaml - - ./config/common/logger.yaml + # the main admin configmap + - name: flyte-admin-config + files: + - ./config/admin/server.yaml + - ./config/admin/domain.yaml + - ./config/admin/db.yaml + - ./config/admin/cluster_resources.yaml + - ./config/admin/remote_data.yaml + - ./config/admin/task_resource_defaults.yaml + - ./config/common/storage.yaml + - ./config/common/logger.yaml -# cluster resource templates -- name: clusterresource-template - files: -# Files are read in alphabetical order. To ensure that we create the namespace first, prefix the file name with "aa". - - ./config/clusterresource-templates/aa_namespace.yaml - - ./config/clusterresource-templates/ab_project-resource-quota.yaml - - ./config/clusterresource-templates/ac_project-copilot-dataconfig.yaml + # cluster resource templates + - name: clusterresource-template + files: + # Files are read in alphabetical order. To ensure that we create the namespace first, prefix the file name with "aa". + - ./config/clusterresource-templates/aa_namespace.yaml + - ./config/clusterresource-templates/ab_project-resource-quota.yaml + - ./config/clusterresource-templates/ac_project-copilot-dataconfig.yaml -# Flyte Propeller Configuration -- name: flyte-propeller-config - files: - - ./config/propeller/core.yaml - - ./config/propeller/admin.yaml - - ./config/propeller/catalog.yaml - - ./config/propeller/resource_manager.yaml - - ./config/propeller/enabled_plugins.yaml - - ./config/propeller/plugins/copilot.yaml - - ./config/propeller/plugins/k8s.yaml - - ./config/common/storage.yaml - - ./config/common/logger.yaml + # Flyte Propeller Configuration + - name: flyte-propeller-config + files: + - ./config/propeller/core.yaml + - ./config/propeller/admin.yaml + - ./config/propeller/catalog.yaml + - ./config/propeller/resource_manager.yaml + - ./config/propeller/enabled_plugins.yaml + - ./config/propeller/plugins/copilot.yaml + - ./config/propeller/plugins/k8s.yaml + - ./config/common/storage.yaml + - ./config/common/logger.yaml -# TODO Flyte Console Configuration -#- name: flyte-console-config -# files: -# - ./config/console.yaml + # TODO Flyte Console Configuration + #- name: flyte-console-config + # files: + # - ./config/console.yaml -- name: datacatalog-config - files: - - ./config/datacatalog/server.yaml - - ./config/datacatalog/db.yaml - - ./config/common/storage.yaml - - ./config/common/logger.yaml + - name: datacatalog-config + files: + - ./config/datacatalog/server.yaml + - ./config/datacatalog/db.yaml + - ./config/common/storage.yaml + - ./config/common/logger.yaml secretGenerator: -- name: db-pass - literals: - - pass.txt="awesomesauce" + - name: db-pass + literals: + - pass.txt="awesomesauce" diff --git a/kustomize/overlays/eks/flyte/dependencies/alb_ingress/README.md b/kustomize/overlays/eks/flyte/dependencies/alb_ingress/README.md deleted file mode 100644 index 5056593ecbf..00000000000 --- a/kustomize/overlays/eks/flyte/dependencies/alb_ingress/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# :construction: Instructions to deploy ALB Ingress controller - -Follow instructions here to install ALB Ingress Controller: https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html - -Replace `alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:590375264460:certificate/e2f04275-2dff-4118-a493-ed3ec8f41605` in ingress.yaml and ingress_grpc.yaml with your own SSL cert (that you will create by following ALB Instructions above) diff --git a/kustomize/overlays/eks/flyte/dependencies/alb_ingress/ingress.yaml b/kustomize/overlays/eks/flyte/dependencies/alb_ingress/ingress.yaml deleted file mode 100644 index 69f56320d9e..00000000000 --- a/kustomize/overlays/eks/flyte/dependencies/alb_ingress/ingress.yaml +++ /dev/null @@ -1,140 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flytesystem - namespace: flyte - annotations: - # TODO ALB can only be used for REST non grpc endpoints - kubernetes.io/ingress.class: alb - alb.ingress.kubernetes.io/tags: service_instance=production - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:590375264460:certificate/e2f04275-2dff-4118-a493-ed3ec8f41605 - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/group.name: flytesystem - labels: - app: flyteadmin -spec: - rules: - - http: - paths: - - path: /* - pathType: ImplementationSpecific - backend: - service: - name: ssl-redirect - port: - name: use-annotation - - path: /console - pathType: ImplementationSpecific - backend: - service: - name: flyteconsole - port: - number: 80 - - path: /console/* - pathType: ImplementationSpecific - backend: - service: - name: flyteconsole - port: - number: 80 - - path: /api/* - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /healthcheck - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /v1/* - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - # Port 87 in FlyteAdmin maps to the redoc container. - - path: /openapi/* - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /.well-known/* - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /login - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /login/* - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /logout - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /logout/* - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /callback - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /callback/* - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /me - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /config - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 - - path: /config/* - pathType: ImplementationSpecific - backend: - service: - name: flyteadmin - port: - number: 80 diff --git a/kustomize/overlays/eks/flyte/kustomization.yaml b/kustomize/overlays/eks/flyte/kustomization.yaml index 75ad9c65633..8c07bbff894 100644 --- a/kustomize/overlays/eks/flyte/kustomization.yaml +++ b/kustomize/overlays/eks/flyte/kustomization.yaml @@ -10,8 +10,6 @@ bases: resources: - datacatalog/service.yaml - propeller/service.yaml - - ./dependencies/alb_ingress/ingress_grpc.yaml - - ./dependencies/alb_ingress/ingress.yaml patchesStrategicMerge: - admin/deployment.yaml diff --git a/kustomize/overlays/eks/kustomization.yaml b/kustomize/overlays/eks/kustomization.yaml index d9ddc376c77..258f55181e2 100644 --- a/kustomize/overlays/eks/kustomization.yaml +++ b/kustomize/overlays/eks/kustomization.yaml @@ -14,8 +14,7 @@ bases: # Add node ports for ease of use locally - ../../base/operators/spark - ../../base/operators/kfoperators/pytorch - # TODO Fix deployment of alb_ingress controller - #- ../../base/addons/alb_ingress + - ../../base/addons/alb_ingress # Optional dependency - ../../base/addons/redis diff --git a/kustomize/overlays/gcp/kustomization.yaml b/kustomize/overlays/gcp/kustomization.yaml index 9ac428bf1d6..abdaad34af8 100644 --- a/kustomize/overlays/gcp/kustomization.yaml +++ b/kustomize/overlays/gcp/kustomization.yaml @@ -12,6 +12,7 @@ bases: # This is used for Resource pooling. On cloud you can use hosted redis (e.g. AWS elasticache) # Contour is used to create ingress. On cloud service use the default provided ingress controllers or cloud LB's # Add node ports for ease of use locally + - ../../base/ingress - ../../base/operators/spark - ../../base/operators/kfoperators/pytorch - ../../base/addons/cloudsqlproxy diff --git a/kustomize/overlays/sandbox/kustomization.yaml b/kustomize/overlays/sandbox/kustomization.yaml index c23d6a70e16..5316bcdcd87 100644 --- a/kustomize/overlays/sandbox/kustomization.yaml +++ b/kustomize/overlays/sandbox/kustomization.yaml @@ -12,6 +12,7 @@ bases: # This is used for Resource pooling. On cloud you can use hosted redis (e.g. AWS elasticache) # Contour is used to create ingress. On cloud service use the default provided ingress controllers or cloud LB's # Add node ports for ease of use locally + - ../../base/ingress - ../../base/addons/database - ../../base/addons/kubernetes_dashboard - ../../base/addons/storage