forked from flyteorg/flyte
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add first version of gke-starter values file (flyteorg#5026)
* add first version of gke-starter values file Signed-off-by: Cornelis Boon <[email protected]> * remove AWS metadata env var, add service account annotations, update templateUri Signed-off-by: Cornelis Boon <[email protected]> * let user fill in GCP project ID in templateUri Signed-off-by: Cornelis Boon <[email protected]> * add link to GCP workload identity configuration Signed-off-by: Cornelis Boon <[email protected]> * run make helm Signed-off-by: Cornelis Boon <[email protected]> * bump flyte-binary chart version to v0.1.11 Signed-off-by: Cornelis Boon <[email protected]> * Revert "bump flyte-binary chart version to v0.1.11" This reverts commit ddfe840. Signed-off-by: Cornelis Boon <[email protected]> * add default configuration to allow scheduling on gpu nodes in GKE Signed-off-by: Cornelis Boon <[email protected]> * add default gpu-partition-size label to allow scheduling on multi-instance GPUs in GKE Signed-off-by: Cornelis Boon <[email protected]> * run make helm Signed-off-by: Cornelis Boon <[email protected]> * fix linting errors Signed-off-by: Cornelis Boon <[email protected]> --------- Signed-off-by: Cornelis Boon <[email protected]>
- Loading branch information
1 parent
bf71c60
commit a76eca9
Showing
5 changed files
with
153 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,146 @@ | ||
# configuration Specify configuration for Flyte | ||
configuration: | ||
# database Specify configuration for Flyte's database connection | ||
database: | ||
# username Name for user to connect to database as | ||
username: postgres | ||
# password Password to connect to database with | ||
# If set, a Secret will be created with this value and mounted to Flyte pod | ||
password: "" | ||
# host Hostname of database instance | ||
host: 127.0.0.1 | ||
# dbname Name of database to use | ||
dbname: flyteadmin | ||
# storage Specify configuration for object store | ||
storage: | ||
# metadataContainer Bucket to store Flyte metadata | ||
metadataContainer: "my-organization-flyte-container" | ||
# userDataContainer Bucket to store Flyte user data | ||
userDataContainer: "my-organization-flyte-container" | ||
# provider Object store provider (Supported values: s3, gcs) | ||
provider: gcs | ||
# providerConfig Additional object store provider-specific configuration | ||
providerConfig: | ||
# gcs Provider configuration for GCS object store | ||
gcs: | ||
# project Google Cloud project in which bucket resides | ||
project: "my-organization-gcp-project" | ||
# logging Specify configuration for logs emitted by Flyte | ||
logging: | ||
# level Set the log level | ||
level: 5 | ||
# plugins Specify additional logging plugins | ||
plugins: | ||
# stackdriver Configure logging plugin to have logs visible in StackDriver | ||
stackdriver: | ||
enabled: true | ||
templateUri: | | ||
"https://console.cloud.google.com/logs/query;query=resource.labels.namespace_name%3D%22{{.namespace}}%22%0Aresource.labels.pod_name%3D%22{{.podName}}%22%0Aresource.labels.container_name%3D%22{{.containerName}}%22?project=<GCP_PROJECT_ID>&angularJsUrl=%2Flogs%2Fviewer%3Fproject%3D<GCP_PROJECT_ID>" | ||
# auth Specify configuration for Flyte authentication | ||
auth: | ||
# enabled Enable Flyte authentication | ||
enabled: false | ||
# oidc OIDC configuration for Flyte authentication | ||
oidc: | ||
# baseUrl URL for OIDC provider | ||
baseUrl: "" | ||
# clientId Flyte application client ID | ||
clientId: "" | ||
# clientSecret Flyte application client secret | ||
clientSecret: "" | ||
# internal Configuration for internal authentication | ||
# The settings for internal still need to be defined if you wish to use an external auth server | ||
# These credentials are used during communication between the FlyteAdmin and Propeller microservices | ||
internal: | ||
# clientId Client ID for internal authentication - set to flytepropeller or external auth server | ||
clientId: flytepropeller | ||
# clientSecret Client secret for internal authentication | ||
clientSecret: "" | ||
# clientSecretHash Bcrypt hash of clientSecret | ||
clientSecretHash: "" | ||
# authorizedUris Set of URIs that clients are allowed to visit the service on | ||
authorizedUris: [] | ||
|
||
# inline Specify additional configuration or overrides for Flyte, to be merged with the base configuration | ||
inline: | ||
#This section automates the IAM Role annotation for the default KSA on each project namespace to enable IRSA | ||
#Learn more: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html | ||
cluster_resources: | ||
customData: | ||
- production: | ||
- defaultIamServiceAccount: | ||
value: <FLYTE_IAM_SA_EMAIL> | ||
- staging: | ||
- defaultIamServiceAccount: | ||
value: <FLYTE_IAM_SA_EMAIL> | ||
- development: | ||
- defaultIamServiceAccount: | ||
value: <FLYTE_IAM_SA_EMAIL> | ||
plugins: | ||
k8s: | ||
inject-finalizer: true | ||
gpu-device-node-label: cloud.google.com/gke-accelerator | ||
gpu-partition-size-node-label: cloud.google.com/gke-gpu-partition-size | ||
resource-tolerations: | ||
- nvidia.com/gpu: | ||
- key: "nvidia.com/gpu" | ||
operator: "Equal" | ||
value: "present" | ||
effect: "NoSchedule" | ||
# Configuration for the Datacatalog engine, used when caching is enabled | ||
# Learn more: https://docs.flyte.org/en/latest/deployment/configuration/generated/datacatalog_config.html | ||
storage: | ||
cache: | ||
max_size_mbs: 10 | ||
target_gc_percent: 100 | ||
tasks: | ||
task-plugins: | ||
enabled-plugins: | ||
- container | ||
- sidecar | ||
- K8S-ARRAY #used for MapTasks | ||
default-for-task-types: | ||
- container: container | ||
- container_array: K8S-ARRAY | ||
|
||
# clusterResourceTemplates Specify templates for Kubernetes resources that should be created for new Flyte projects | ||
clusterResourceTemplates: | ||
# inline Specify additional cluster resource templates, to be merged with the base configuration | ||
inline: | ||
#This section automates the creation of the project-domain namespaces | ||
001_namespace.yaml: | | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
name: '{{ namespace }}' | ||
# This block performs the automated annotation of KSAs across all project-domain namespaces. Make sure to bind the KSA to the GSA after KSAs are created: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to | ||
002_serviceaccount.yaml: | | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: default | ||
namespace: '{{ namespace }}' | ||
annotations: | ||
iam.gke.io/gcp-service-account: '{{ defaultIamServiceAccount }}' | ||
# serviceAccount Configure Flyte ServiceAccount | ||
serviceAccount: | ||
# create Create ServiceAccount for Flyte | ||
create: true | ||
#Automates annotation of default flyte-binary KSA. Make sure to bind the KSA to the GSA: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to | ||
annotations: | ||
iam.gke.io/gcp-service-account: <FLYTE_IAM_SA_EMAIL> | ||
# rbac Configure Kubernetes RBAC for Flyte | ||
rbac: | ||
# create Create ClusterRole and ClusterRoleBinding resources | ||
create: true | ||
# extraRules Add additional rules to the ClusterRole | ||
extraRules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- serviceaccounts | ||
verbs: | ||
- create | ||
- get | ||
- patch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters