Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pod Webhook deployment & Doc #857

Merged
merged 14 commits into from
Mar 24, 2021
Merged

Pod Webhook deployment & Doc #857

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
35dacc5
update tutorials header text (#841)
cosmicBboy Mar 18, 2021
ded6b3b
Update run_on_flyte.rst (#846)
SandraGH5 Mar 19, 2021
13cb07f
Add webhook deployment
EngHabu Mar 12, 2021
f7e2220
update
EngHabu Mar 15, 2021
d9bc0fd
add webhook deployment
EngHabu Mar 23, 2021
8ec9227
Add webhook deployment
EngHabu Mar 12, 2021
6abf16c
update
EngHabu Mar 15, 2021
6973900
regen
EngHabu Mar 23, 2021
3395058
Deploy sample secret
EngHabu Mar 23, 2021
5122222
Add doc for secrets
EngHabu Mar 23, 2021
d1c0741
Update secrets.rst
SandraGH5 Mar 23, 2021
d497a1f
limit permissions
EngHabu Mar 23, 2021
709f13f
plural
EngHabu Mar 24, 2021
c91fedd
Update docs
EngHabu Mar 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
164 changes: 158 additions & 6 deletions deployment/eks/flyte_generated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7610,6 +7610,12 @@ metadata:
---
apiVersion: v1
kind: ServiceAccount
metadata:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @anandswaminathan this should not impact Lyft, but this is a new dependency, that if you want to use secrets in flytekit declaration then you have to enable

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ohhh

name: flyte-pod-webhook
namespace: flyte
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::111222333456:role/flyte-operator
Expand Down Expand Up @@ -7641,6 +7647,25 @@ metadata:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: flyte-pod-webhook
namespace: flyte
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: flyteadmin
namespace: flyte
Expand Down Expand Up @@ -7892,6 +7917,20 @@ rules:
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: flyte-pod-webhook
namespace: flyte
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flyte-pod-webhook
subjects:
- kind: ServiceAccount
name: flyte-pod-webhook
namespace: flyte
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
Expand Down Expand Up @@ -8391,6 +8430,22 @@ spec:
---
apiVersion: v1
kind: Service
metadata:
annotations:
projectcontour.io/upstream-protocol.h2c: grpc
name: flyte-pod-webhook
namespace: flyte
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: 9443
selector:
app: flyte-pod-webhook
---
apiVersion: v1
kind: Service
metadata:
annotations:
external-dns.alpha.kubernetes.io/hostname: flyteadmin.subdomain.mydomain.com
Expand Down Expand Up @@ -8577,6 +8632,63 @@ spec:
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: flyte-pod-webhook
name: flyte-pod-webhook
namespace: flyte
spec:
selector:
matchLabels:
app: flyte-pod-webhook
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
labels:
app: flyte-pod-webhook
app.kubernetes.io/name: flyte-pod-webhook
app.kubernetes.io/version: 0.5.13
spec:
containers:
- args:
- webhook
- --config
- /etc/flyte/config/*.yaml
command:
- flytepropeller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/flyteorg/flytepropeller:v0.7.8
imagePullPolicy: IfNotPresent
name: webhook
volumeMounts:
- mountPath: /etc/flyte/config
name: config-volume
readOnly: true
- mountPath: /etc/webhook/certs
name: webhook-certs
readOnly: true
serviceAccountName: flyte-pod-webhook
volumes:
- configMap:
name: flyte-propeller-config-ct29cf4cch
name: config-volume
- name: webhook-certs
secret:
secretName: flyte-pod-webhook
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: flyteadmin
Expand Down Expand Up @@ -8604,7 +8716,7 @@ spec:
- --config
- /etc/flyte/config/*.yaml
- serve
image: ghcr.io/flyteorg/flyteadmin:v0.3.38
image: ghcr.io/flyteorg/flyteadmin:v0.4.0
imagePullPolicy: IfNotPresent
name: flyteadmin
ports:
Expand Down Expand Up @@ -8649,7 +8761,7 @@ spec:
- /etc/flyte/config/*.yaml
- migrate
- run
image: ghcr.io/flyteorg/flyteadmin:v0.3.38
image: ghcr.io/flyteorg/flyteadmin:v0.4.0
imagePullPolicy: IfNotPresent
name: run-migrations
volumeMounts:
Expand All @@ -8666,7 +8778,7 @@ spec:
- flytesnacks
- flytetester
- flyteexamples
image: ghcr.io/flyteorg/flyteadmin:v0.3.38
image: ghcr.io/flyteorg/flyteadmin:v0.4.0
imagePullPolicy: IfNotPresent
name: seed-projects
volumeMounts:
Expand All @@ -8680,7 +8792,7 @@ spec:
- /etc/flyte/config/*.yaml
- clusterresource
- sync
image: ghcr.io/flyteorg/flyteadmin:v0.3.38
image: ghcr.io/flyteorg/flyteadmin:v0.4.0
imagePullPolicy: IfNotPresent
name: sync-cluster-resources
volumeMounts:
Expand Down Expand Up @@ -8771,7 +8883,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: ghcr.io/flyteorg/flytepropeller:v0.7.1
image: ghcr.io/flyteorg/flytepropeller:v0.7.8
imagePullPolicy: IfNotPresent
name: flytepropeller
ports:
Expand Down Expand Up @@ -8958,7 +9070,7 @@ spec:
- /etc/flyte/config/*.yaml
- clusterresource
- sync
image: ghcr.io/flyteorg/flyteadmin:v0.3.38
image: ghcr.io/flyteorg/flyteadmin:v0.4.0
imagePullPolicy: IfNotPresent
name: sync-cluster-resources
volumeMounts:
Expand All @@ -8984,6 +9096,46 @@ spec:
---
apiVersion: batch/v1
kind: Job
metadata:
name: flyte-pod-webhook-secret
namespace: flyte
spec:
backoffLimit: 3
template:
spec:
containers:
- args:
- webhook
- init-certs
- --config
- /etc/flyte/config/*.yaml
command:
- flytepropeller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/flyteorg/flytepropeller:v0.7.8
imagePullPolicy: IfNotPresent
name: webhook
volumeMounts:
- mountPath: /etc/flyte/config
name: config-volume
restartPolicy: Never
serviceAccountName: flyte-pod-webhook
volumes:
- configMap:
name: flyte-propeller-config-ct29cf4cch
name: config-volume
ttlSecondsAfterFinished: 0
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/name: sparkoperator
Expand Down
Loading