From 07905ad4fd899065c85ac886e787e9247347c919 Mon Sep 17 00:00:00 2001 From: Ruslan Stanevich Date: Tue, 13 Oct 2020 21:58:18 +0300 Subject: [PATCH 1/5] Helm chart for Flyte - initial commit --- helm/.helmignore | 23 + helm/Chart.yaml | 6 + helm/README.MD | 11 + helm/templates/_helpers.tpl | 216 ++++++ helm/templates/admin/configmap.yaml | 22 + helm/templates/admin/cronjob.yaml | 41 ++ helm/templates/admin/deployment.yaml | 133 ++++ helm/templates/admin/rbac.yaml | 52 ++ helm/templates/admin/service.yaml | 27 + helm/templates/common/configmap.yaml | 25 + helm/templates/common/ingress.yaml | 40 ++ helm/templates/common/namespace.yaml | 4 + helm/templates/common/secret.yaml | 4 + helm/templates/console/configmap.yaml | 7 + helm/templates/console/deployment.yaml | 44 ++ helm/templates/console/service.yaml | 18 + .../templates/contour/crds/ingressroutes.yaml | 136 ++++ helm/templates/contour/deployment.yaml | 83 +++ helm/templates/contour/namespace.yaml | 6 + helm/templates/contour/rbac.yaml | 78 +++ helm/templates/contour/service.yaml | 17 + helm/templates/datacatalog/configmap.yaml | 14 + helm/templates/datacatalog/deployment.yaml | 69 ++ helm/templates/datacatalog/rbac.yaml | 11 + helm/templates/datacatalog/service.yaml | 27 + helm/templates/minio/deployment.yaml | 50 ++ helm/templates/minio/service.yaml | 21 + helm/templates/postgres/deployment.yaml | 42 ++ helm/templates/postgres/service.yaml | 21 + helm/templates/propeller/configmap.yaml | 32 + .../propeller/crds/flyteworkflow.yaml | 14 + helm/templates/propeller/deployment.yaml | 55 ++ helm/templates/propeller/rbac.yaml | 88 +++ .../pytorch-operator/crds/pytorchjobs.yaml | 44 ++ .../pytorch-operator/deployment.yaml | 48 ++ .../templates/pytorch-operator/namespace.yaml | 6 + helm/templates/pytorch-operator/rbac.yaml | 108 +++ helm/templates/pytorch-operator/service.yaml | 20 + helm/templates/redis/service.yaml | 21 + helm/templates/redis/statefulset.yaml | 70 ++ .../crds/scheduledsparkapplications.yaml | 103 +++ .../sparkoperator/crds/sparkapplications.yaml | 149 ++++ helm/templates/sparkoperator/deployment.yaml | 59 ++ helm/templates/sparkoperator/job.yaml | 28 + helm/templates/sparkoperator/namespace.yaml | 6 + helm/templates/sparkoperator/rbac.yaml | 167 +++++ helm/templates/sparkoperator/service.yaml | 20 + helm/values-eks.yaml | 645 ++++++++++++++++++ helm/values-sandbox.yaml | 146 ++++ helm/values.yaml | 550 +++++++++++++++ 50 files changed, 3627 insertions(+) create mode 100644 helm/.helmignore create mode 100644 helm/Chart.yaml create mode 100644 helm/README.MD create mode 100644 helm/templates/_helpers.tpl create mode 100644 helm/templates/admin/configmap.yaml create mode 100644 helm/templates/admin/cronjob.yaml create mode 100644 helm/templates/admin/deployment.yaml create mode 100644 helm/templates/admin/rbac.yaml create mode 100644 helm/templates/admin/service.yaml create mode 100644 helm/templates/common/configmap.yaml create mode 100644 helm/templates/common/ingress.yaml create mode 100644 helm/templates/common/namespace.yaml create mode 100644 helm/templates/common/secret.yaml create mode 100644 helm/templates/console/configmap.yaml create mode 100644 helm/templates/console/deployment.yaml create mode 100644 helm/templates/console/service.yaml create mode 100644 helm/templates/contour/crds/ingressroutes.yaml create mode 100644 helm/templates/contour/deployment.yaml create mode 100644 helm/templates/contour/namespace.yaml create mode 100644 helm/templates/contour/rbac.yaml create mode 100644 helm/templates/contour/service.yaml create mode 100644 helm/templates/datacatalog/configmap.yaml create mode 100644 helm/templates/datacatalog/deployment.yaml create mode 100644 helm/templates/datacatalog/rbac.yaml create mode 100644 helm/templates/datacatalog/service.yaml create mode 100644 helm/templates/minio/deployment.yaml create mode 100644 helm/templates/minio/service.yaml create mode 100644 helm/templates/postgres/deployment.yaml create mode 100644 helm/templates/postgres/service.yaml create mode 100644 helm/templates/propeller/configmap.yaml create mode 100644 helm/templates/propeller/crds/flyteworkflow.yaml create mode 100644 helm/templates/propeller/deployment.yaml create mode 100644 helm/templates/propeller/rbac.yaml create mode 100644 helm/templates/pytorch-operator/crds/pytorchjobs.yaml create mode 100644 helm/templates/pytorch-operator/deployment.yaml create mode 100644 helm/templates/pytorch-operator/namespace.yaml create mode 100644 helm/templates/pytorch-operator/rbac.yaml create mode 100644 helm/templates/pytorch-operator/service.yaml create mode 100644 helm/templates/redis/service.yaml create mode 100644 helm/templates/redis/statefulset.yaml create mode 100644 helm/templates/sparkoperator/crds/scheduledsparkapplications.yaml create mode 100644 helm/templates/sparkoperator/crds/sparkapplications.yaml create mode 100644 helm/templates/sparkoperator/deployment.yaml create mode 100644 helm/templates/sparkoperator/job.yaml create mode 100644 helm/templates/sparkoperator/namespace.yaml create mode 100644 helm/templates/sparkoperator/rbac.yaml create mode 100644 helm/templates/sparkoperator/service.yaml create mode 100644 helm/values-eks.yaml create mode 100644 helm/values-sandbox.yaml create mode 100644 helm/values.yaml diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000000..aef2a99bd4 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: flyte +description: A Helm chart for Flyte +type: application +version: 0.1.0 +appVersion: 0.8.0 diff --git a/helm/README.MD b/helm/README.MD new file mode 100644 index 0000000000..bd8379c8b7 --- /dev/null +++ b/helm/README.MD @@ -0,0 +1,11 @@ +### SANDBOX INSTALLATION: +- Install `helm 3` realese version +- Generate `helm template --name-template=flyte-sandbox . -n flyte -f values-sandbox.yaml > flyte_generated_sandbox.yaml` +- Deploy the manifest `kubectl apply -f flyte_generated_sandbox.yaml` +- When all pods are running - run end2end tests: `kubectl apply -f ../end2end/tests/endtoend.yaml` +- Get flyte host `minikube service contour -n heptio-contour --url`. And then visit `http:///console` + +### CONFIGURATION NOTES: +- The docker images, their tags and other default parameters are configured in `values.yaml` file. +- Each Flyte installation type should have separate `values-*.yaml` file: for sandbox, EKS and etc. The configuration in `values.yaml` and the choosen config `values-*.yaml` are merged when generating the deployment manifest. +- The configuration in `values-sandbox.yaml` is ready for installation in minikube. But `values-eks.yaml` should be edited before installation: s3 bucket, RDS hosts, iam roles, secrets and etc need to be modified. diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 0000000000..189f8f89e8 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,216 @@ +{{/* vim: set filetype=mustache: */}} + + + +{{- define "flyte.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "flyte.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "flyte.namespace" -}} +{{- default .Release.Namespace .Values.forceNamespace | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + + +{{- define "flyteadmin.name" -}} +flyteadmin +{{- end -}} + +{{- define "flyteadmin.selectorLabels" -}} +app.kubernetes.io/name: {{ template "flyteadmin.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "flyteadmin.labels" -}} +{{ include "flyteadmin.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + + +{{- define "datacatalog.name" -}} +datacatalog +{{- end -}} + +{{- define "datacatalog.selectorLabels" -}} +app.kubernetes.io/name: {{ template "datacatalog.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "datacatalog.labels" -}} +{{ include "datacatalog.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + + +{{- define "flytepropeller.name" -}} +flytepropeller +{{- end -}} + +{{- define "flytepropeller.selectorLabels" -}} +app.kubernetes.io/name: {{ template "flytepropeller.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "flytepropeller.labels" -}} +{{ include "flytepropeller.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + + +{{- define "flyteconsole.name" -}} +flyteconsole +{{- end -}} + +{{- define "flyteconsole.selectorLabels" -}} +app.kubernetes.io/name: {{ template "flyteconsole.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "flyteconsole.labels" -}} +{{ include "flyteconsole.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + + +{{- define "redis.name" -}} +redis +{{- end -}} + +{{- define "redis.selectorLabels" -}} +app.kubernetes.io/name: {{ template "redis.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "redis.labels" -}} +{{ include "redis.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + + +{{- define "postgres.name" -}} +postgres +{{- end -}} + +{{- define "postgres.selectorLabels" -}} +app.kubernetes.io/name: {{ template "postgres.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "postgres.labels" -}} +{{ include "postgres.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + + +{{- define "minio.name" -}} +minio +{{- end -}} + +{{- define "minio.selectorLabels" -}} +app.kubernetes.io/name: {{ template "minio.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "minio.labels" -}} +{{ include "minio.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + +{{- define "contour.name" -}} +contour +{{- end -}} + +{{- define "contour.namespace" -}} +heptio-contour +{{- end -}} + +{{- define "contour.selectorLabels" -}} +app.kubernetes.io/name: {{ template "contour.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "contour.labels" -}} +{{ include "contour.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + + +{{- define "sparkoperator.name" -}} +sparkoperator +{{- end -}} + +{{- define "sparkoperator.namespace" -}} +sparkoperator +{{- end -}} + +{{- define "sparkoperator.selectorLabels" -}} +app.kubernetes.io/name: {{ template "sparkoperator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "sparkoperator.labels" -}} +{{ include "sparkoperator.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + + +{{- define "pytorch-operator.name" -}} +pytorch-operator +{{- end -}} + +{{- define "pytorch-operator.namespace" -}} +pytorch-operator +{{- end -}} + +{{- define "pytorch-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ template "pytorch-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "pytorch-operator.labels" -}} +{{ include "pytorch-operator.selectorLabels" . }} +helm.sh/chart: {{ include "flyte.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + +# +# SECRET +# + +{{- define "databaseSecret.volume" -}} +{{- with .Values.common.databaseSecret.name -}} +- name: {{ . }} + secret: + secretName: {{ . }} +{{- end }} +{{- end }} + +{{- define "databaseSecret.volumeMount" -}} +{{- with .Values.common.databaseSecret.name -}} +- mountPath: /etc/db + name: {{ . }} +{{- end }} +{{- end }} diff --git a/helm/templates/admin/configmap.yaml b/helm/templates/admin/configmap.yaml new file mode 100644 index 0000000000..75921682d2 --- /dev/null +++ b/helm/templates/admin/configmap.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-admin-config + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} +data: + cluster_resources.yaml: | {{ toYaml .Values.configmap.cluster_resources | nindent 4 }} + + db.yaml: | {{ toYaml .Values.configmap.db | nindent 4 }} + + domain.yaml: | {{ toYaml .Values.configmap.domain | nindent 4 }} + + logger.yaml: | {{ toYaml .Values.configmap.logger | nindent 4 }} + + remote_data.yaml: | {{ toYaml .Values.configmap.remote_data | nindent 4 }} + + server.yaml: | {{ toYaml .Values.configmap.server | nindent 4 }} + + storage.yaml: | {{ toYaml .Values.configmap.storage | nindent 4 }} + + task_resource_defaults.yaml: | {{ toYaml .Values.configmap.task_resource_defaults | nindent 4 }} diff --git a/helm/templates/admin/cronjob.yaml b/helm/templates/admin/cronjob.yaml new file mode 100644 index 0000000000..68477543ed --- /dev/null +++ b/helm/templates/admin/cronjob.yaml @@ -0,0 +1,41 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: syncresources + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} +spec: + schedule: '*/1 * * * *' + jobTemplate: + spec: + template: + {{- with .Values.flyteadmin.podAnnotations }} + metadata: + annotations: {{ toYaml . | nindent 12 }} + {{- end }} + spec: + containers: + - command: + - flyteadmin + - --logtostderr + - --config + - {{ .Values.flyteadmin.configPath }} + - clusterresource + - sync + image: "{{ .Values.flyteadmin.image.repository }}:{{ .Values.flyteadmin.image.tag }}" + imagePullPolicy: "{{ .Values.flyteadmin.image.pullPolicy }}" + name: sync-cluster-resources + volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 12 }} + - mountPath: /etc/flyte/clusterresource/templates + name: resource-templates + - mountPath: /etc/flyte/config + name: config-volume + restartPolicy: OnFailure + serviceAccountName: flyteadmin + volumes: {{- include "databaseSecret.volume" . | nindent 10 }} + - configMap: + name: clusterresource-template + name: resource-templates + - configMap: + name: flyte-admin-config + name: config-volume diff --git a/helm/templates/admin/deployment.yaml b/helm/templates/admin/deployment.yaml new file mode 100644 index 0000000000..075488534a --- /dev/null +++ b/helm/templates/admin/deployment.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "flyteadmin.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.flyteadmin.replicaCount }} + selector: + matchLabels: {{ include "flyteadmin.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + configChecksum: {{ include (print .Template.BasePath "/admin/configmap.yaml") . | sha256sum | trunc 63 | quote }} + {{- with .Values.flyteadmin.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "flyteadmin.labels" . | nindent 8 }} + spec: + initContainers: + {{- if .Values.postgres.enabled }} + - name: check-db-ready + image: postgres:10.1 + command: + - sh + - -c + - until pg_isready -h postgres -p 5432; do echo waiting for database; sleep 2; done; + {{- end }} + - command: + - flyteadmin + - --logtostderr + - --config + - {{ .Values.flyteadmin.configPath }} + - migrate + - run + image: "{{ .Values.flyteadmin.image.repository }}:{{ .Values.flyteadmin.image.tag }}" + imagePullPolicy: "{{ .Values.flyteadmin.image.pullPolicy }}" + name: run-migrations + volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} + - mountPath: /etc/flyte/config + name: config-volume + - command: + - flyteadmin + - --logtostderr + - --config + - {{ .Values.flyteadmin.configPath }} + - migrate + - seed-projects + - flytesnacks + - flytetester + - flyteexamples + image: "{{ .Values.flyteadmin.image.repository }}:{{ .Values.flyteadmin.image.tag }}" + imagePullPolicy: "{{ .Values.flyteadmin.image.pullPolicy }}" + name: seed-projects + volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} + - mountPath: /etc/flyte/config + name: config-volume + - command: + - flyteadmin + - --logtostderr + - --config + - {{ .Values.flyteadmin.configPath }} + - clusterresource + - sync + image: "{{ .Values.flyteadmin.image.repository }}:{{ .Values.flyteadmin.image.tag }}" + imagePullPolicy: "{{ .Values.flyteadmin.image.pullPolicy }}" + name: sync-cluster-resources + volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} + - mountPath: /etc/flyte/clusterresource/templates + name: resource-templates + - mountPath: /etc/flyte/config + name: config-volume + containers: + - command: + - flyteadmin + - --logtostderr + - --config + - {{ .Values.flyteadmin.configPath }} + {{- with .Values.flyteadmin.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + - serve + image: "{{ .Values.flyteadmin.image.repository }}:{{ .Values.flyteadmin.image.tag }}" + imagePullPolicy: "{{ .Values.flyteadmin.image.pullPolicy }}" + name: flyteadmin + ports: + - containerPort: 8088 + - containerPort: 8089 + resources: {{ toYaml .Values.flyteadmin.resources | nindent 10 }} + volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} + - mountPath: /srv/flyte + name: shared-data + - mountPath: /etc/flyte/config + name: config-volume + - command: + - sh + - -c + - ln -s /usr/share/nginx/html /usr/share/nginx/html/openapi && sh /usr/local/bin/docker-run.sh + env: + - name: PAGE_TITLE + value: Flyte Admin OpenAPI + - name: SPEC_URL + value: /api/v1/openapi + - name: PORT + value: "8087" + image: docker.io/redocly/redoc + imagePullPolicy: IfNotPresent + name: redoc + ports: + - containerPort: 8087 + resources: + limits: + cpu: "0.1" + memory: 200Mi + serviceAccountName: {{ template "flyteadmin.name" . }} + volumes: {{- include "databaseSecret.volume" . | nindent 6 }} + - emptyDir: {} + name: shared-data + - configMap: + name: flyte-admin-config + name: config-volume + - configMap: + name: clusterresource-template + name: resource-templates + {{- with .Values.flyteadmin.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.flyteadmin.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.flyteadmin.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/templates/admin/rbac.yaml b/helm/templates/admin/rbac.yaml new file mode 100644 index 0000000000..8b430aca9c --- /dev/null +++ b/helm/templates/admin/rbac.yaml @@ -0,0 +1,52 @@ + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "flyteadmin.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} + {{- with .Values.flyteadmin.serviceAccountAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "flyteadmin.name" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + - flyte.lyft.com + - rbac.authorization.k8s.io + resources: + - configmaps + - flyteworkflows + - namespaces + - pods + - resourcequotas + - roles + - rolebindings + - secrets + - services + - serviceaccounts + - spark-role + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "flyteadmin.name" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "flyteadmin.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "flyteadmin.name" . }} + namespace: {{ template "flyte.namespace" . }} diff --git a/helm/templates/admin/service.yaml b/helm/templates/admin/service.yaml new file mode 100644 index 0000000000..2a2193940f --- /dev/null +++ b/helm/templates/admin/service.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "flyteadmin.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} + {{- with .Values.flyteadmin.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.flyteadmin.service.type}} + type: {{ . }} + {{- end }} + ports: + - name: redoc + port: 87 + protocol: TCP + targetPort: 8087 + - name: http + port: 80 + protocol: TCP + targetPort: 8088 + - name: grpc + port: 81 + protocol: TCP + targetPort: 8089 + selector: {{ include "flyteadmin.selectorLabels" . | nindent 4 }} diff --git a/helm/templates/common/configmap.yaml b/helm/templates/common/configmap.yaml new file mode 100644 index 0000000000..606585656f --- /dev/null +++ b/helm/templates/common/configmap.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: clusterresource-template + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} +data: +{{- with .Values.configmap.aa_namespace }} + aa_namespace.yaml: | {{ . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.ab_project_resource_quota }} + ab_project-resource-quota.yaml: | {{ . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.ac_project_copilot_dataconfig }} + ac_project-copilot-dataconfig.yaml: | {{ . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.ad_spark_role }} + ad_spark-role.yaml: | {{ . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.ae_spark_service_account }} + ae_spark-service-account.yaml: | {{ . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.af_spark_role_binding }} + af_spark-role-binding.yaml: | {{ . | nindent 4 }} +{{- end }} diff --git a/helm/templates/common/ingress.yaml b/helm/templates/common/ingress.yaml new file mode 100644 index 0000000000..93c65bcbcf --- /dev/null +++ b/helm/templates/common/ingress.yaml @@ -0,0 +1,40 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "flyte.name" . }} + namespace: {{ template "flyte.namespace" . }} + {{- with .Values.common.ingressAnnotations }} + annotations: {{ toYaml . | nindent 4}} + {{- end }} +spec: + rules: + - http: + paths: + - backend: + serviceName: flyteconsole + servicePort: 80 + path: /console + - backend: + serviceName: flyteconsole + servicePort: 80 + path: /__webpack_hmr + - backend: + serviceName: flyteadmin + servicePort: 80 + path: /api + - backend: + serviceName: flyteadmin + servicePort: 80 + path: /healthcheck + - backend: + serviceName: flyteadmin + servicePort: 80 + path: /v1 + - backend: + serviceName: flyteadmin + servicePort: 81 + path: /flyteidl.service.AdminService + - backend: + serviceName: flyteadmin + servicePort: 87 + path: /openapi diff --git a/helm/templates/common/namespace.yaml b/helm/templates/common/namespace.yaml new file mode 100644 index 0000000000..bf158e57c9 --- /dev/null +++ b/helm/templates/common/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{ template "flyte.namespace" . }} diff --git a/helm/templates/common/secret.yaml b/helm/templates/common/secret.yaml new file mode 100644 index 0000000000..7eb925de80 --- /dev/null +++ b/helm/templates/common/secret.yaml @@ -0,0 +1,4 @@ +{{- with .Values.common.databaseSecret.secretManifest }} +{{ toYaml . }} +{{- end }} + \ No newline at end of file diff --git a/helm/templates/console/configmap.yaml b/helm/templates/console/configmap.yaml new file mode 100644 index 0000000000..084091b781 --- /dev/null +++ b/helm/templates/console/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-console-config + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteconsole.labels" . | nindent 4 }} +data: {{ toYaml .Values.configmap.console | nindent 2 }} diff --git a/helm/templates/console/deployment.yaml b/helm/templates/console/deployment.yaml new file mode 100644 index 0000000000..298fb2661e --- /dev/null +++ b/helm/templates/console/deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "flyteconsole.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteconsole.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.flyteconsole.replicaCount }} + selector: + matchLabels: {{ include "flyteconsole.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + configChecksum: {{ include (print .Template.BasePath "/console/configmap.yaml") . | sha256sum | trunc 63 | quote }} + {{- with .Values.flyteconsole.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "flyteconsole.labels" . | nindent 8 }} + spec: + containers: + - image: "{{ .Values.flyteconsole.image.repository }}:{{ .Values.flyteconsole.image.tag }}" + imagePullPolicy: "{{ .Values.flyteconsole.image.pullPolicy }}" + name: flyteconsole + envFrom: + - configMapRef: + name: flyte-console-config + ports: + - containerPort: 8080 + resources: {{ toYaml .Values.flyteconsole.resources | nindent 10 }} + volumeMounts: + - mountPath: /srv/flyte + name: shared-data + volumes: + - emptyDir: {} + name: shared-data + {{- with .Values.flyteconsole.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.flyteconsole.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.flyteconsole.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/helm/templates/console/service.yaml b/helm/templates/console/service.yaml new file mode 100644 index 0000000000..c007243455 --- /dev/null +++ b/helm/templates/console/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "flyteconsole.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteconsole.labels" . | nindent 4 }} + {{- with .Values.flyteconsole.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.flyteconsole.service.type}} + type: {{ . }} + {{- end }} + ports: + - port: 80 + protocol: TCP + targetPort: 8080 + selector: {{ include "flyteconsole.selectorLabels" . | nindent 4 }} diff --git a/helm/templates/contour/crds/ingressroutes.yaml b/helm/templates/contour/crds/ingressroutes.yaml new file mode 100644 index 0000000000..d4b258c836 --- /dev/null +++ b/helm/templates/contour/crds/ingressroutes.yaml @@ -0,0 +1,136 @@ +{{- if .Values.contour.enabled }} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressroutes.contour.heptio.com + labels: + component: ingressroute +spec: + group: contour.heptio.com + version: v1beta1 + scope: Namespaced + names: + plural: ingressroutes + kind: IngressRoute + additionalPrinterColumns: + - name: FQDN + type: string + description: Fully qualified domain name + JSONPath: .spec.virtualhost.fqdn + - name: TLS Secret + type: string + description: Secret with TLS credentials + JSONPath: .spec.virtualhost.tls.secretName + - name: First route + type: string + description: First routes defined + JSONPath: .spec.routes[0].match + - name: Status + type: string + description: The current status of the IngressRoute + JSONPath: .status.currentStatus + - name: Status Description + type: string + description: Description of the current status + JSONPath: .status.description + validation: + openAPIV3Schema: + properties: + spec: + required: + - routes + properties: + virtualhost: + properties: + fqdn: + type: string + pattern: ^([a-zA-Z0-9]+(-[a-zA-Z0-9]+)*\.)+[a-z]{2,}$ + aliases: + type: array + items: + type: string + pattern: ^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$ + strategy: + type: string + enum: + - RoundRobin + - LeastRequest + - Random + - RingHash + - Maglev + healthCheck: + type: object + required: + - path + properties: + path: + type: string + pattern: ^\/.*$ + intervalSeconds: + type: integer + timeoutSeconds: + type: integer + unhealthyThresholdCount: + type: integer + healthyThresholdCount: + type: integer + routes: + type: array + items: + required: + - match + properties: + match: + type: string + pattern: ^\/.*$ + delegate: + type: object + required: + - name + properties: + name: + type: string + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ # DNS-1123 + namespace: + type: string + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ # DNS-1123 + services: + type: array + items: + type: object + required: + - name + - port + properties: + name: + type: string + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ # DNS-1123 + port: + type: integer + weight: + type: integer + strategy: + type: string + enum: + - RoundRobin + - WeightedLeastRequest + - Random + - RingHash + - Maglev + healthCheck: + type: object + required: + - path + properties: + path: + type: string + pattern: ^\/.*$ + intervalSeconds: + type: integer + timeoutSeconds: + type: integer + unhealthyThresholdCount: + type: integer + healthyThresholdCount: + type: integer +{{- end }} diff --git a/helm/templates/contour/deployment.yaml b/helm/templates/contour/deployment.yaml new file mode 100644 index 0000000000..d4733d7257 --- /dev/null +++ b/helm/templates/contour/deployment.yaml @@ -0,0 +1,83 @@ +{{- if .Values.contour.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "contour.name" . }} + namespace: {{ template "contour.namespace" . }} + labels: {{ include "contour.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.contour.replicaCount }} + selector: + matchLabels: {{ include "contour.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.contour.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "contour.labels" . | nindent 8 }} + spec: + initContainers: + - image: "{{ .Values.contour.contour.image.repository }}:{{ .Values.contour.contour.image.tag }}" + imagePullPolicy: "{{ .Values.contour.contour.image.pullPolicy }}" + name: envoy-initconfig + command: + - contour + args: + - bootstrap + - /config/contour.yaml + - --statsd-enabled + volumeMounts: + - name: contour-config + mountPath: /config + containers: + - image: "{{ .Values.contour.envoy.image.repository }}:{{ .Values.contour.envoy.image.tag }}" + imagePullPolicy: "{{ .Values.contour.envoy.image.pullPolicy }}" + name: envoy + command: + - envoy + args: + - -c + - /config/contour.yaml + - --service-cluster + - cluster0 + - --service-node + - node0 + ports: + - containerPort: 80 + name: http + - containerPort: 8002 + name: statsd + resources: {{ toYaml .Values.contour.envoy.resources | nindent 10 }} + volumeMounts: + - name: contour-config + mountPath: /config + - image: "{{ .Values.contour.contour.image.repository }}:{{ .Values.contour.contour.image.tag }}" + imagePullPolicy: "{{ .Values.contour.contour.image.pullPolicy }}" + ports: + - containerPort: 8000 + name: contour + name: contour + command: + - contour + args: + - serve + - --incluster + - --envoy-http-port=80 + - --debug-http-port=6069 + resources: {{ toYaml .Values.contour.contour.resources | nindent 10 }} + volumes: + - name: contour-config + emptyDir: {} + dnsPolicy: ClusterFirst + serviceAccountName: {{ template "contour.name" . }} + terminationGracePeriodSeconds: 30 + {{- with .Values.contour.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contour.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contour.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/templates/contour/namespace.yaml b/helm/templates/contour/namespace.yaml new file mode 100644 index 0000000000..5262f4fb84 --- /dev/null +++ b/helm/templates/contour/namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.sparkoperator.enabled }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ template "contour.namespace" . }} +{{- end }} diff --git a/helm/templates/contour/rbac.yaml b/helm/templates/contour/rbac.yaml new file mode 100644 index 0000000000..00d6d43868 --- /dev/null +++ b/helm/templates/contour/rbac.yaml @@ -0,0 +1,78 @@ +{{- if .Values.contour.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "contour.name" . }} + namespace: {{ template "contour.namespace" . }} + labels: {{ include "contour.labels" . | nindent 4 }} + {{- with .Values.contour.serviceAccountAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "contour.name" . }} + labels: {{ include "contour.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: ["contour.heptio.com"] + resources: ["ingressroutes"] + verbs: + - get + - list + - watch + - put + - post + - patch + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "contour.name" . }} + labels: {{ include "contour.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "contour.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "contour.name" . }} + namespace: {{ template "contour.namespace" . }} + +{{- end }} diff --git a/helm/templates/contour/service.yaml b/helm/templates/contour/service.yaml new file mode 100644 index 0000000000..e64e19d6ff --- /dev/null +++ b/helm/templates/contour/service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.contour.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "contour.name" . }} + namespace: {{ template "contour.namespace" . }} + labels: {{ include "contour.labels" . | nindent 4 }} + {{- with .Values.contour.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.contour.service.type}} + type: {{ . }} + {{- end }} + ports: {{ toYaml .Values.contour.service.ports | nindent 4 }} + selector: {{ include "contour.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/templates/datacatalog/configmap.yaml b/helm/templates/datacatalog/configmap.yaml new file mode 100644 index 0000000000..a552b02dac --- /dev/null +++ b/helm/templates/datacatalog/configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: datacatalog-config + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "datacatalog.labels" . | nindent 4 }} +data: + db.yaml: | {{ toYaml .Values.configmap.db | nindent 4 }} + + logger.yaml: | {{ toYaml .Values.configmap.logger | nindent 4 }} + + server.yaml: | {{ toYaml .Values.configmap.datacatalogServer | nindent 4 }} + + storage.yaml: | {{ toYaml .Values.configmap.storage | nindent 4 }} diff --git a/helm/templates/datacatalog/deployment.yaml b/helm/templates/datacatalog/deployment.yaml new file mode 100644 index 0000000000..23981b1c0a --- /dev/null +++ b/helm/templates/datacatalog/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "datacatalog.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "datacatalog.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.datacatalog.replicaCount }} + selector: + matchLabels: {{ include "datacatalog.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + configChecksum: {{ include (print .Template.BasePath "/datacatalog/configmap.yaml") . | sha256sum | trunc 63 | quote }} + {{- with .Values.datacatalog.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "datacatalog.labels" . | nindent 8 }} + spec: + initContainers: + - command: + - datacatalog + - --logtostderr + - --config + - {{ .Values.datacatalog.configPath }} + - migrate + - run + image: "{{ .Values.datacatalog.image.repository }}:{{ .Values.datacatalog.image.tag }}" + imagePullPolicy: "{{ .Values.datacatalog.image.pullPolicy }}" + name: run-migrations + volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} + - mountPath: /etc/datacatalog/config + name: config-volume + containers: + - command: + - datacatalog + - --logtostderr + - --config + - {{ .Values.datacatalog.configPath }} + {{- with .Values.datacatalog.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + - serve + image: "{{ .Values.datacatalog.image.repository }}:{{ .Values.datacatalog.image.tag }}" + imagePullPolicy: "{{ .Values.datacatalog.image.pullPolicy }}" + name: datacatalog + ports: + - containerPort: 8088 + - containerPort: 8089 + resources: {{ toYaml .Values.datacatalog.resources | nindent 10 }} + volumeMounts: {{- include "databaseSecret.volumeMount" . | nindent 8 }} + - mountPath: /etc/datacatalog/config + name: config-volume + serviceAccountName: {{ template "datacatalog.name" . }} + volumes: {{- include "databaseSecret.volume" . | nindent 6 }} + - emptyDir: {} + name: shared-data + - configMap: + name: datacatalog-config + name: config-volume + {{- with .Values.datacatalog.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.datacatalog.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.datacatalog.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/templates/datacatalog/rbac.yaml b/helm/templates/datacatalog/rbac.yaml new file mode 100644 index 0000000000..ca1ab89afd --- /dev/null +++ b/helm/templates/datacatalog/rbac.yaml @@ -0,0 +1,11 @@ + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "datacatalog.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "datacatalog.labels" . | nindent 4 }} + {{- with .Values.datacatalog.serviceAccountAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} diff --git a/helm/templates/datacatalog/service.yaml b/helm/templates/datacatalog/service.yaml new file mode 100644 index 0000000000..07958d2f34 --- /dev/null +++ b/helm/templates/datacatalog/service.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "datacatalog.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "datacatalog.labels" . | nindent 4 }} + {{- with .Values.datacatalog.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.datacatalog.service.type}} + type: {{ . }} + {{- end }} + ports: + - name: grpc-2 + port: 8089 + protocol: TCP + targetPort: 8089 + - name: http + port: 88 + protocol: TCP + targetPort: 8088 + - name: grpc + port: 89 + protocol: TCP + targetPort: 8089 + selector: {{ include "datacatalog.selectorLabels" . | nindent 4 }} diff --git a/helm/templates/minio/deployment.yaml b/helm/templates/minio/deployment.yaml new file mode 100644 index 0000000000..63b57d293c --- /dev/null +++ b/helm/templates/minio/deployment.yaml @@ -0,0 +1,50 @@ +{{- if .Values.minio.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "minio.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "minio.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.minio.replicaCount }} + selector: + matchLabels: {{ include "minio.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.minio.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "minio.labels" . | nindent 8 }} + spec: + containers: + - image: "{{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag }}" + imagePullPolicy: "{{ .Values.minio.image.pullPolicy }}" + name: minio + args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: miniostorage + ports: + - containerPort: 9000 + name: minio + resources: {{ toYaml .Values.minio.resources | nindent 10 }} + volumeMounts: + - name: minio-storage + mountPath: /var/lib/minioql/data + volumes: + - name: minio-storage + emptyDir: {} + {{- with .Values.minio.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.minio.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.minio.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/templates/minio/service.yaml b/helm/templates/minio/service.yaml new file mode 100644 index 0000000000..b9b56cc1bc --- /dev/null +++ b/helm/templates/minio/service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.minio.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "minio.labels" . | nindent 4 }} + {{- with .Values.minio.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.minio.service.type}} + type: {{ . }} + {{- end }} + ports: + - name: minio + port: 9000 + protocol: TCP + targetPort: minio + selector: {{ include "minio.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/templates/postgres/deployment.yaml b/helm/templates/postgres/deployment.yaml new file mode 100644 index 0000000000..13ec8209c3 --- /dev/null +++ b/helm/templates/postgres/deployment.yaml @@ -0,0 +1,42 @@ +{{- if .Values.postgres.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "postgres.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "postgres.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.postgres.replicaCount }} + selector: + matchLabels: {{ include "postgres.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.postgres.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "postgres.labels" . | nindent 8 }} + spec: + containers: + - image: "{{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}" + imagePullPolicy: "{{ .Values.postgres.image.pullPolicy }}" + name: postgres + ports: + - containerPort: 5432 + name: postgres + resources: {{ toYaml .Values.postgres.resources | nindent 10 }} + volumeMounts: + - name: postgres-storage + mountPath: /var/lib/postgresql/data + volumes: + - name: postgres-storage + emptyDir: {} + {{- with .Values.postgres.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.postgres.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.postgres.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/templates/postgres/service.yaml b/helm/templates/postgres/service.yaml new file mode 100644 index 0000000000..4309df215e --- /dev/null +++ b/helm/templates/postgres/service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.minio.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgres.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "postgres.labels" . | nindent 4 }} + {{- with .Values.postgres.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.postgres.service.type}} + type: {{ . }} + {{- end }} + ports: + - name: postgres + port: 5432 + protocol: TCP + targetPort: postgres + selector: {{ include "postgres.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/templates/propeller/configmap.yaml b/helm/templates/propeller/configmap.yaml new file mode 100644 index 0000000000..5d341c05bd --- /dev/null +++ b/helm/templates/propeller/configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-propeller-config + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} +data: + admin.yaml: | {{ toYaml .Values.configmap.admin | nindent 4 }} + + catalog.yaml: | {{ toYaml .Values.configmap.catalog | nindent 4 }} + + catalog_cache.yaml: | {{ toYaml .Values.configmap.catalog_cache | nindent 4 }} + + copilot.yaml: | {{ toYaml .Values.configmap.copilot | nindent 4 }} + + core.yaml: | {{ toYaml .Values.configmap.core | nindent 4 }} + + enabled_plugins.yaml: | {{ toYaml .Values.configmap.enabled_plugins | nindent 4 }} + + k8s.yaml: | {{ toYaml .Values.configmap.k8s | nindent 4 }} + + logger.yaml: | {{ toYaml .Values.configmap.logger | nindent 4 }} + + qubole.yaml: | {{ toYaml .Values.configmap.qubole | nindent 4 }} + + resource_manager.yaml: | {{ toYaml .Values.configmap.resource_manager | nindent 4 }} + + spark.yaml: | {{ toYaml .Values.configmap.spark | nindent 4 }} + + storage.yaml: | {{ toYaml .Values.configmap.storage | nindent 4 }} + + task_logs.yaml: | {{ toYaml .Values.configmap.task_logs | nindent 4 }} diff --git a/helm/templates/propeller/crds/flyteworkflow.yaml b/helm/templates/propeller/crds/flyteworkflow.yaml new file mode 100644 index 0000000000..1095feca6b --- /dev/null +++ b/helm/templates/propeller/crds/flyteworkflow.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: flyteworkflows.flyte.lyft.com +spec: + group: flyte.lyft.com + names: + kind: FlyteWorkflow + plural: flyteworkflows + shortNames: + - fly + singular: flyteworkflow + scope: Namespaced + version: v1alpha1 diff --git a/helm/templates/propeller/deployment.yaml b/helm/templates/propeller/deployment.yaml new file mode 100644 index 0000000000..fc11b1eb3d --- /dev/null +++ b/helm/templates/propeller/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "flytepropeller.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flytepropeller.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.flytepropeller.replicaCount }} + selector: + matchLabels: {{ include "flytepropeller.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + configChecksum: {{ include (print .Template.BasePath "/propeller/configmap.yaml") . | sha256sum | trunc 63 | quote }} + {{- with .Values.flytepropeller.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "flytepropeller.labels" . | nindent 8 }} + spec: + containers: + - command: + - flytepropeller + - --config + - {{ .Values.flytepropeller.configPath }} + {{- with .Values.flytepropeller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: "{{ .Values.flytepropeller.image.repository }}:{{ .Values.flytepropeller.image.tag }}" + imagePullPolicy: "{{ .Values.flytepropeller.image.pullPolicy }}" + name: flytepropeller + ports: + - containerPort: 10254 + resources: {{ toYaml .Values.flytepropeller.resources | nindent 10 }} + volumeMounts: + - mountPath: /etc/flyte/config + name: config-volume + serviceAccountName: {{ template "flytepropeller.name" . }} + volumes: + - configMap: + name: flyte-propeller-config + name: config-volume + {{- with .Values.flytepropeller.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.flytepropeller.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.flytepropeller.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/templates/propeller/rbac.yaml b/helm/templates/propeller/rbac.yaml new file mode 100644 index 0000000000..dd0cee2788 --- /dev/null +++ b/helm/templates/propeller/rbac.yaml @@ -0,0 +1,88 @@ + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "flytepropeller.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flytepropeller.labels" . | nindent 4 }} + {{- with .Values.flytepropeller.serviceAccountAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "flytepropeller.name" . }} + labels: {{ include "flytepropeller.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - delete + - patch +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - delete + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete + - update +- apiGroups: + - flyte.lyft.com + resources: + - flyteworkflows + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - post + - deletecollection + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "flytepropeller.name" . }} + labels: {{ include "flytepropeller.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "flytepropeller.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "flytepropeller.name" . }} + namespace: {{ template "flyte.namespace" . }} diff --git a/helm/templates/pytorch-operator/crds/pytorchjobs.yaml b/helm/templates/pytorch-operator/crds/pytorchjobs.yaml new file mode 100644 index 0000000000..ae2b7b7e78 --- /dev/null +++ b/helm/templates/pytorch-operator/crds/pytorchjobs.yaml @@ -0,0 +1,44 @@ +{{- if .Values.pytorchoperator.enabled }} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pytorchjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: PyTorchJob + plural: pytorchjobs + singular: pytorchjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + pytorchReplicaSpecs: + properties: + Master: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true +{{- end }} diff --git a/helm/templates/pytorch-operator/deployment.yaml b/helm/templates/pytorch-operator/deployment.yaml new file mode 100644 index 0000000000..02dc98fb01 --- /dev/null +++ b/helm/templates/pytorch-operator/deployment.yaml @@ -0,0 +1,48 @@ +{{- if .Values.pytorchoperator.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pytorch-operator.name" . }} + namespace: {{ template "pytorch-operator.namespace" . }} + labels: {{ include "pytorch-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.pytorchoperator.replicaCount }} + selector: + matchLabels: {{ include "pytorch-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.pytorchoperator.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "pytorch-operator.labels" . | nindent 8 }} + spec: + containers: + - image: "{{ .Values.pytorchoperator.image.repository }}:{{ .Values.pytorchoperator.image.tag }}" + imagePullPolicy: "{{ .Values.pytorchoperator.image.pullPolicy }}" + name: pytorch-operator + command: + - /pytorch-operator.v1 + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + resources: {{ toYaml .Values.pytorchoperator.resources | nindent 10 }} + serviceAccountName: {{ template "pytorch-operator.name" . }} + {{- with .Values.pytorchoperator.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.pytorchoperator.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.pytorchoperator.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/templates/pytorch-operator/namespace.yaml b/helm/templates/pytorch-operator/namespace.yaml new file mode 100644 index 0000000000..6e15ce3dc0 --- /dev/null +++ b/helm/templates/pytorch-operator/namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.pytorchoperator.enabled }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ template "pytorch-operator.namespace" . }} +{{- end }} diff --git a/helm/templates/pytorch-operator/rbac.yaml b/helm/templates/pytorch-operator/rbac.yaml new file mode 100644 index 0000000000..fe980a9b87 --- /dev/null +++ b/helm/templates/pytorch-operator/rbac.yaml @@ -0,0 +1,108 @@ +{{- if .Values.pytorchoperator.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pytorch-operator.name" . }} + namespace: {{ template "pytorch-operator.namespace" . }} + labels: {{ include "pytorch-operator.labels" . | nindent 4 }} + {{- with .Values.pytorchoperator.serviceAccountAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pytorch-operator.name" . }}-admin + labels: {{ include "pytorch-operator.labels" . | nindent 4 }} +rules: [] +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pytorch-operator.name" . }}-edit + labels: {{ include "pytorch-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pytorch-operator.name" . }}-view + labels: {{ include "pytorch-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pytorch-operator.name" . }} + labels: {{ include "pytorch-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pytorch-operator.name" . }} + labels: {{ include "pytorch-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pytorch-operator.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "pytorch-operator.name" . }} + namespace: {{ template "pytorch-operator.namespace" . }} +{{- end }} diff --git a/helm/templates/pytorch-operator/service.yaml b/helm/templates/pytorch-operator/service.yaml new file mode 100644 index 0000000000..3deea516e7 --- /dev/null +++ b/helm/templates/pytorch-operator/service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.pytorchoperator.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pytorch-operator.name" . }} + namespace: {{ template "pytorch-operator.namespace" . }} + labels: {{ include "pytorch-operator.labels" . | nindent 4 }} + {{- with .Values.pytorchoperator.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.pytorchoperator.service.type}} + type: {{ . }} + {{- end }} + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: {{ include "pytorch-operator.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/templates/redis/service.yaml b/helm/templates/redis/service.yaml new file mode 100644 index 0000000000..46afc98df5 --- /dev/null +++ b/helm/templates/redis/service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.redis.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "redis.name" . }}-resource-manager + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "redis.labels" . | nindent 4 }} + {{- with .Values.redis.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.redis.service.type}} + type: {{ . }} + {{- end }} + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis + selector: {{ include "redis.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/templates/redis/statefulset.yaml b/helm/templates/redis/statefulset.yaml new file mode 100644 index 0000000000..93062efb22 --- /dev/null +++ b/helm/templates/redis/statefulset.yaml @@ -0,0 +1,70 @@ +{{- if .Values.redis.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "redis.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "redis.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.redis.replicaCount }} + selector: + matchLabels: {{ include "redis.selectorLabels" . | nindent 6 }} + serviceName: {{ template "redis.name" . }}-resource-manager + template: + metadata: + {{- with .Values.redis.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "redis.labels" . | nindent 8 }} + spec: + containers: + - image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}" + imagePullPolicy: "{{ .Values.redis.image.pullPolicy }}" + name: redis + env: + - name: REDIS_PASSWORD + value: mypassword + livenessProbe: + exec: + command: + - redis-cli + - ping + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - redis-cli + - ping + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - containerPort: 6379 + name: redis + protocol: TCP + resources: {{ toYaml .Values.redis.resources | nindent 10 }} + volumeMounts: + - mountPath: /bitnami + name: redis-data + + dnsPolicy: ClusterFirst + restartPolicy: Always + volumes: + - emptyDir: {} + name: redis-data + {{- with .Values.redis.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/templates/sparkoperator/crds/scheduledsparkapplications.yaml b/helm/templates/sparkoperator/crds/scheduledsparkapplications.yaml new file mode 100644 index 0000000000..6df8778411 --- /dev/null +++ b/helm/templates/sparkoperator/crds/scheduledsparkapplications.yaml @@ -0,0 +1,103 @@ +{{- if .Values.sparkoperator.enabled }} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledsparkapplications.sparkoperator.k8s.io +spec: + group: sparkoperator.k8s.io + names: + kind: ScheduledSparkApplication + listKind: ScheduledSparkApplicationList + plural: scheduledsparkapplications + shortNames: + - scheduledsparkapp + singular: scheduledsparkapplication + scope: Namespaced + validation: + openAPIV3Schema: + properties: + spec: + properties: + concurrencyPolicy: + enum: + - Allow + - Forbid + - Replace + failedRunHistoryLimit: + minimum: 1 + type: integer + schedule: + type: string + successfulRunHistoryLimit: + minimum: 1 + type: integer + template: + properties: + deps: + properties: + downloadTimeout: + minimum: 1 + type: integer + maxSimultaneousDownloads: + minimum: 1 + type: integer + driver: + properties: + cores: + exclusiveMinimum: true + minimum: 0 + type: number + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + executor: + properties: + cores: + exclusiveMinimum: true + minimum: 0 + type: number + instances: + minimum: 1 + type: integer + mode: + enum: + - cluster + - client + monitoring: + properties: + prometheus: + properties: + port: + maximum: 49151 + minimum: 1024 + type: integer + pythonVersion: + enum: + - "2" + - "3" + restartPolicy: + properties: + onFailureRetries: + minimum: 0 + type: integer + onFailureRetryInterval: + minimum: 1 + type: integer + onSubmissionFailureRetries: + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + minimum: 1 + type: integer + type: + enum: + - Never + - OnFailure + - Always + type: + enum: + - Java + - Scala + - Python + - R + version: v1beta1 +{{- end }} diff --git a/helm/templates/sparkoperator/crds/sparkapplications.yaml b/helm/templates/sparkoperator/crds/sparkapplications.yaml new file mode 100644 index 0000000000..c4bed90488 --- /dev/null +++ b/helm/templates/sparkoperator/crds/sparkapplications.yaml @@ -0,0 +1,149 @@ +{{- if .Values.sparkoperator.enabled }} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: sparkapplications.sparkoperator.k8s.io +spec: + group: sparkoperator.k8s.io + names: + kind: SparkApplication + listKind: SparkApplicationList + plural: sparkapplications + shortNames: + - sparkapp + singular: sparkapplication + scope: Namespaced + validation: + openAPIV3Schema: + properties: + metadata: + properties: + name: + maxLength: 63 + minLength: 1 + type: string + spec: + properties: + arguments: + items: + type: string + type: array + deps: + properties: + downloadTimeout: + minimum: 1 + type: integer + maxSimultaneousDownloads: + minimum: 1 + type: integer + driver: + properties: + cores: + exclusiveMinimum: true + minimum: 0 + type: number + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + executor: + properties: + cores: + exclusiveMinimum: true + minimum: 0 + type: number + instances: + minimum: 1 + type: integer + failureRetries: + type: integer + hadoopConf: + type: object + hadoopConfigMap: + type: string + image: + type: string + imagePullPolicy: + enum: + - Always + - Never + - IfNotPresent + imagePullSecrets: + items: + type: string + type: array + initContainerImage: + type: string + mainApplicationFile: + type: string + mainClass: + type: string + memoryOverheadFactor: + type: string + mode: + enum: + - cluster + - client + monitoring: + properties: + exposeDriverMetrics: + type: boolean + exposeExecutorMetrics: + type: boolean + metricsProperties: + type: string + prometheus: + properties: + port: + maximum: 49151 + minimum: 1024 + type: integer + nodeSelector: + type: object + pythonVersion: + enum: + - "2" + - "3" + restartPolicy: + properties: + onFailureRetries: + minimum: 0 + type: integer + onFailureRetryInterval: + minimum: 1 + type: integer + onSubmissionFailureRetries: + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + minimum: 1 + type: integer + type: + enum: + - Never + - OnFailure + - Always + retryInterval: + type: integer + sparkConf: + type: object + sparkConfigMap: + type: string + sparkVersion: + type: string + type: + enum: + - Java + - Scala + - Python + - R + volumes: + items: + properties: + name: + type: string + type: object + type: array + required: + - type + - sparkVersion + version: v1beta1 +{{- end }} diff --git a/helm/templates/sparkoperator/deployment.yaml b/helm/templates/sparkoperator/deployment.yaml new file mode 100644 index 0000000000..07734eb29d --- /dev/null +++ b/helm/templates/sparkoperator/deployment.yaml @@ -0,0 +1,59 @@ +{{- if .Values.sparkoperator.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sparkoperator.name" . }} + namespace: {{ template "sparkoperator.namespace" . }} + labels: {{ include "sparkoperator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.sparkoperator.replicaCount }} + selector: + matchLabels: {{ include "sparkoperator.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.sparkoperator.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "sparkoperator.labels" . | nindent 8 }} + spec: + containers: + - image: "{{ .Values.sparkoperator.image.repository }}:{{ .Values.sparkoperator.image.tag }}" + imagePullPolicy: "{{ .Values.sparkoperator.image.pullPolicy }}" + name: sparkoperator + command: + - /usr/bin/spark-operator + args: + - -logtostderr + - -v=2 + - -controller-threads=20 + - -enable-metrics=true + - "-metrics-prefix=service:" + - -metrics-labels=task_name + - -metrics-labels=workflow_name + - -enable-webhook=true + - -webhook-svc-namespace=sparkoperator + env: + - name: GOMAXPROCS + value: "16" + ports: + - containerPort: 10254 + - containerPort: 8080 + resources: {{ toYaml .Values.sparkoperator.resources | nindent 10 }} + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook-certs + serviceAccountName: {{ template "sparkoperator.name" . }} + volumes: + - name: webhook-certs + secret: + secretName: spark-webhook-certs + {{- with .Values.sparkoperator.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sparkoperator.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sparkoperator.tolerations }} + tolerations: {{ toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/templates/sparkoperator/job.yaml b/helm/templates/sparkoperator/job.yaml new file mode 100644 index 0000000000..fc155d54cb --- /dev/null +++ b/helm/templates/sparkoperator/job.yaml @@ -0,0 +1,28 @@ +{{- if .Values.sparkoperator.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "sparkoperator.name" . }}-init + namespace: {{ template "sparkoperator.namespace" . }} + labels: {{ include "sparkoperator.labels" . | nindent 4 }} +spec: + backoffLimit: 3 + template: + metadata: + {{- with .Values.sparkoperator.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "sparkoperator.labels" . | nindent 8 }} + spec: + containers: + - image: "{{ .Values.sparkoperator.image.repository }}:{{ .Values.sparkoperator.image.tag }}" + imagePullPolicy: "{{ .Values.sparkoperator.image.pullPolicy }}" + name: sparkoperator + command: + - /usr/bin/gencerts.sh + - --namespace + - sparkoperator + - -p + restartPolicy: Never + serviceAccountName: {{ template "sparkoperator.name" . }} +{{- end }} diff --git a/helm/templates/sparkoperator/namespace.yaml b/helm/templates/sparkoperator/namespace.yaml new file mode 100644 index 0000000000..b4b2ad7dda --- /dev/null +++ b/helm/templates/sparkoperator/namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.sparkoperator.enabled }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ template "sparkoperator.namespace" . }} +{{- end }} diff --git a/helm/templates/sparkoperator/rbac.yaml b/helm/templates/sparkoperator/rbac.yaml new file mode 100644 index 0000000000..7a6e8c6083 --- /dev/null +++ b/helm/templates/sparkoperator/rbac.yaml @@ -0,0 +1,167 @@ +{{- if .Values.sparkoperator.enabled }} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "sparkoperator.name" . }} + namespace: {{ template "sparkoperator.namespace" . }} + labels: {{ include "sparkoperator.labels" . | nindent 4 }} + {{- with .Values.sparkoperator.serviceAccountAnnotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "sparkoperator.name" . }} + labels: {{ include "sparkoperator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + - secrets + verbs: + - create + - get + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - get + - update + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - '*' +- apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - create + - get + - delete +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - create + - get + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - update + - delete + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - update + - delete +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get + - update + - delete +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + - scheduledsparkapplications + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "sparkoperator.name" . }}-aggregate-to-admin + labels: {{ include "sparkoperator.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + - scheduledsparkapplications + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "sparkoperator.name" . }} + labels: {{ include "sparkoperator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "sparkoperator.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "sparkoperator.name" . }} + namespace: {{ template "sparkoperator.namespace" . }} + +{{- end }} diff --git a/helm/templates/sparkoperator/service.yaml b/helm/templates/sparkoperator/service.yaml new file mode 100644 index 0000000000..90840e8611 --- /dev/null +++ b/helm/templates/sparkoperator/service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.sparkoperator.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "sparkoperator.name" . }} + namespace: {{ template "sparkoperator.namespace" . }} + labels: {{ include "sparkoperator.labels" . | nindent 4 }} + {{- with .Values.sparkoperator.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.sparkoperator.service.type}} + type: {{ . }} + {{- end }} + ports: + - port: 443 + targetPort: 8080 + name: webhook + selector: {{ include "sparkoperator.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/values-eks.yaml b/helm/values-eks.yaml new file mode 100644 index 0000000000..d1a113a841 --- /dev/null +++ b/helm/values-eks.yaml @@ -0,0 +1,645 @@ + +# +# FLYTEADMIN +# + +flyteadmin: + replicaCount: 2 + image: + repository: docker.io/lyft/flyteadmin + tag: v0.3.7 + pullPolicy: IfNotPresent + + # IAM role for SA: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam:::role/iam-role-flyte + + resources: + limits: + cpu: 250m + ephemeral-storage: 200Mi + memory: 500Mi + requests: + cpu: 50m + ephemeral-storage: 200Mi + memory: 200Mi + + configPath: /etc/flyte/config/*.yaml + service: + annotations: + contour.heptio.com/upstream-protocol.h2c: grpc + + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: flyteadmin + topologyKey: kubernetes.io/hostname + +# +# DATACATALOG +# + +datacatalog: + replicaCount: 2 + image: + repository: docker.io/lyft/datacatalog + tag: v0.2.2 + pullPolicy: IfNotPresent + + # IAM role for SA: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam:::role/iam-role-flyte + + resources: + limits: + cpu: 500m + ephemeral-storage: 200Mi + memory: 500Mi + requests: + cpu: 50m + ephemeral-storage: 200Mi + memory: 200Mi + + configPath: /etc/datacatalog/config/*.yaml + + service: + annotations: + contour.heptio.com/upstream-protocol.h2c: grpc + + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: datacatalog + topologyKey: kubernetes.io/hostname + +# +# FLYTEPROPELLER +# + +flytepropeller: + replicaCount: 2 + image: + repository: docker.io/lyft/flytepropeller + tag: v0.4.2 + pullPolicy: IfNotPresent + + # IAM role for SA: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + serviceAccountAnnotations: + eks.amazonaws.com/role-arn: arn:aws:iam:::role/iam-role-flyte + + resources: + limits: + cpu: 500m + ephemeral-storage: 200Mi + memory: 500Mi + requests: + cpu: 50m + ephemeral-storage: 200Mi + memory: 200Mi + configPath: /etc/flyte/config*/*.yaml + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: flytepropeller + topologyKey: kubernetes.io/hostname + +# +# FLYTECONSOLE +# + +flyteconsole: + replicaCount: 2 + image: + repository: docker.io/lyft/flyteconsole + tag: v0.12.1 + pullPolicy: IfNotPresent + resources: + limits: + cpu: 250m + memory: 250Mi + requests: + cpu: 10m + memory: 50Mi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: flyteconsole + topologyKey: kubernetes.io/hostname + +# +# REDIS +# + +redis: + enabled: true + replicaCount: 1 + image: + repository: docker.io/bitnami/redis + tag: 4.0.2-r1 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 250Mi + +# +# POSTGRES +# + +postgres: + enabled: false # recommended adding managed RDS host to the config + +# +# MINIO +# + +minio: + enabled: false # Use AWS S3 bucket instead + +# +# CONTOUR +# + +contour: + enabled: true + replicaCount: 2 + contour: + image: + repository: gcr.io/heptio-images/contour + tag: v0.6.1 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 2000m + memory: 1000Mi + envoy: + image: + repository: docker.io/envoyproxy/envoy-alpine + tag: v1.6.0 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 2000m + memory: 1000Mi + + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: flyte.examlple.com + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1::certificate/" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" + service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" + service.beta.kubernetes.io/aws-load-balancer-internal: "true" + service.beta.kubernetes.io/aws-load-balancer-type: nlb + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" + type: LoadBalancer + ports: + - name: tcp + protocol: TCP + port: 80 + - name: tls + protocol: TCP + port: 443 + targetPort: 80 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: contour + topologyKey: kubernetes.io/hostname + +# +# SPARKOPERATOR +# + +sparkoperator: + enabled: true + replicaCount: 1 + image: + repository: gcr.io/spark-operator/spark-operator + tag: v2.4.0-v1beta1-0.9.0 + pullPolicy: IfNotPresent + resources: + limits: + cpu: 1000m + memory: 1000Mi + requests: + cpu: 50m + memory: 250Mi + +# +# PYTORCHOPERATOR +# + +pytorchoperator: + enabled: true + replicaCount: 1 + image: + repository: gcr.io/kubeflow-images-public/pytorch-operator + tag: v1.0.0-g047cf0f + pullPolicy: IfNotPresent + resources: + limits: + cpu: 1000m + memory: 1000Mi + requests: + cpu: 50m + memory: 250Mi + +# +# COMMON +# + +common: + databaseSecret: + name: db-pass + secretManifest: + # # Leave it empty if your secret already exists + + # # Else you can create your own secret object: + # # Necessary dependencies: + # # - https://github.com/hashicorp/vault + # # - https://github.com/godaddy/kubernetes-external-secrets + + # apiVersion: kubernetes-client.io/v1 + # kind: ExternalSecret + # metadata: + # name: db-pass + # namespace: flyte + # spec: + # backendType: vault + # vaultMountPoint: + # vaultRole: + # data: + # - name: pass.txt + # key: k8s/data/path/to/secret + # property: password + +# +# CONFIGMAPS +# + +configmap: + + console: + BASE_URL: /console + CONFIG_DIR: /etc/flyte/config + + cluster_resources: + cluster_resources: + templatePath: "/etc/flyte/clusterresource/templates" + customData: + production: + - projectQuotaCpu: + value: "5" + - projectQuotaMemory: + value: "4000Mi" + staging: + - projectQuotaCpu: + value: "2" + - projectQuotaMemory: + value: "3000Mi" + development: + - projectQuotaCpu: + value: "4" + - projectQuotaMemory: + value: "3000Mi" + refresh: 5m + + db: + database: + port: 5432 + username: postgres + host: + dbname: flyte-development + passwordPath: /etc/db/pass.txt + + domain: + domains: + - id: development + name: development + - id: staging + name: staging + - id: production + name: production + + remote_data: + remoteData: + region: us-east-1 + scheme: aws + signedUrls: + durationMinutes: 3 + + server: + server: + httpPort: 8088 + grpcPort: 8089 + security: + secure: false + useAuth: false + allowCors: true + allowedOrigins: + # Accepting all domains for Sandbox installation + - "*" + allowedHeaders: + - "Content-Type" + flyteadmin: + roleNameKey: "iam.amazonaws.com/role" + profilerPort: 10254 + metricsScope: "flyte:" + metadataStoragePrefix: + - "metadata" + - "admin" + testing: + host: http://flyteadmin + scheduler: + eventScheduler: + scheme: aws + region: us-east-1 + scheduleRole: arn:aws:iam:::role/flyte_cron_scheduler_role + targetName: arn:aws:sqs:us-east-1::flyte-cron-scheduler-queue + scheduleNamePrefix: flyte + workflowExecutor: + scheme: aws + region: us-east-1 + scheduleQueueName: flyte-cron-scheduler-queue + accountId: + reconnectAttempts: 10 + reconnectDelaySeconds: 30 + notifications: + type: aws + region: us-east-1 + publisher: + topicName: arn:aws:sns:us-east-1::flyte-notifications-topic + processor: + queueName: flyte-notifications-queue + accountId: + emailer: + subject: "Flyte: {{ project }}/{{ domain }}/{{ launch_plan.name }} has '{{ phase }}'" + sender: "flyte@example.com" + body: | + Execution {{ workflow.project }}/{{ workflow.domain }}/{{ workflow.name }}/{{ name }} has {{ phase }}. + Details: https://flyte.example.com/console/projects/{{ project }}/domains/{{ domain }}/executions/{{ name }}. + {{ error }} + task_type_whitelist: + spark: + - project: flytetester + - project: spark-workflows + + + datacatalogServer: + datacatalog: + storage-prefix: metadata/datacatalog + metrics-scope: datacatalog + profiler-port: 10254 + + storage: + storage: + type: s3 + container: s3-bucket-for-flyte + connection: + auth-type: iam + region: us-east-1 + + task_resource_defaults: + task_resources: + defaults: + cpu: 100m + memory: 1000Mi + storage: 5Mi + limits: + cpu: 15000m + memory: 100Gi + storage: 400Gi + + admin: + event: + type: admin + rate: 500 + capacity: 1000 + admin: + endpoint: flyteadmin:81 + insecure: true + + catalog: + catalog-cache: + endpoint: datacatalog:89 + type: datacatalog + insecure: true + + catalog_cache: + plugins: + catalogCache: + reader: + maxItems: 10000 + writer: + maxItems: 10000 + + copilot: + plugins: + k8s: + co-pilot: + name: flyte-copilot- + image: docker.io/lyft/flytecopilot:v0.3.35 + start-timeout: 30s + + core: + propeller: + rawoutput-prefix: s3://s3-bucket-for-flyte/ + metadata-prefix: metadata/propeller + workers: 40 + gc-interval: 12h + max-workflow-retries: 50 + workflow-reeval-duration: 30s + downstream-eval-duration: 30s + limit-namespace: "all" + prof-port: 10254 + metrics-prefix: flyte + enable-admin-launcher: true + leader-election: + lock-config-map: + name: propeller-leader + namespace: flyte + enabled: true + lease-duration: 15s + renew-deadline: 10s + retry-period: 2s + kube-client-config: + qps: 100 + burst: 25 + timeout: 30s + queue: + type: batch + batching-interval: 2s + batch-size: -1 + queue: + type: maxof + rate: 100 + capacity: 1000 + base-delay: 5s + max-delay: 120s + sub-queue: + type: bucket + rate: 100 + capacity: 1000 + workflowStore: + policy: "ResourceVersionCache" + + enabled_plugins: + tasks: + max-plugin-phase-versions: 1000000 + task-plugins: + enabled-plugins: + - container + - sidecar + - spark + - k8s-array + - pytorch + + k8s: + plugins: + k8s: + default-cpus: 100m + default-memory: 100Mi + + logger: + logger: + show-source: true + level: 5 + + qubole: + plugins: + qubole: + quboleTokenKey: "FLYTE_QUBOLE_CLIENT_TOKEN" + + resource_manager: + propeller: + resourcemanager: + type: redis + resourceMaxQuota: 10000 + redis: + hostPath: redis-resource-manager:6379 + hostKey: mypassword + + spark: + plugins: + spark: + spark-config-default: + - spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version: "2" + - spark.kubernetes.allocation.batch.size: "50" + - spark.hadoop.fs.s3a.acl.default: "BucketOwnerFullControl" + - spark.hadoop.fs.s3n.impl: "org.apache.hadoop.fs.s3a.S3AFileSystem" + - spark.hadoop.fs.AbstractFileSystem.s3n.impl: "org.apache.hadoop.fs.s3a.S3A" + - spark.hadoop.fs.s3.impl: "org.apache.hadoop.fs.s3a.S3AFileSystem" + - spark.hadoop.fs.AbstractFileSystem.s3.impl: "org.apache.hadoop.fs.s3a.S3A" + - spark.hadoop.fs.s3a.impl: "org.apache.hadoop.fs.s3a.S3AFileSystem" + - spark.hadoop.fs.AbstractFileSystem.s3a.impl: "org.apache.hadoop.fs.s3a.S3A" + - spark.hadoop.fs.s3a.multipart.threshold: "536870912" + - spark.blacklist.enabled: "true" + - spark.blacklist.timeout: "5m" + - spark.task.maxfailures: "8" + + task_logs: + plugins: + logs: + kubernetes-enabled: false + + aa_namespace: | + apiVersion: v1 + kind: Namespace + metadata: + name: {{ namespace }} + spec: + finalizers: + - kubernetes + + ab_project_resource_quota: | + apiVersion: v1 + kind: ResourceQuota + metadata: + name: project-quota + namespace: {{ namespace }} + spec: + hard: + limits.cpu: {{ projectQuotaCpu }} + limits.memory: {{ projectQuotaMemory }} + + ac_project_copilot_dataconfig: | + kind: ConfigMap + apiVersion: v1 + metadata: + name: flyte-data-config + namespace: {{ namespace }} + data: + config.yaml: | + storage: + connection: + auth-type: iam + region: us-east-1 + type: s3 + container: my-s3-bucket + enable-multicontainer: true + + ad_spark_role: | + apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: Role + metadata: + name: spark-role + namespace: {{ namespace }} + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - '*' + - apiGroups: + - "" + resources: + - services + verbs: + - '*' + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + + ae_spark_service_account: | + apiVersion: v1 + kind: ServiceAccount + metadata: + name: spark + namespace: {{ namespace }} + + af_spark_role_binding: | + apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: RoleBinding + metadata: + name: spark-role-binding + namespace: {{ namespace }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: spark-role + subjects: + - kind: ServiceAccount + name: spark + namespace: {{ namespace }} diff --git a/helm/values-sandbox.yaml b/helm/values-sandbox.yaml new file mode 100644 index 0000000000..41a351c741 --- /dev/null +++ b/helm/values-sandbox.yaml @@ -0,0 +1,146 @@ + +# +# FLYTEADMIN +# + +flyteadmin: {} # use default config + +# +# DATACATALOG +# + +datacatalog: {} + +# +# FLYTEPROPELLER +# + +flytepropeller: {} + +# +# FLYTECONSOLE +# + +flyteconsole: {} + +# +# REDIS +# + +redis: {} + +# +# POSTGRES +# + +postgres: {} + +# +# MINIO +# + +minio: {} + +# +# CONTOUR +# + +contour: {} + +# +# SPARKOPERATOR +# + +sparkoperator: {} + +# +# PYTORCHOPERATOR +# + +pytorchoperator: {} + +# +# COMMON +# + +common: {} + +# +# CONFIGMAPS +# + +configmap: + + db: + database: + port: 5432 + username: postgres + host: postgres + dbname: flyte + + storage: + storage: + type: minio + container: my-s3-bucket + connection: + access-key: minio + auth-type: accesskey + secret-key: miniostorage + disable-ssl: true + endpoint: http://minio.flyte.svc.cluster.local:9000 + region: us-east-1 + + enabled_plugins: + tasks: + max-plugin-phase-versions: 1000000 + task-plugins: + enabled-plugins: + - container + - sidecar + - spark + - k8s-array + - pytorch + + k8s: + plugins: + k8s: + default-env-vars: + - FLYTE_AWS_ENDPOINT: "http://minio.flyte:9000" + - FLYTE_AWS_ACCESS_KEY_ID: minio + - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage + + logger: + logger: + show-source: true + level: 5 + + ab_project_resource_quota: | + apiVersion: v1 + kind: ResourceQuota + metadata: + name: project-quota + namespace: {{ namespace }} + spec: + hard: + limits.cpu: {{ projectQuotaCpu }} + limits.memory: {{ projectQuotaMemory }} + + ac_project_copilot_dataconfig: | + kind: ConfigMap + apiVersion: v1 + metadata: + name: flyte-data-config + namespace: {{ namespace }} + data: + config.yaml: | + storage: + connection: + access-key: minio + auth-type: accesskey + disable-ssl: true + endpoint: http://minio.flyte.svc.cluster.local:9000 + region: us-east-1 + secret-key: miniostorage + type: minio + container: my-s3-bucket + enable-multicontainer: true diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000000..67497dafa6 --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,550 @@ + +# +# FLYTEADMIN +# + +flyteadmin: + replicaCount: 1 + image: + repository: docker.io/lyft/flyteadmin + tag: v0.3.7 + pullPolicy: IfNotPresent + serviceAccountAnnotations: {} + resources: + limits: + cpu: 250m + ephemeral-storage: 100Mi + memory: 500Mi + requests: + cpu: 10m + ephemeral-storage: 50Mi + memory: 50Mi + configPath: /etc/flyte/config/*.yaml + service: + annotations: + contour.heptio.com/upstream-protocol.h2c: grpc + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# DATACATALOG +# + +datacatalog: + replicaCount: 1 + image: + repository: docker.io/lyft/datacatalog + tag: v0.2.2 + pullPolicy: IfNotPresent + serviceAccountAnnotations: {} + resources: + limits: + cpu: 500m + ephemeral-storage: 100Mi + memory: 500Mi + requests: + cpu: 10m + ephemeral-storage: 50Mi + memory: 50Mi + configPath: /etc/datacatalog/config/*.yaml + service: + annotations: + contour.heptio.com/upstream-protocol.h2c: grpc + type: NodePort + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# FLYTEPROPELLER +# + +flytepropeller: + replicaCount: 1 + image: + repository: docker.io/lyft/flytepropeller + tag: v0.4.2 + pullPolicy: IfNotPresent + serviceAccountAnnotations: {} + resources: + limits: + cpu: 200m + ephemeral-storage: 100Mi + memory: 200Mi + requests: + cpu: 10m + ephemeral-storage: 50Mi + memory: 50Mi + configPath: /etc/flyte/config/*.yaml + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# FLYTECONSOLE +# + +flyteconsole: + replicaCount: 1 + image: + repository: docker.io/lyft/flyteconsole + tag: v0.12.1 + pullPolicy: IfNotPresent + resources: + limits: + cpu: 500m + memory: 250Mi + requests: + cpu: 10m + memory: 50Mi + service: {} + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# REDIS +# + +redis: + enabled: true # Set false to define malternative redis + replicaCount: 1 + image: + repository: docker.io/bitnami/redis + tag: 4.0.2-r1 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 50Mi + service: {} + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# POSTGRES +# + +postgres: + enabled: true # Set false if you are going to use RDS + replicaCount: 1 + image: + repository: postgres + tag: "10.1" + pullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 128Mi + service: {} + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# MINIO +# + +minio: + enabled: true # Set false if you'd like using S3 + replicaCount: 1 + image: + repository: minio/minio + tag: RELEASE.2019-06-04T01-15-58Z + pullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 128Mi + service: {} + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# CONTOUR +# + +contour: + enabled: true # Set false if you have alternative ingress controller like Istio or Ingress-Nginx + replicaCount: 1 + contour: + image: + repository: gcr.io/heptio-images/contour + tag: v0.6.1 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 100m + memory: 100Mi + envoy: + image: + repository: docker.io/envoyproxy/envoy-alpine + tag: v1.6.0 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 100m + memory: 100Mi + service: + annotations: + type: NodePort + ports: + - protocol: TCP + port: 80 + nodePort: 30081 + serviceAccountAnnotations: {} + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# SPARKOPERATOR +# + +sparkoperator: + enabled: true # Set false to disable + replicaCount: 1 + image: + repository: gcr.io/spark-operator/spark-operator + tag: v2.4.0-v1beta1-0.9.0 + pullPolicy: IfNotPresent + serviceAccountAnnotations: {} + securityContext: {} + service: {} + resources: + limits: + cpu: 1000m + memory: 500M + requests: + cpu: 10m + memory: 50M + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# PYTORCHOPERATOR +# + +pytorchoperator: + enabled: true # Set false to disable + replicaCount: 1 + image: + repository: gcr.io/kubeflow-images-public/pytorch-operator + tag: v1.0.0-g047cf0f + pullPolicy: IfNotPresent + serviceAccountAnnotations: {} + service: {} + resources: + limits: + cpu: 500m + memory: 1000M + requests: + cpu: 10m + memory: 50M + podAnnotations: {} + nodeSelector: {} + tolerations: [] + affinity: {} + +# +# COMMON +# + +common: + databaseSecret: + create: false + name: + ingressAnnotations: {} + # nginx.ingress.kubernetes.io/ssl-redirect: "false" + +# +# CONFIGMAPS +# + +configmap: + + console: + BASE_URL: /console + CONFIG_DIR: /etc/flyte/config + + cluster_resources: + cluster_resources: + templatePath: "/etc/flyte/clusterresource/templates" + customData: + production: + - projectQuotaCpu: + value: "5" + - projectQuotaMemory: + value: "4000Mi" + staging: + - projectQuotaCpu: + value: "2" + - projectQuotaMemory: + value: "3000Mi" + development: + - projectQuotaCpu: + value: "4" + - projectQuotaMemory: + value: "3000Mi" + refresh: 5m + + db: + database: {} + + domain: + domains: + - id: development + name: development + - id: staging + name: staging + - id: production + name: production + + remote_data: + remoteData: + region: us-east-1 + scheme: local + signedUrls: + durationMinutes: 3 + + server: + server: + httpPort: 8088 + grpcPort: 8089 + security: + secure: false + useAuth: false + allowCors: true + allowedOrigins: + # Accepting all domains for Sandbox installation + - "*" + allowedHeaders: + - "Content-Type" + flyteadmin: + roleNameKey: "iam.amazonaws.com/role" + profilerPort: 10254 + metricsScope: "flyte:" + metadataStoragePrefix: + - "metadata" + - "admin" + testing: + host: http://flyteadmin + + datacatalogServer: + datacatalog: + storage-prefix: metadata/datacatalog + metrics-scope: datacatalog + profiler-port: 10254 + + storage: + storage: + type: minio + container: my-s3-bucket + connection: + auth-type: accesskey + region: us-east-1 + + task_resource_defaults: + task_resources: + defaults: + cpu: 100m + memory: 1000Mi + storage: 5Mi + limits: + cpu: 15000m + memory: 100Gi + storage: 400Gi + + admin: + event: + type: admin + rate: 500 + capacity: 1000 + admin: + endpoint: flyteadmin:81 + insecure: true + + catalog: + catalog-cache: + endpoint: datacatalog:89 + type: datacatalog + insecure: true + + catalog_cache: + plugins: + catalogCache: + reader: + maxItems: 10000 + writer: + maxItems: 10000 + + copilot: + plugins: + k8s: + co-pilot: + name: flyte-copilot- + image: docker.io/lyft/flytecopilot:v0.3.35 + start-timeout: 30s + + core: + propeller: + rawoutput-prefix: s3://my-s3-bucket/ + metadata-prefix: metadata/propeller + workers: 4 + max-workflow-retries: 30 + workflow-reeval-duration: 30s + downstream-eval-duration: 30s + limit-namespace: "all" + prof-port: 10254 + metrics-prefix: flyte + enable-admin-launcher: true + leader-election: + lock-config-map: + name: propeller-leader + namespace: flyte + enabled: true + lease-duration: 15s + renew-deadline: 10s + retry-period: 2s + queue: + type: batch + batching-interval: 2s + batch-size: -1 + queue: + type: bucket + rate: 10 + capacity: 100 + sub-queue: + type: bucket + rate: 10 + capacity: 100 + + enabled_plugins: + tasks: + max-plugin-phase-versions: 1000000 + task-plugins: + enabled-plugins: [] + + k8s: + plugins: + k8s: + default-cpus: 100m + default-memory: 100Mi + + logger: + logger: + show-source: true + level: 4 + + qubole: + plugins: + qubole: + quboleTokenKey: "FLYTE_QUBOLE_CLIENT_TOKEN" + + resource_manager: + propeller: + resourcemanager: + type: redis + resourceMaxQuota: 10000 + redis: + hostPath: redis-resource-manager:6379 + hostKey: mypassword + + spark: + plugins: + spark: + spark-config-default: + - spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version: "2" + - spark.kubernetes.allocation.batch.size: "50" + - spark.hadoop.fs.s3a.acl.default: "BucketOwnerFullControl" + - spark.hadoop.fs.s3n.impl: "org.apache.hadoop.fs.s3a.S3AFileSystem" + - spark.hadoop.fs.AbstractFileSystem.s3n.impl: "org.apache.hadoop.fs.s3a.S3A" + - spark.hadoop.fs.s3.impl: "org.apache.hadoop.fs.s3a.S3AFileSystem" + - spark.hadoop.fs.AbstractFileSystem.s3.impl: "org.apache.hadoop.fs.s3a.S3A" + - spark.hadoop.fs.s3a.impl: "org.apache.hadoop.fs.s3a.S3AFileSystem" + - spark.hadoop.fs.AbstractFileSystem.s3a.impl: "org.apache.hadoop.fs.s3a.S3A" + - spark.hadoop.fs.s3a.multipart.threshold: "536870912" + - spark.blacklist.enabled: "true" + - spark.blacklist.timeout: "5m" + - spark.task.maxfailures: "8" + + task_logs: + plugins: + logs: + kubernetes-enabled: true + + aa_namespace: | + apiVersion: v1 + kind: Namespace + metadata: + name: {{ namespace }} + spec: + finalizers: + - kubernetes + + ad_spark_role: | + apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: Role + metadata: + name: spark-role + namespace: {{ namespace }} + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - '*' + - apiGroups: + - "" + resources: + - services + verbs: + - '*' + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + + ae_spark_service_account: | + apiVersion: v1 + kind: ServiceAccount + metadata: + name: spark + namespace: {{ namespace }} + + af_spark_role_binding: | + apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: RoleBinding + metadata: + name: spark-role-binding + namespace: {{ namespace }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: spark-role + subjects: + - kind: ServiceAccount + name: spark + namespace: {{ namespace }} From 35f1d3b2d5e98402280aaea8d94b5cd224355724 Mon Sep 17 00:00:00 2001 From: Ruslan Stanevich Date: Tue, 13 Oct 2020 22:06:54 +0300 Subject: [PATCH 2/5] remove new lines --- helm/templates/_helpers.tpl | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 189f8f89e8..398d189543 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -1,7 +1,5 @@ {{/* vim: set filetype=mustache: */}} - - {{- define "flyte.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -15,7 +13,6 @@ {{- end -}} - {{- define "flyteadmin.name" -}} flyteadmin {{- end -}} @@ -32,7 +29,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - {{- define "datacatalog.name" -}} datacatalog {{- end -}} @@ -49,7 +45,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - {{- define "flytepropeller.name" -}} flytepropeller {{- end -}} @@ -66,7 +61,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - {{- define "flyteconsole.name" -}} flyteconsole {{- end -}} @@ -83,7 +77,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - {{- define "redis.name" -}} redis {{- end -}} @@ -100,7 +93,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - {{- define "postgres.name" -}} postgres {{- end -}} @@ -117,7 +109,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - {{- define "minio.name" -}} minio {{- end -}} @@ -154,7 +145,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - {{- define "sparkoperator.name" -}} sparkoperator {{- end -}} @@ -175,7 +165,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - {{- define "pytorch-operator.name" -}} pytorch-operator {{- end -}} @@ -195,10 +184,7 @@ helm.sh/chart: {{ include "flyte.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - -# -# SECRET -# +# Optional blocks for secret mount {{- define "databaseSecret.volume" -}} {{- with .Values.common.databaseSecret.name -}} From 05364025578e80f0b9fa6e367e36a495cf08670c Mon Sep 17 00:00:00 2001 From: Ruslan Stanevich Date: Wed, 14 Oct 2020 18:12:18 +0300 Subject: [PATCH 3/5] Added autogenerated Helm docs --- helm/README.MD | 236 ++++++++++++++++++++++ helm/README.md.gotmpl | 28 +++ helm/templates/admin/configmap.yaml | 39 ++-- helm/templates/common/configmap.yaml | 2 + helm/templates/common/ingress.yaml | 4 +- helm/templates/common/namespace.yaml | 2 + helm/templates/common/secret.yaml | 1 - helm/templates/datacatalog/configmap.yaml | 19 +- helm/templates/propeller/configmap.yaml | 64 +++--- helm/values-eks.yaml | 6 +- helm/values-sandbox.yaml | 13 +- helm/values.yaml | 230 +++++++++++++++++---- 12 files changed, 554 insertions(+), 90 deletions(-) create mode 100644 helm/README.md.gotmpl diff --git a/helm/README.MD b/helm/README.MD index bd8379c8b7..26a6dc142b 100644 --- a/helm/README.MD +++ b/helm/README.MD @@ -1,3 +1,9 @@ +# flyte + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square) + +A Helm chart for Flyte + ### SANDBOX INSTALLATION: - Install `helm 3` realese version - Generate `helm template --name-template=flyte-sandbox . -n flyte -f values-sandbox.yaml > flyte_generated_sandbox.yaml` @@ -9,3 +15,233 @@ - The docker images, their tags and other default parameters are configured in `values.yaml` file. - Each Flyte installation type should have separate `values-*.yaml` file: for sandbox, EKS and etc. The configuration in `values.yaml` and the choosen config `values-*.yaml` are merged when generating the deployment manifest. - The configuration in `values-sandbox.yaml` is ready for installation in minikube. But `values-eks.yaml` should be edited before installation: s3 bucket, RDS hosts, iam roles, secrets and etc need to be modified. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| common.databaseSecret.name | string | `""` | Specify name of K8s Secret which contains Database password. Leave it empty if you don't need this Secret | +| common.databaseSecret.secretManifest | object | `{}` | Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See https://github.com/godaddy/kubernetes-external-secrets | +| common.flyteNamespaceTemplate.enabled | bool | `true` | | +| common.ingress.annotations | object | `{}` | | +| common.ingress.enabled | bool | `true` | | +| configmap.aa_namespace | string | `"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"` | Template for namespaces resources | +| configmap.ad_spark_role | string | `"apiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: spark-role\n namespace: {{ namespace }}\nrules:\n- apiGroups:\n - \"\"\n resources:\n - pods\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - services\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - '*'\n"` | Template for spark role | +| configmap.admin.admin.endpoint | string | `"flyteadmin:81"` | | +| configmap.admin.admin.insecure | bool | `true` | | +| configmap.admin.event.capacity | int | `1000` | | +| configmap.admin.event.rate | int | `500` | | +| configmap.admin.event.type | string | `"admin"` | | +| configmap.ae_spark_service_account | string | `"apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: spark\n namespace: {{ namespace }}\n"` | Template for spark SA | +| configmap.af_spark_role_binding | string | `"apiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: spark-role-binding\n namespace: {{ namespace }} \nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: Role\n name: spark-role\nsubjects:\n- kind: ServiceAccount\n name: spark\n namespace: {{ namespace }}\n"` | Template for spark role binding | +| configmap.catalog.catalog-cache.endpoint | string | `"datacatalog:89"` | | +| configmap.catalog.catalog-cache.insecure | bool | `true` | | +| configmap.catalog.catalog-cache.type | string | `"datacatalog"` | | +| configmap.catalog_cache.plugins.catalogCache.reader.maxItems | int | `10000` | | +| configmap.catalog_cache.plugins.catalogCache.writer.maxItems | int | `10000` | | +| configmap.cluster_resources.cluster_resources.customData.development[0].projectQuotaCpu.value | string | `"4"` | | +| configmap.cluster_resources.cluster_resources.customData.development[1].projectQuotaMemory.value | string | `"3000Mi"` | | +| configmap.cluster_resources.cluster_resources.customData.production[0].projectQuotaCpu.value | string | `"5"` | | +| configmap.cluster_resources.cluster_resources.customData.production[1].projectQuotaMemory.value | string | `"4000Mi"` | | +| configmap.cluster_resources.cluster_resources.customData.staging[0].projectQuotaCpu.value | string | `"2"` | | +| configmap.cluster_resources.cluster_resources.customData.staging[1].projectQuotaMemory.value | string | `"3000Mi"` | | +| configmap.cluster_resources.cluster_resources.refresh | string | `"5m"` | | +| configmap.cluster_resources.cluster_resources.templatePath | string | `"/etc/flyte/clusterresource/templates"` | | +| configmap.console.BASE_URL | string | `"/console"` | | +| configmap.console.CONFIG_DIR | string | `"/etc/flyte/config"` | | +| configmap.copilot.plugins.k8s.co-pilot.image | string | `"docker.io/lyft/flytecopilot:v0.3.35"` | | +| configmap.copilot.plugins.k8s.co-pilot.name | string | `"flyte-copilot-"` | | +| configmap.copilot.plugins.k8s.co-pilot.start-timeout | string | `"30s"` | | +| configmap.core.propeller.downstream-eval-duration | string | `"30s"` | | +| configmap.core.propeller.enable-admin-launcher | bool | `true` | | +| configmap.core.propeller.leader-election.enabled | bool | `true` | | +| configmap.core.propeller.leader-election.lease-duration | string | `"15s"` | | +| configmap.core.propeller.leader-election.lock-config-map.name | string | `"propeller-leader"` | | +| configmap.core.propeller.leader-election.lock-config-map.namespace | string | `"flyte"` | | +| configmap.core.propeller.leader-election.renew-deadline | string | `"10s"` | | +| configmap.core.propeller.leader-election.retry-period | string | `"2s"` | | +| configmap.core.propeller.limit-namespace | string | `"all"` | | +| configmap.core.propeller.max-workflow-retries | int | `30` | | +| configmap.core.propeller.metadata-prefix | string | `"metadata/propeller"` | | +| configmap.core.propeller.metrics-prefix | string | `"flyte"` | | +| configmap.core.propeller.prof-port | int | `10254` | | +| configmap.core.propeller.queue.batch-size | int | `-1` | | +| configmap.core.propeller.queue.batching-interval | string | `"2s"` | | +| configmap.core.propeller.queue.queue.capacity | int | `100` | | +| configmap.core.propeller.queue.queue.rate | int | `10` | | +| configmap.core.propeller.queue.queue.type | string | `"bucket"` | | +| configmap.core.propeller.queue.sub-queue.capacity | int | `100` | | +| configmap.core.propeller.queue.sub-queue.rate | int | `10` | | +| configmap.core.propeller.queue.sub-queue.type | string | `"bucket"` | | +| configmap.core.propeller.queue.type | string | `"batch"` | | +| configmap.core.propeller.rawoutput-prefix | string | `"s3://my-s3-bucket/"` | | +| configmap.core.propeller.workers | int | `4` | | +| configmap.core.propeller.workflow-reeval-duration | string | `"30s"` | | +| configmap.datacatalogServer.datacatalog.metrics-scope | string | `"datacatalog"` | | +| configmap.datacatalogServer.datacatalog.profiler-port | int | `10254` | | +| configmap.datacatalogServer.datacatalog.storage-prefix | string | `"metadata/datacatalog"` | | +| configmap.db.database | object | `{}` | | +| configmap.domain.domains[0].id | string | `"development"` | | +| configmap.domain.domains[0].name | string | `"development"` | | +| configmap.domain.domains[1].id | string | `"staging"` | | +| configmap.domain.domains[1].name | string | `"staging"` | | +| configmap.domain.domains[2].id | string | `"production"` | | +| configmap.domain.domains[2].name | string | `"production"` | | +| configmap.enabled_plugins.tasks.max-plugin-phase-versions | int | `1000000` | | +| configmap.enabled_plugins.tasks.task-plugins.enabled-plugins | list | `[]` | | +| configmap.k8s.plugins.k8s.default-cpus | string | `"100m"` | | +| configmap.k8s.plugins.k8s.default-env-vars | list | `[]` | | +| configmap.k8s.plugins.k8s.default-memory | string | `"100Mi"` | | +| configmap.logger.logger.level | int | `4` | | +| configmap.logger.logger.show-source | bool | `true` | | +| configmap.qubole.plugins.qubole.quboleTokenKey | string | `"FLYTE_QUBOLE_CLIENT_TOKEN"` | | +| configmap.remote_data.remoteData.region | string | `"us-east-1"` | | +| configmap.remote_data.remoteData.scheme | string | `"local"` | | +| configmap.remote_data.remoteData.signedUrls.durationMinutes | int | `3` | | +| configmap.resource_manager.propeller.resourcemanager.redis.hostKey | string | `"mypassword"` | | +| configmap.resource_manager.propeller.resourcemanager.redis.hostPath | string | `"redis-resource-manager:6379"` | | +| configmap.resource_manager.propeller.resourcemanager.resourceMaxQuota | int | `10000` | | +| configmap.resource_manager.propeller.resourcemanager.type | string | `"redis"` | | +| configmap.server.flyteadmin.metadataStoragePrefix[0] | string | `"metadata"` | | +| configmap.server.flyteadmin.metadataStoragePrefix[1] | string | `"admin"` | | +| configmap.server.flyteadmin.metricsScope | string | `"flyte:"` | | +| configmap.server.flyteadmin.profilerPort | int | `10254` | | +| configmap.server.flyteadmin.roleNameKey | string | `"iam.amazonaws.com/role"` | | +| configmap.server.flyteadmin.testing.host | string | `"http://flyteadmin"` | | +| configmap.server.server.grpcPort | int | `8089` | | +| configmap.server.server.httpPort | int | `8088` | | +| configmap.server.server.security.allowCors | bool | `true` | | +| configmap.server.server.security.allowedHeaders[0] | string | `"Content-Type"` | | +| configmap.server.server.security.allowedOrigins[0] | string | `"*"` | | +| configmap.server.server.security.secure | bool | `false` | | +| configmap.server.server.security.useAuth | bool | `false` | | +| configmap.spark.plugins.spark.spark-config-default | list | `[{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]` | Spark default configuration | +| configmap.storage.storage.connection.auth-type | string | `"accesskey"` | | +| configmap.storage.storage.connection.region | string | `"us-east-1"` | | +| configmap.storage.storage.container | string | `"my-s3-bucket"` | | +| configmap.storage.storage.type | string | `"minio"` | | +| configmap.task_logs.plugins.logs.kubernetes-enabled | bool | `false` | | +| configmap.task_resource_defaults.task_resources.defaults.cpu | string | `"100m"` | | +| configmap.task_resource_defaults.task_resources.defaults.memory | string | `"1000Mi"` | | +| configmap.task_resource_defaults.task_resources.defaults.storage | string | `"5Mi"` | | +| configmap.task_resource_defaults.task_resources.limits.cpu | string | `"15000m"` | | +| configmap.task_resource_defaults.task_resources.limits.memory | string | `"100Gi"` | | +| configmap.task_resource_defaults.task_resources.limits.storage | string | `"400Gi"` | | +| contour.affinity | object | `{}` | affinity for Contour deployment | +| contour.contour.image.pullPolicy | string | `"IfNotPresent"` | | +| contour.contour.image.repository | string | `"gcr.io/heptio-images/contour"` | Docker image for Contour | +| contour.contour.image.tag | string | `"v0.6.1"` | | +| contour.contour.resources | object | `{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Default resources requests and limits for Contour | +| contour.enabled | bool | `true` | | +| contour.envoy.image.pullPolicy | string | `"IfNotPresent"` | | +| contour.envoy.image.repository | string | `"docker.io/envoyproxy/envoy-alpine"` | Docker image for Envoy | +| contour.envoy.image.tag | string | `"v1.6.0"` | | +| contour.envoy.resources | object | `{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Default resources requests and limits for Envoy | +| contour.nodeSelector | object | `{}` | nodeSelector for Contour deployment | +| contour.podAnnotations | object | `{}` | Annotations for Contour pods | +| contour.replicaCount | int | `1` | Replicas count for Contour deployment | +| contour.service | object | `{"annotations":{},"ports":[{"nodePort":30081,"port":80,"protocol":"TCP"}],"type":"NodePort"}` | Service settings for Contour | +| contour.serviceAccountAnnotations | object | `{}` | Annotations for ServiceAccount attached to Contour pods | +| contour.tolerations | list | `[]` | tolerations for Contour deployment | +| datacatalog.affinity | object | `{}` | affinity for Datacatalog deployment | +| datacatalog.configPath | string | `"/etc/datacatalog/config/*.yaml"` | Default regex string for searching configuration files | +| datacatalog.image.pullPolicy | string | `"IfNotPresent"` | | +| datacatalog.image.repository | string | `"docker.io/lyft/datacatalog"` | Docker image for Datacatalog deployment | +| datacatalog.image.tag | string | `"v0.2.2"` | | +| datacatalog.nodeSelector | object | `{}` | nodeSelector for Datacatalog deployment | +| datacatalog.podAnnotations | object | `{}` | Annotations for Datacatalog pods | +| datacatalog.replicaCount | int | `1` | Replicas count for Datacatalog deployment | +| datacatalog.resources | object | `{"limits":{"cpu":"500m","ephemeral-storage":"100Mi","memory":"500Mi"},"requests":{"cpu":"10m","ephemeral-storage":"50Mi","memory":"50Mi"}}` | Default resources requests and limits for Datacatalog deployment | +| datacatalog.service | object | `{"annotations":{"contour.heptio.com/upstream-protocol.h2c":"grpc"},"type":"NodePort"}` | Service settings for Datacatalog | +| datacatalog.serviceAccountAnnotations | object | `{}` | Annotations for ServiceAccount attached to Datacatalog pods | +| datacatalog.tolerations | list | `[]` | tolerations for Datacatalog deployment | +| flyteadmin.affinity | object | `{}` | affinity for Flyteadmin deployment | +| flyteadmin.configPath | string | `"/etc/flyte/config/*.yaml"` | Default regex string for searching configuration files | +| flyteadmin.image.pullPolicy | string | `"IfNotPresent"` | | +| flyteadmin.image.repository | string | `"docker.io/lyft/flyteadmin"` | Docker image for Flyteadmin deployment | +| flyteadmin.image.tag | string | `"v0.3.7"` | | +| flyteadmin.nodeSelector | object | `{}` | nodeSelector for Flyteadmin deployment | +| flyteadmin.podAnnotations | object | `{}` | Annotations for Flyteadmin pods | +| flyteadmin.replicaCount | int | `1` | Replicas count for Flyteadmin deployment | +| flyteadmin.resources | object | `{"limits":{"cpu":"250m","ephemeral-storage":"100Mi","memory":"500Mi"},"requests":{"cpu":"10m","ephemeral-storage":"50Mi","memory":"50Mi"}}` | Default resources requests and limits for Flyteadmin deployment | +| flyteadmin.service | object | `{"annotations":{"contour.heptio.com/upstream-protocol.h2c":"grpc"},"type":"ClusterIP"}` | Service settings for Flyteadmin | +| flyteadmin.serviceAccountAnnotations | object | `{}` | Annotations for ServiceAccount attached to Flyteadmin pods | +| flyteadmin.tolerations | list | `[]` | tolerations for Flyteadmin deployment | +| flyteconsole.affinity | object | `{}` | affinity for Flyteconsole deployment | +| flyteconsole.image.pullPolicy | string | `"IfNotPresent"` | | +| flyteconsole.image.repository | string | `"docker.io/lyft/flyteconsole"` | Docker image for Flyteconsole deployment | +| flyteconsole.image.tag | string | `"v0.12.1"` | | +| flyteconsole.nodeSelector | object | `{}` | nodeSelector for Flyteconsole deployment | +| flyteconsole.podAnnotations | object | `{}` | Annotations for Flyteconsole pods | +| flyteconsole.replicaCount | int | `1` | Replicas count for Flyteconsole deployment | +| flyteconsole.resources | object | `{"limits":{"cpu":"500m","memory":"250Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Default resources requests and limits for Flyteconsole deployment | +| flyteconsole.service | object | `{"annotations":{},"type":"ClusterIP"}` | Service settings for Flyteconsole | +| flyteconsole.tolerations | list | `[]` | tolerations for Flyteconsole deployment | +| flytepropeller.affinity | object | `{}` | affinity for Flytepropeller deployment | +| flytepropeller.configPath | string | `"/etc/flyte/config/*.yaml"` | Default regex string for searching configuration files | +| flytepropeller.image.pullPolicy | string | `"IfNotPresent"` | | +| flytepropeller.image.repository | string | `"docker.io/lyft/flytepropeller"` | Docker image for Flytepropeller deployment | +| flytepropeller.image.tag | string | `"v0.4.2"` | | +| flytepropeller.nodeSelector | object | `{}` | nodeSelector for Flytepropeller deployment | +| flytepropeller.podAnnotations | object | `{}` | Annotations for Flytepropeller pods | +| flytepropeller.replicaCount | int | `1` | Replicas count for Flytepropeller deployment | +| flytepropeller.resources | object | `{"limits":{"cpu":"200m","ephemeral-storage":"100Mi","memory":"200Mi"},"requests":{"cpu":"10m","ephemeral-storage":"50Mi","memory":"50Mi"}}` | Default resources requests and limits for Flytepropeller deployment | +| flytepropeller.serviceAccountAnnotations | object | `{}` | Annotations for ServiceAccount attached to Flytepropeller pods | +| flytepropeller.tolerations | list | `[]` | tolerations for Flytepropeller deployment | +| minio.affinity | object | `{}` | affinity for Minio deployment | +| minio.enabled | bool | `true` | | +| minio.image.pullPolicy | string | `"IfNotPresent"` | | +| minio.image.repository | string | `"minio/minio"` | Docker image for Minio deployment | +| minio.image.tag | string | `"RELEASE.2019-06-04T01-15-58Z"` | | +| minio.nodeSelector | object | `{}` | nodeSelector for Minio deployment | +| minio.podAnnotations | object | `{}` | Annotations for Minio pods | +| minio.replicaCount | int | `1` | Replicas count for Minio deployment | +| minio.resources | object | `{"limits":{"cpu":"200m","memory":"512Mi"},"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources requests and limits for Minio deployment | +| minio.service | object | `{"annotations":{},"type":"ClusterIP"}` | Service settings for Minio | +| minio.tolerations | list | `[]` | tolerations for Minio deployment | +| postgres.affinity | object | `{}` | affinity for Postgres deployment | +| postgres.enabled | bool | `true` | | +| postgres.image.pullPolicy | string | `"IfNotPresent"` | | +| postgres.image.repository | string | `"postgres"` | Docker image for Postgres deployment | +| postgres.image.tag | string | `"10.1"` | | +| postgres.nodeSelector | object | `{}` | nodeSelector for Postgres deployment | +| postgres.podAnnotations | object | `{}` | Annotations for Postgres pods | +| postgres.replicaCount | int | `1` | Replicas count for Postgres deployment | +| postgres.resources | object | `{"limits":{"cpu":"1000m","memory":"512Mi"},"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources requests and limits for Postgres deployment | +| postgres.service | object | `{"annotations":{},"type":"ClusterIP"}` | Service settings for Postgres | +| postgres.tolerations | list | `[]` | tolerations for Postgres deployment | +| pytorchoperator.affinity | object | `{}` | affinity for Pytorchoperator deployment | +| pytorchoperator.enabled | bool | `true` | | +| pytorchoperator.image.pullPolicy | string | `"IfNotPresent"` | | +| pytorchoperator.image.repository | string | `"gcr.io/kubeflow-images-public/pytorch-operator"` | Docker image for Pytorchoperator | +| pytorchoperator.image.tag | string | `"v1.0.0-g047cf0f"` | | +| pytorchoperator.nodeSelector | object | `{}` | nodeSelector for Pytorchoperator deployment | +| pytorchoperator.podAnnotations | object | `{}` | Annotations for Pytorchoperator pods | +| pytorchoperator.replicaCount | int | `1` | Replicas count for Pytorchoperator deployment | +| pytorchoperator.resources | object | `{"limits":{"cpu":"500m","memory":"1000M"},"requests":{"cpu":"10m","memory":"50M"}}` | Default resources requests and limits for Pytorchoperator | +| pytorchoperator.service | object | `{"annotations":{},"type":"ClusterIP"}` | Service settings for Pytorchoperator | +| pytorchoperator.serviceAccountAnnotations | object | `{}` | Annotations for ServiceAccount attached to Pytorchoperator pods | +| pytorchoperator.tolerations | list | `[]` | tolerations for Pytorchoperator deployment | +| redis.affinity | object | `{}` | affinity for Redis Statefulset | +| redis.enabled | bool | `true` | | +| redis.image.pullPolicy | string | `"IfNotPresent"` | | +| redis.image.repository | string | `"docker.io/bitnami/redis"` | Docker image for Redis Statefulset | +| redis.image.tag | string | `"4.0.2-r1"` | | +| redis.nodeSelector | object | `{}` | nodeSelector for Redis Statefulset | +| redis.podAnnotations | object | `{}` | Annotations for Redis pods | +| redis.replicaCount | int | `1` | Replicas count for Redis Statefulset | +| redis.resources | object | `{"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Default resources requests and limits for Redis Statefulset | +| redis.service | object | `{"annotations":{},"type":"ClusterIP"}` | Service settings for Redis | +| redis.tolerations | list | `[]` | tolerations for Redis Statefulset | +| sparkoperator.affinity | object | `{}` | affinity for Sparkoperator deployment | +| sparkoperator.enabled | bool | `true` | | +| sparkoperator.image.pullPolicy | string | `"IfNotPresent"` | | +| sparkoperator.image.repository | string | `"gcr.io/spark-operator/spark-operator"` | Docker image for Sparkoperator | +| sparkoperator.image.tag | string | `"v2.4.0-v1beta1-0.9.0"` | | +| sparkoperator.nodeSelector | object | `{}` | nodeSelector for Sparkoperator deployment | +| sparkoperator.podAnnotations | object | `{}` | Annotations for Sparkoperator pods | +| sparkoperator.replicaCount | int | `1` | Replicas count for Sparkoperator deployment | +| sparkoperator.resources | object | `{"limits":{"cpu":"1000m","memory":"500M"},"requests":{"cpu":"10m","memory":"50M"}}` | Default resources requests and limits for Sparkoperator | +| sparkoperator.service | object | `{"annotations":{},"type":"ClusterIP"}` | Service settings for Contour | +| sparkoperator.serviceAccountAnnotations | object | `{}` | Annotations for ServiceAccount attached to Sparkoperator pods | +| sparkoperator.tolerations | list | `[]` | tolerations for Sparkoperator deployment | diff --git a/helm/README.md.gotmpl b/helm/README.md.gotmpl new file mode 100644 index 0000000000..eb4f8c63d5 --- /dev/null +++ b/helm/README.md.gotmpl @@ -0,0 +1,28 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +### SANDBOX INSTALLATION: +- Install `helm 3` realese version +- Generate `helm template --name-template=flyte-sandbox . -n flyte -f values-sandbox.yaml > flyte_generated_sandbox.yaml` +- Deploy the manifest `kubectl apply -f flyte_generated_sandbox.yaml` +- When all pods are running - run end2end tests: `kubectl apply -f ../end2end/tests/endtoend.yaml` +- Get flyte host `minikube service contour -n heptio-contour --url`. And then visit `http:///console` + +### CONFIGURATION NOTES: +- The docker images, their tags and other default parameters are configured in `values.yaml` file. +- Each Flyte installation type should have separate `values-*.yaml` file: for sandbox, EKS and etc. The configuration in `values.yaml` and the choosen config `values-*.yaml` are merged when generating the deployment manifest. +- The configuration in `values-sandbox.yaml` is ready for installation in minikube. But `values-eks.yaml` should be edited before installation: s3 bucket, RDS hosts, iam roles, secrets and etc need to be modified. + +{{ template "chart.valuesSection" . }} diff --git a/helm/templates/admin/configmap.yaml b/helm/templates/admin/configmap.yaml index 75921682d2..a061058caa 100644 --- a/helm/templates/admin/configmap.yaml +++ b/helm/templates/admin/configmap.yaml @@ -5,18 +5,27 @@ metadata: namespace: {{ template "flyte.namespace" . }} labels: {{ include "flyteadmin.labels" . | nindent 4 }} data: - cluster_resources.yaml: | {{ toYaml .Values.configmap.cluster_resources | nindent 4 }} - - db.yaml: | {{ toYaml .Values.configmap.db | nindent 4 }} - - domain.yaml: | {{ toYaml .Values.configmap.domain | nindent 4 }} - - logger.yaml: | {{ toYaml .Values.configmap.logger | nindent 4 }} - - remote_data.yaml: | {{ toYaml .Values.configmap.remote_data | nindent 4 }} - - server.yaml: | {{ toYaml .Values.configmap.server | nindent 4 }} - - storage.yaml: | {{ toYaml .Values.configmap.storage | nindent 4 }} - - task_resource_defaults.yaml: | {{ toYaml .Values.configmap.task_resource_defaults | nindent 4 }} +{{- with .Values.configmap.cluster_resources }} + cluster_resources.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.db }} + db.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.domain }} + domain.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.logger }} + logger.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.remote_data }} + remote_data.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.server }} + server.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.storage }} + storage.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.task_resource_defaults }} + task_resource_defaults.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} diff --git a/helm/templates/common/configmap.yaml b/helm/templates/common/configmap.yaml index 606585656f..4291ec676f 100644 --- a/helm/templates/common/configmap.yaml +++ b/helm/templates/common/configmap.yaml @@ -14,6 +14,7 @@ data: {{- with .Values.configmap.ac_project_copilot_dataconfig }} ac_project-copilot-dataconfig.yaml: | {{ . | nindent 4 }} {{- end }} +{{- if .Values.sparkoperator.enabled }} {{- with .Values.configmap.ad_spark_role }} ad_spark-role.yaml: | {{ . | nindent 4 }} {{- end }} @@ -23,3 +24,4 @@ data: {{- with .Values.configmap.af_spark_role_binding }} af_spark-role-binding.yaml: | {{ . | nindent 4 }} {{- end }} +{{- end }} diff --git a/helm/templates/common/ingress.yaml b/helm/templates/common/ingress.yaml index 93c65bcbcf..67539b0658 100644 --- a/helm/templates/common/ingress.yaml +++ b/helm/templates/common/ingress.yaml @@ -1,9 +1,10 @@ +{{- if .Values.common.ingress.enabled }} apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ template "flyte.name" . }} namespace: {{ template "flyte.namespace" . }} - {{- with .Values.common.ingressAnnotations }} + {{- with .Values.common.ingress.annotations }} annotations: {{ toYaml . | nindent 4}} {{- end }} spec: @@ -38,3 +39,4 @@ spec: serviceName: flyteadmin servicePort: 87 path: /openapi +{{- end }} \ No newline at end of file diff --git a/helm/templates/common/namespace.yaml b/helm/templates/common/namespace.yaml index bf158e57c9..c8a3dc17a7 100644 --- a/helm/templates/common/namespace.yaml +++ b/helm/templates/common/namespace.yaml @@ -1,4 +1,6 @@ +{{- if .Values.common.flyteNamespaceTemplate.enabled }} apiVersion: v1 kind: Namespace metadata: name: {{ template "flyte.namespace" . }} +{{- end }} diff --git a/helm/templates/common/secret.yaml b/helm/templates/common/secret.yaml index 7eb925de80..0282eda01d 100644 --- a/helm/templates/common/secret.yaml +++ b/helm/templates/common/secret.yaml @@ -1,4 +1,3 @@ {{- with .Values.common.databaseSecret.secretManifest }} {{ toYaml . }} {{- end }} - \ No newline at end of file diff --git a/helm/templates/datacatalog/configmap.yaml b/helm/templates/datacatalog/configmap.yaml index a552b02dac..dce73e47e4 100644 --- a/helm/templates/datacatalog/configmap.yaml +++ b/helm/templates/datacatalog/configmap.yaml @@ -5,10 +5,15 @@ metadata: namespace: {{ template "flyte.namespace" . }} labels: {{ include "datacatalog.labels" . | nindent 4 }} data: - db.yaml: | {{ toYaml .Values.configmap.db | nindent 4 }} - - logger.yaml: | {{ toYaml .Values.configmap.logger | nindent 4 }} - - server.yaml: | {{ toYaml .Values.configmap.datacatalogServer | nindent 4 }} - - storage.yaml: | {{ toYaml .Values.configmap.storage | nindent 4 }} +{{- with .Values.configmap.db }} + db.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.logger }} + logger.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.datacatalogServer }} + server.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.storage }} + storage.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} diff --git a/helm/templates/propeller/configmap.yaml b/helm/templates/propeller/configmap.yaml index 5d341c05bd..c604b5656e 100644 --- a/helm/templates/propeller/configmap.yaml +++ b/helm/templates/propeller/configmap.yaml @@ -5,28 +5,42 @@ metadata: namespace: {{ template "flyte.namespace" . }} labels: {{ include "flyteadmin.labels" . | nindent 4 }} data: - admin.yaml: | {{ toYaml .Values.configmap.admin | nindent 4 }} - - catalog.yaml: | {{ toYaml .Values.configmap.catalog | nindent 4 }} - - catalog_cache.yaml: | {{ toYaml .Values.configmap.catalog_cache | nindent 4 }} - - copilot.yaml: | {{ toYaml .Values.configmap.copilot | nindent 4 }} - - core.yaml: | {{ toYaml .Values.configmap.core | nindent 4 }} - - enabled_plugins.yaml: | {{ toYaml .Values.configmap.enabled_plugins | nindent 4 }} - - k8s.yaml: | {{ toYaml .Values.configmap.k8s | nindent 4 }} - - logger.yaml: | {{ toYaml .Values.configmap.logger | nindent 4 }} - - qubole.yaml: | {{ toYaml .Values.configmap.qubole | nindent 4 }} - - resource_manager.yaml: | {{ toYaml .Values.configmap.resource_manager | nindent 4 }} - - spark.yaml: | {{ toYaml .Values.configmap.spark | nindent 4 }} - - storage.yaml: | {{ toYaml .Values.configmap.storage | nindent 4 }} - - task_logs.yaml: | {{ toYaml .Values.configmap.task_logs | nindent 4 }} +{{- with .Values.configmap.admin }} + admin.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.catalog }} + catalog.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.catalog_cache }} + catalog_cache.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.copilot }} + copilot.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.core }} + core.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.enabled_plugins }} + enabled_plugins.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.k8s }} + k8s.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.logger }} + logger.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.qubole }} + qubole.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.resource_manager }} + resource_manager.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.spark }} + spark.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.storage }} + storage.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.configmap.task_logs }} + task_logs.yaml: | {{ toYaml . | nindent 4 }} +{{- end }} diff --git a/helm/values-eks.yaml b/helm/values-eks.yaml index d1a113a841..0059572e80 100644 --- a/helm/values-eks.yaml +++ b/helm/values-eks.yaml @@ -67,7 +67,7 @@ datacatalog: service: annotations: contour.heptio.com/upstream-protocol.h2c: grpc - + affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -155,14 +155,14 @@ redis: # postgres: - enabled: false # recommended adding managed RDS host to the config + enabled: false # # MINIO # minio: - enabled: false # Use AWS S3 bucket instead + enabled: false # # CONTOUR diff --git a/helm/values-sandbox.yaml b/helm/values-sandbox.yaml index 41a351c741..e5926b4b11 100644 --- a/helm/values-sandbox.yaml +++ b/helm/values-sandbox.yaml @@ -63,7 +63,10 @@ pytorchoperator: {} # COMMON # -common: {} +common: + databaseSecret: {} + ingress: {} + flyteNamespaceTemplate: {} # # CONFIGMAPS @@ -76,7 +79,7 @@ configmap: port: 5432 username: postgres host: postgres - dbname: flyte + dbname: flyte_development storage: storage: @@ -109,6 +112,12 @@ configmap: - FLYTE_AWS_ACCESS_KEY_ID: minio - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage + task_logs: + plugins: + logs: + kubernetes-enabled: true + kubernetes-url: http://localhost:30082 + logger: logger: show-source: true diff --git a/helm/values.yaml b/helm/values.yaml index 67497dafa6..5c6d1ca33a 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,15 +1,17 @@ # -# FLYTEADMIN +# FLYTEADMIN SETTINGS # flyteadmin: + # -- Replicas count for Flyteadmin deployment replicaCount: 1 image: + # -- Docker image for Flyteadmin deployment repository: docker.io/lyft/flyteadmin tag: v0.3.7 pullPolicy: IfNotPresent - serviceAccountAnnotations: {} + # -- Default resources requests and limits for Flyteadmin deployment resources: limits: cpu: 250m @@ -19,26 +21,37 @@ flyteadmin: cpu: 10m ephemeral-storage: 50Mi memory: 50Mi + # -- Default regex string for searching configuration files configPath: /etc/flyte/config/*.yaml + # -- Service settings for Flyteadmin service: annotations: contour.heptio.com/upstream-protocol.h2c: grpc + type: ClusterIP + # -- Annotations for ServiceAccount attached to Flyteadmin pods + serviceAccountAnnotations: {} + # -- Annotations for Flyteadmin pods podAnnotations: {} + # -- nodeSelector for Flyteadmin deployment nodeSelector: {} + # -- tolerations for Flyteadmin deployment tolerations: [] + # -- affinity for Flyteadmin deployment affinity: {} # -# DATACATALOG +# DATACATALOG SETTINGS # datacatalog: + # -- Replicas count for Datacatalog deployment replicaCount: 1 image: + # -- Docker image for Datacatalog deployment repository: docker.io/lyft/datacatalog tag: v0.2.2 pullPolicy: IfNotPresent - serviceAccountAnnotations: {} + # -- Default resources requests and limits for Datacatalog deployment resources: limits: cpu: 500m @@ -48,27 +61,37 @@ datacatalog: cpu: 10m ephemeral-storage: 50Mi memory: 50Mi + # -- Default regex string for searching configuration files configPath: /etc/datacatalog/config/*.yaml + # -- Service settings for Datacatalog service: annotations: contour.heptio.com/upstream-protocol.h2c: grpc type: NodePort + # -- Annotations for ServiceAccount attached to Datacatalog pods + serviceAccountAnnotations: {} + # -- Annotations for Datacatalog pods podAnnotations: {} + # -- nodeSelector for Datacatalog deployment nodeSelector: {} + # -- tolerations for Datacatalog deployment tolerations: [] + # -- affinity for Datacatalog deployment affinity: {} # -# FLYTEPROPELLER +# FLYTEPROPELLER SETTINGS # flytepropeller: + # -- Replicas count for Flytepropeller deployment replicaCount: 1 image: + # -- Docker image for Flytepropeller deployment repository: docker.io/lyft/flytepropeller tag: v0.4.2 pullPolicy: IfNotPresent - serviceAccountAnnotations: {} + # -- Default resources requests and limits for Flytepropeller deployment resources: limits: cpu: 200m @@ -78,22 +101,32 @@ flytepropeller: cpu: 10m ephemeral-storage: 50Mi memory: 50Mi + # -- Default regex string for searching configuration files configPath: /etc/flyte/config/*.yaml + # -- Annotations for ServiceAccount attached to Flytepropeller pods + serviceAccountAnnotations: {} + # -- Annotations for Flytepropeller pods podAnnotations: {} + # -- nodeSelector for Flytepropeller deployment nodeSelector: {} + # -- tolerations for Flytepropeller deployment tolerations: [] + # -- affinity for Flytepropeller deployment affinity: {} # -# FLYTECONSOLE +# FLYTECONSOLE SETTINGS # flyteconsole: + # -- Replicas count for Flyteconsole deployment replicaCount: 1 image: + # -- Docker image for Flyteconsole deployment repository: docker.io/lyft/flyteconsole tag: v0.12.1 pullPolicy: IfNotPresent + # -- Default resources requests and limits for Flyteconsole deployment resources: limits: cpu: 500m @@ -101,87 +134,140 @@ flyteconsole: requests: cpu: 10m memory: 50Mi - service: {} + # -- Service settings for Flyteconsole + service: + annotations: {} + type: ClusterIP + # -- Annotations for Flyteconsole pods podAnnotations: {} + # -- nodeSelector for Flyteconsole deployment nodeSelector: {} + # -- tolerations for Flyteconsole deployment tolerations: [] + # -- affinity for Flyteconsole deployment affinity: {} # -# REDIS +# REDIS SETTINGS # redis: - enabled: true # Set false to define malternative redis + # --- enable or disable Redis Statefulset installation + enabled: true + # -- Replicas count for Redis Statefulset replicaCount: 1 image: + # -- Docker image for Redis Statefulset repository: docker.io/bitnami/redis tag: 4.0.2-r1 pullPolicy: IfNotPresent + # -- Default resources requests and limits for Redis Statefulset resources: requests: cpu: 10m memory: 50Mi - service: {} + limits: + cpu: 1000m + memory: 1Gi + # -- Service settings for Redis + service: + annotations: {} + type: ClusterIP + # -- Annotations for Redis pods podAnnotations: {} + # -- nodeSelector for Redis Statefulset nodeSelector: {} + # -- tolerations for Redis Statefulset tolerations: [] + # -- affinity for Redis Statefulset affinity: {} # -# POSTGRES +# POSTGRES SETTINGS # postgres: - enabled: true # Set false if you are going to use RDS + # --- enable or disable Postgres deployment installation + enabled: true + # -- Replicas count for Postgres deployment replicaCount: 1 image: + # -- Docker image for Postgres deployment repository: postgres tag: "10.1" pullPolicy: IfNotPresent + # -- Default resources requests and limits for Postgres deployment resources: requests: cpu: 10m memory: 128Mi - service: {} + limits: + cpu: 1000m + memory: 512Mi + # -- Service settings for Postgres + service: + annotations: {} + type: ClusterIP + # -- Annotations for Postgres pods podAnnotations: {} + # -- nodeSelector for Postgres deployment nodeSelector: {} + # -- tolerations for Postgres deployment tolerations: [] + # -- affinity for Postgres deployment affinity: {} # -# MINIO +# MINIO SETTINGS # minio: - enabled: true # Set false if you'd like using S3 + # --- enable or disable Minio deployment installation + enabled: true + # -- Replicas count for Minio deployment replicaCount: 1 image: + # -- Docker image for Minio deployment repository: minio/minio tag: RELEASE.2019-06-04T01-15-58Z pullPolicy: IfNotPresent + # -- Default resources requests and limits for Minio deployment resources: requests: cpu: 10m memory: 128Mi - service: {} + limits: + cpu: 200m + memory: 512Mi + # -- Service settings for Minio + service: + annotations: {} + type: ClusterIP + # -- Annotations for Minio pods podAnnotations: {} + # -- nodeSelector for Minio deployment nodeSelector: {} + # -- tolerations for Minio deployment tolerations: [] + # -- affinity for Minio deployment affinity: {} # -# CONTOUR +# CONTOUR SETTINGS # contour: - enabled: true # Set false if you have alternative ingress controller like Istio or Ingress-Nginx + # --- enable or disable Contour deployment installation + enabled: true + # -- Replicas count for Contour deployment replicaCount: 1 contour: image: + # -- Docker image for Contour repository: gcr.io/heptio-images/contour tag: v0.6.1 pullPolicy: IfNotPresent + # -- Default resources requests and limits for Contour resources: requests: cpu: 10m @@ -191,9 +277,11 @@ contour: memory: 100Mi envoy: image: + # -- Docker image for Envoy repository: docker.io/envoyproxy/envoy-alpine tag: v1.6.0 pullPolicy: IfNotPresent + # -- Default resources requests and limits for Envoy resources: requests: cpu: 10m @@ -201,33 +289,40 @@ contour: limits: cpu: 100m memory: 100Mi + # -- Service settings for Contour service: - annotations: + annotations: {} type: NodePort ports: - protocol: TCP port: 80 nodePort: 30081 + # -- Annotations for ServiceAccount attached to Contour pods serviceAccountAnnotations: {} + # -- Annotations for Contour pods podAnnotations: {} + # -- nodeSelector for Contour deployment nodeSelector: {} + # -- tolerations for Contour deployment tolerations: [] + # -- affinity for Contour deployment affinity: {} # -# SPARKOPERATOR +# SPARKOPERATOR SETTINGS # sparkoperator: - enabled: true # Set false to disable + # --- enable or disable Sparkoperator deployment installation + enabled: true + # -- Replicas count for Sparkoperator deployment replicaCount: 1 image: + # -- Docker image for Sparkoperator repository: gcr.io/spark-operator/spark-operator tag: v2.4.0-v1beta1-0.9.0 pullPolicy: IfNotPresent - serviceAccountAnnotations: {} - securityContext: {} - service: {} + # -- Default resources requests and limits for Sparkoperator resources: limits: cpu: 1000m @@ -235,24 +330,36 @@ sparkoperator: requests: cpu: 10m memory: 50M + # -- Service settings for Contour + service: + annotations: {} + type: ClusterIP + # -- Annotations for ServiceAccount attached to Sparkoperator pods + serviceAccountAnnotations: {} + # -- Annotations for Sparkoperator pods podAnnotations: {} + # -- nodeSelector for Sparkoperator deployment nodeSelector: {} + # -- tolerations for Sparkoperator deployment tolerations: [] + # -- affinity for Sparkoperator deployment affinity: {} # -# PYTORCHOPERATOR +# PYTORCHOPERATOR SETTINGS # pytorchoperator: + # --- enable or disable Pytorchoperator deployment installation enabled: true # Set false to disable + # -- Replicas count for Pytorchoperator deployment replicaCount: 1 image: + # -- Docker image for Pytorchoperator repository: gcr.io/kubeflow-images-public/pytorch-operator tag: v1.0.0-g047cf0f pullPolicy: IfNotPresent - serviceAccountAnnotations: {} - service: {} + # -- Default resources requests and limits for Pytorchoperator resources: limits: cpu: 500m @@ -260,32 +367,51 @@ pytorchoperator: requests: cpu: 10m memory: 50M + # -- Service settings for Pytorchoperator + service: + annotations: {} + type: ClusterIP + # -- Annotations for ServiceAccount attached to Pytorchoperator pods + serviceAccountAnnotations: {} + # -- Annotations for Pytorchoperator pods podAnnotations: {} + # -- nodeSelector for Pytorchoperator deployment nodeSelector: {} + # -- tolerations for Pytorchoperator deployment tolerations: [] + # -- affinity for Pytorchoperator deployment affinity: {} # -# COMMON +# COMMON SETTINGS # common: databaseSecret: - create: false - name: - ingressAnnotations: {} - # nginx.ingress.kubernetes.io/ssl-redirect: "false" + # -- Specify name of K8s Secret which contains Database password. Leave it empty if you don't need this Secret + name: "" + # -- Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See https://github.com/godaddy/kubernetes-external-secrets + secretManifest: {} + ingress: + # --- enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. + enabled: true + annotations: {} + flyteNamespaceTemplate: + # --- enable or disable creating Flyte namespace in template. Enable whem using helm as template-engine only. Disable when using `helm install ...`. + enabled: true # -# CONFIGMAPS +# CONFIGMAPS SETTINGS # configmap: + # Configmap for Flyte console UI console: BASE_URL: /console CONFIG_DIR: /etc/flyte/config + # Configmap for ClusterResource parameters cluster_resources: cluster_resources: templatePath: "/etc/flyte/clusterresource/templates" @@ -307,9 +433,16 @@ configmap: value: "3000Mi" refresh: 5m + # Database configuration db: database: {} + # port: 5432 + # username: postgres + # host: postgres + # dbname: flyte + # passwordPath: /etc/db/pass.txt + # Domains configuration for Flyte projects domain: domains: - id: development @@ -319,6 +452,7 @@ configmap: - id: production name: production + # Remote data configuration remote_data: remoteData: region: us-east-1 @@ -326,6 +460,7 @@ configmap: signedUrls: durationMinutes: 3 + # Flyteadmin server config server: server: httpPort: 8088 @@ -349,12 +484,14 @@ configmap: testing: host: http://flyteadmin + # Datacatalog server config datacatalogServer: datacatalog: storage-prefix: metadata/datacatalog metrics-scope: datacatalog profiler-port: 10254 + # Storage configuration storage: storage: type: minio @@ -363,6 +500,7 @@ configmap: auth-type: accesskey region: us-east-1 + # Task default resources configuration task_resource_defaults: task_resources: defaults: @@ -374,6 +512,7 @@ configmap: memory: 100Gi storage: 400Gi + # Admin configuration admin: event: type: admin @@ -383,12 +522,14 @@ configmap: endpoint: flyteadmin:81 insecure: true + # Catalog configuration catalog: catalog-cache: endpoint: datacatalog:89 type: datacatalog insecure: true + # Catalog cache configuration catalog_cache: plugins: catalogCache: @@ -397,6 +538,7 @@ configmap: writer: maxItems: 10000 + # Copilot configuration copilot: plugins: k8s: @@ -405,6 +547,7 @@ configmap: image: docker.io/lyft/flytecopilot:v0.3.35 start-timeout: 30s + # Core propeller configuration core: propeller: rawoutput-prefix: s3://my-s3-bucket/ @@ -438,28 +581,36 @@ configmap: rate: 10 capacity: 100 + # Plugins configuration enabled_plugins: tasks: max-plugin-phase-versions: 1000000 task-plugins: enabled-plugins: [] + # Kubernetes plugin configuration k8s: plugins: k8s: + default-env-vars: [] + # - DEFAULT_ENV_VAR: VALUE + default-cpus: 100m default-memory: 100Mi - + + # Logger configuration logger: logger: show-source: true level: 4 + # Qubole plugin configuration qubole: plugins: qubole: quboleTokenKey: "FLYTE_QUBOLE_CLIENT_TOKEN" + # Resource manager configuration resource_manager: propeller: resourcemanager: @@ -469,9 +620,11 @@ configmap: hostPath: redis-resource-manager:6379 hostKey: mypassword + # Spark plugin configuration spark: plugins: spark: + # -- Spark default configuration spark-config-default: - spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version: "2" - spark.kubernetes.allocation.batch.size: "50" @@ -487,11 +640,13 @@ configmap: - spark.blacklist.timeout: "5m" - spark.task.maxfailures: "8" + # Tasks logs plugin configuration task_logs: plugins: logs: - kubernetes-enabled: true + kubernetes-enabled: false + # -- Template for namespaces resources aa_namespace: | apiVersion: v1 kind: Namespace @@ -501,6 +656,7 @@ configmap: finalizers: - kubernetes + # -- Template for spark role ad_spark_role: | apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role @@ -527,6 +683,7 @@ configmap: verbs: - '*' + # -- Template for spark SA ae_spark_service_account: | apiVersion: v1 kind: ServiceAccount @@ -534,6 +691,7 @@ configmap: name: spark namespace: {{ namespace }} + # -- Template for spark role binding af_spark_role_binding: | apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding From bb6985357571c4033c0bb7b57ea7b34b89db026d Mon Sep 17 00:00:00 2001 From: Ruslan Stanevich Date: Mon, 9 Nov 2020 18:18:16 +0300 Subject: [PATCH 4/5] improve templates --- helm/templates/admin/rbac.yaml | 2 +- helm/templates/common/namespace.yaml | 3 +++ helm/templates/contour/namespace.yaml | 2 +- helm/templates/sparkoperator/deployment.yaml | 7 ++++--- helm/templates/sparkoperator/job.yaml | 6 ++++-- helm/templates/sparkoperator/service.yaml | 2 +- helm/values.yaml | 14 ++++++++------ 7 files changed, 22 insertions(+), 14 deletions(-) diff --git a/helm/templates/admin/rbac.yaml b/helm/templates/admin/rbac.yaml index 8b430aca9c..9696437360 100644 --- a/helm/templates/admin/rbac.yaml +++ b/helm/templates/admin/rbac.yaml @@ -40,7 +40,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ template "flyteadmin.name" . }} + name: {{ template "flyteadmin.name" . }}-binding labels: {{ include "flyteadmin.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/helm/templates/common/namespace.yaml b/helm/templates/common/namespace.yaml index c8a3dc17a7..7e4f26d461 100644 --- a/helm/templates/common/namespace.yaml +++ b/helm/templates/common/namespace.yaml @@ -3,4 +3,7 @@ apiVersion: v1 kind: Namespace metadata: name: {{ template "flyte.namespace" . }} +spec: + finalizers: + - kubernetes {{- end }} diff --git a/helm/templates/contour/namespace.yaml b/helm/templates/contour/namespace.yaml index 5262f4fb84..a7148f0bfb 100644 --- a/helm/templates/contour/namespace.yaml +++ b/helm/templates/contour/namespace.yaml @@ -1,4 +1,4 @@ -{{- if .Values.sparkoperator.enabled }} +{{- if .Values.contour.enabled }} apiVersion: v1 kind: Namespace metadata: diff --git a/helm/templates/sparkoperator/deployment.yaml b/helm/templates/sparkoperator/deployment.yaml index 07734eb29d..6464e1f99a 100644 --- a/helm/templates/sparkoperator/deployment.yaml +++ b/helm/templates/sparkoperator/deployment.yaml @@ -23,15 +23,16 @@ spec: command: - /usr/bin/spark-operator args: + - -webhook-svc-namespace + - sparkoperator - -logtostderr - -v=2 - - -controller-threads=20 + - -enable-webhook=true + - -controller-threads=5 - -enable-metrics=true - "-metrics-prefix=service:" - -metrics-labels=task_name - -metrics-labels=workflow_name - - -enable-webhook=true - - -webhook-svc-namespace=sparkoperator env: - name: GOMAXPROCS value: "16" diff --git a/helm/templates/sparkoperator/job.yaml b/helm/templates/sparkoperator/job.yaml index fc155d54cb..e3129866f5 100644 --- a/helm/templates/sparkoperator/job.yaml +++ b/helm/templates/sparkoperator/job.yaml @@ -17,12 +17,14 @@ spec: containers: - image: "{{ .Values.sparkoperator.image.repository }}:{{ .Values.sparkoperator.image.tag }}" imagePullPolicy: "{{ .Values.sparkoperator.image.pullPolicy }}" - name: sparkoperator + name: main command: - /usr/bin/gencerts.sh - --namespace - sparkoperator - - -p + - '--service' + - spark-webhook + - '--in-pod' restartPolicy: Never serviceAccountName: {{ template "sparkoperator.name" . }} {{- end }} diff --git a/helm/templates/sparkoperator/service.yaml b/helm/templates/sparkoperator/service.yaml index 90840e8611..80da0c9359 100644 --- a/helm/templates/sparkoperator/service.yaml +++ b/helm/templates/sparkoperator/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "sparkoperator.name" . }} + name: spark-webhook namespace: {{ template "sparkoperator.namespace" . }} labels: {{ include "sparkoperator.labels" . | nindent 4 }} {{- with .Values.sparkoperator.service.annotations }} diff --git a/helm/values.yaml b/helm/values.yaml index 5c6d1ca33a..25ccb54a3e 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -413,6 +413,7 @@ configmap: # Configmap for ClusterResource parameters cluster_resources: + # -- ClusterResource parameters cluster_resources: templatePath: "/etc/flyte/clusterresource/templates" customData: @@ -460,7 +461,7 @@ configmap: signedUrls: durationMinutes: 3 - # Flyteadmin server config + # -- Flyteadmin server config server: server: httpPort: 8088 @@ -469,11 +470,6 @@ configmap: secure: false useAuth: false allowCors: true - allowedOrigins: - # Accepting all domains for Sandbox installation - - "*" - allowedHeaders: - - "Content-Type" flyteadmin: roleNameKey: "iam.amazonaws.com/role" profilerPort: 10254 @@ -490,6 +486,10 @@ configmap: storage-prefix: metadata/datacatalog metrics-scope: datacatalog profiler-port: 10254 + application: + grpcPort: 8089 + httpPort: 8080 + grpcServerReflection: true # Storage configuration storage: @@ -502,6 +502,7 @@ configmap: # Task default resources configuration task_resource_defaults: + # -- Task default resources parameters task_resources: defaults: cpu: 100m @@ -612,6 +613,7 @@ configmap: # Resource manager configuration resource_manager: + # -- resource manager configuration propeller: resourcemanager: type: redis From 979343b79e94241cd32576d67947345711f1a293 Mon Sep 17 00:00:00 2001 From: Ruslan Stanevich Date: Tue, 2 Feb 2021 21:23:33 +0300 Subject: [PATCH 5/5] Support gRPC loadbalncing for EKS with AWS ALB --- helm/templates/common/ingress.yaml | 72 ++++++++++++++++++++++++++++++ helm/values-eks.yaml | 65 +++++---------------------- 2 files changed, 83 insertions(+), 54 deletions(-) diff --git a/helm/templates/common/ingress.yaml b/helm/templates/common/ingress.yaml index 67539b0658..6bbf9f10e7 100644 --- a/helm/templates/common/ingress.yaml +++ b/helm/templates/common/ingress.yaml @@ -1,4 +1,7 @@ {{- if .Values.common.ingress.enabled }} + +{{- if .Values.contour.enabled }} +--- apiVersion: extensions/v1beta1 kind: Ingress metadata: @@ -39,4 +42,73 @@ spec: serviceName: flyteadmin servicePort: 87 path: /openapi + +{{- else }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "flyte.name" . }}-http1 + namespace: {{ template "flyte.namespace" . }} + annotations: + alb.ingress.kubernetes.io/backend-protocol-version: HTTP1 + {{- with .Values.common.ingress.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} +spec: + rules: + - {{- with .Values.common.ingress.host }} + host: {{ . }} + {{- end }} + http: + paths: + - backend: + serviceName: flyteconsole + servicePort: 80 + path: /console* + - backend: + serviceName: flyteconsole + servicePort: 80 + path: /__webpack_hmr* + - backend: + serviceName: flyteadmin + servicePort: 80 + path: /api* + - backend: + serviceName: flyteadmin + servicePort: 80 + path: /healthcheck* + - backend: + serviceName: flyteadmin + servicePort: 80 + path: /v1* + - backend: + serviceName: flyteadmin + servicePort: 87 + path: /openapi* +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "flyte.name" . }}-grpc + namespace: {{ template "flyte.namespace" . }} + annotations: + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + {{- with .Values.common.ingress.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} +spec: + rules: + - {{- with .Values.common.ingress.host }} + host: {{ . }} + {{- end }} + http: + paths: + - backend: + serviceName: flyteadmin + servicePort: 81 + path: /flyteidl.service.AdminService* + +{{- end }} + {{- end }} \ No newline at end of file diff --git a/helm/values-eks.yaml b/helm/values-eks.yaml index 0059572e80..5dbb89468a 100644 --- a/helm/values-eks.yaml +++ b/helm/values-eks.yaml @@ -169,60 +169,7 @@ minio: # contour: - enabled: true - replicaCount: 2 - contour: - image: - repository: gcr.io/heptio-images/contour - tag: v0.6.1 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 2000m - memory: 1000Mi - envoy: - image: - repository: docker.io/envoyproxy/envoy-alpine - tag: v1.6.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 2000m - memory: 1000Mi - - service: - annotations: - external-dns.alpha.kubernetes.io/hostname: flyte.examlple.com - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1::certificate/" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" - service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-internal: "true" - service.beta.kubernetes.io/aws-load-balancer-type: nlb - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" - type: LoadBalancer - ports: - - name: tcp - protocol: TCP - port: 80 - - name: tls - protocol: TCP - port: 443 - targetPort: 80 - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: contour - topologyKey: kubernetes.io/hostname + enabled: false # # SPARKOPERATOR @@ -267,6 +214,16 @@ pytorchoperator: # common: + ingress: + host: flyte.example.com + annotations: + # aws-load-balancer-controller v2.1 or higher is required - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.1/ + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: flyte-ingress + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' databaseSecret: name: db-pass secretManifest: