From a9f04bac30a2cef7cf8429c2328b2433494fdc43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Brunk?= Date: Wed, 31 Mar 2021 14:16:45 +0200 Subject: [PATCH] Helm - Update EKS Ingress MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use default Docker images in EKS Helm values. Based on the following kustomize changes: - 4e0eed69 Update EKS Ingress and Instructions (#825) Signed-off-by: Sören Brunk --- helm/Chart.yaml | 1 + helm/templates/common/ingress.yaml | 285 +++++++++++++++++++---------- helm/values-eks.yaml | 48 ++--- helm/values-gcp.yaml | 9 + helm/values-sandbox.yaml | 6 +- helm/values.yaml | 22 ++- 6 files changed, 239 insertions(+), 132 deletions(-) diff --git a/helm/Chart.yaml b/helm/Chart.yaml index efbd9675f31..b66ba74db3f 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -17,3 +17,4 @@ dependencies: - name: kubernetes-dashboard version: 4.0.2 repository: https://kubernetes.github.io/dashboard/ + condition: kubernetes-dashboard.enabled diff --git a/helm/templates/common/ingress.yaml b/helm/templates/common/ingress.yaml index 6bbf9f10e71..934f360e809 100644 --- a/helm/templates/common/ingress.yaml +++ b/helm/templates/common/ingress.yaml @@ -1,114 +1,207 @@ {{- if .Values.common.ingress.enabled }} - -{{- if .Values.contour.enabled }} ---- -apiVersion: extensions/v1beta1 +# HTTP Routes +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ template "flyte.name" . }} namespace: {{ template "flyte.namespace" . }} + annotations: {{- with .Values.common.ingress.annotations }} - annotations: {{ toYaml . | nindent 4}} + {{ toYaml . | nindent 4}} + {{- end }} + {{- with .Values.common.ingress.httpAnnotations }} + {{ toYaml . | nindent 4}} {{- end }} spec: rules: - - http: - paths: - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /console - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /api - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /healthcheck - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1 - - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService - - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi - -{{- else }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "flyte.name" . }}-http1 - namespace: {{ template "flyte.namespace" . }} - annotations: - alb.ingress.kubernetes.io/backend-protocol-version: HTTP1 - {{- with .Values.common.ingress.annotations }} - {{- toYaml . | nindent 4}} - {{- end }} -spec: - rules: - - {{- with .Values.common.ingress.host }} - host: {{ . }} - {{- end }} - http: - paths: - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /console* - - backend: - serviceName: flyteconsole - servicePort: 80 - path: /__webpack_hmr* - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /api* - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /healthcheck* - - backend: - serviceName: flyteadmin - servicePort: 80 - path: /v1* - - backend: - serviceName: flyteadmin - servicePort: 87 - path: /openapi* + - http: + paths: + {{- if eq .Values.common.ingress.controllerType "ALB" }} + - path: /* + pathType: ImplementationSpecific + backend: + service: + name: ssl-redirect + port: + name: use-annotation + {{- end }} + # This is useful only for frontend development + {{- if .Values.common.ingress.webpackHMR }} + - path: /__webpack_hmr + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + {{- end }} + # Port 87 in FlyteAdmin maps to the redoc container. + - path: /openapi + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 87 + # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml + - path: /console + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /console/* + pathType: ImplementationSpecific + backend: + service: + name: flyteconsole + port: + number: 80 + - path: /api + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /api/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /healthcheck + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /v1/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + # Port 87 in FlyteAdmin maps to the redoc container. + - path: /openapi/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /.well-known/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /login/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /logout/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /callback/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /me + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + - path: /config/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 80 + {{- with .Values.common.ingress.host }} + host: {{ . }} + {{- end }} --- -apiVersion: extensions/v1beta1 +# GRPC Routes +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ template "flyte.name" . }}-grpc namespace: {{ template "flyte.namespace" . }} annotations: - alb.ingress.kubernetes.io/backend-protocol-version: GRPC - {{- with .Values.common.ingress.annotations }} - {{- toYaml . | nindent 4}} - {{- end }} + {{- with .Values.common.ingress.annotations }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with .Values.common.ingress.grpcAnnotations }} + {{- toYaml . | nindent 4}} + {{- end }} spec: rules: - - {{- with .Values.common.ingress.host }} - host: {{ . }} - {{- end }} - http: - paths: - - backend: - serviceName: flyteadmin - servicePort: 81 - path: /flyteidl.service.AdminService* - -{{- end }} - + - http: + paths: + # NOTE: Port 81 in flyteadmin is the GRPC server port for + # FlyteAdmin. + - path: /flyteidl.service.AdminService + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 81 + - path: /flyteidl.service.AdminService/* + pathType: ImplementationSpecific + backend: + service: + name: flyteadmin + port: + number: 81 + {{- with .Values.common.ingress.host }} + host: {{ . }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/helm/values-eks.yaml b/helm/values-eks.yaml index 2cdb3d29abd..16f7399bb05 100644 --- a/helm/values-eks.yaml +++ b/helm/values-eks.yaml @@ -5,10 +5,6 @@ flyteadmin: replicaCount: 2 - image: - repository: docker.io/lyft/flyteadmin - tag: v0.3.7 - pullPolicy: IfNotPresent # IAM role for SA: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html serviceAccountAnnotations: @@ -43,10 +39,6 @@ flyteadmin: datacatalog: replicaCount: 2 - image: - repository: docker.io/lyft/datacatalog - tag: v0.2.2 - pullPolicy: IfNotPresent # IAM role for SA: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html serviceAccountAnnotations: @@ -82,10 +74,6 @@ datacatalog: flytepropeller: replicaCount: 2 - image: - repository: docker.io/lyft/flytepropeller - tag: v0.4.2 - pullPolicy: IfNotPresent # IAM role for SA: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html serviceAccountAnnotations: @@ -115,10 +103,6 @@ flytepropeller: flyteconsole: replicaCount: 2 - image: - repository: docker.io/lyft/flyteconsole - tag: v0.12.1 - pullPolicy: IfNotPresent resources: limits: cpu: 250m @@ -141,10 +125,6 @@ flyteconsole: redis: enabled: true replicaCount: 1 - image: - repository: docker.io/bitnami/redis - tag: 4.0.2-r1 - pullPolicy: IfNotPresent resources: requests: cpu: 100m @@ -219,11 +199,21 @@ common: annotations: # aws-load-balancer-controller v2.1 or higher is required - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.1/ kubernetes.io/ingress.class: alb - alb.ingress.kubernetes.io/group.name: flyte-ingress - alb.ingress.kubernetes.io/scheme: internal - alb.ingress.kubernetes.io/target-type: ip - alb.ingress.kubernetes.io/backend-protocol: HTTP - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' + alb.ingress.kubernetes.io/tags: service_instance=production + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + # Instruct ALB Controller to not create multiple load balancers (and hence maintain a single endpoint for both GRPC and Http) + alb.ingress.kubernetes.io/group.name: flytesystem + # Replace certificate Arn with one deployed to your EKS cluster. Follow instructions in README.md + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:111111111111:certificate/e92fefd8-6197-4249-a524-431d611c9af6 + # --- Extra Ingress annotations applied only to the HTTP ingress. + httpAnnotations: + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + # --- Extra Ingress annotations applied only to the GRPC ingress. + grpcAnnotations: + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + controllerType: "ALB" databaseSecret: name: db-pass secretManifest: @@ -410,14 +400,6 @@ configmap: writer: maxItems: 10000 - copilot: - plugins: - k8s: - co-pilot: - name: flyte-copilot- - image: docker.io/lyft/flytecopilot:v0.3.35 - start-timeout: 30s - core: propeller: rawoutput-prefix: s3://s3-bucket-for-flyte/ diff --git a/helm/values-gcp.yaml b/helm/values-gcp.yaml index 31d305c7a16..330d59200e3 100644 --- a/helm/values-gcp.yaml +++ b/helm/values-gcp.yaml @@ -1,3 +1,12 @@ +# +# COMMON +# + +common: + databaseSecret: {} + ingress: + controllerType: "GKE" + # # CONFIGMAPS # diff --git a/helm/values-sandbox.yaml b/helm/values-sandbox.yaml index b4324a194f5..f9ba146d78f 100644 --- a/helm/values-sandbox.yaml +++ b/helm/values-sandbox.yaml @@ -77,6 +77,7 @@ pytorchoperator: # KUBERNETES DASHBOARD # kubernetes-dashboard: + enabled: true extraArgs: - --enable-skip-login - --enable-insecure-login @@ -92,7 +93,10 @@ kubernetes-dashboard: common: databaseSecret: {} - ingress: {} + ingress: + # enable HMR route to flyteconsole for frontend development. + webpackHMR: true + controllerType: "contour" flyteNamespaceTemplate: {} # diff --git a/helm/values.yaml b/helm/values.yaml index 02bce6577ec..c9eaa8dda15 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -348,6 +348,13 @@ pytorchoperator: # -- affinity for Pytorchoperator deployment affinity: {} +# +# KUBERNETES DASHBOARD +# + +kubernetes-dashboard: + enabled: false + # # COMMON SETTINGS # @@ -359,12 +366,23 @@ common: # -- Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See https://github.com/godaddy/kubernetes-external-secrets secretManifest: {} ingress: - # --- enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. + # --- Enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. enabled: true + # --- Enable or disable HMR route to flyteconsole. This is useful only for frontend development. + webpackHMR: false + # --- Ingress annotations applied to both HTTP and GRPC ingresses. annotations: nginx.ingress.kubernetes.io/ssl-redirect: "false" + # --- Extra Ingress annotations applied only to the HTTP ingress. + httpAnnotations: {} + # --- Extra Ingress annotations applied only to the GRPC ingress. + grpcAnnotations: {} + # --- Ingress hostname + # host: + # --- controllerType defines the ingress controller type. Currently supported values are "contour", "ALB" or "GKE" + # controllerType: flyteNamespaceTemplate: - # --- enable or disable creating Flyte namespace in template. Enable when using helm as template-engine only. Disable when using `helm install ...`. + # --- Enable or disable creating Flyte namespace in template. Enable when using helm as template-engine only. Disable when using `helm install ...`. enabled: false #