Skip to content

Commit

Permalink
add first version of gke-starter values file (flyteorg#5026)
Browse files Browse the repository at this point in the history
* add first version of gke-starter values file

Signed-off-by: Cornelis Boon <[email protected]>

* remove AWS metadata env var, add service account annotations, update templateUri

Signed-off-by: Cornelis Boon <[email protected]>

* let user fill in GCP project ID in templateUri

Signed-off-by: Cornelis Boon <[email protected]>

* add link to GCP workload identity configuration

Signed-off-by: Cornelis Boon <[email protected]>

* run make helm

Signed-off-by: Cornelis Boon <[email protected]>

* bump flyte-binary chart version to v0.1.11

Signed-off-by: Cornelis Boon <[email protected]>

* Revert "bump flyte-binary chart version to v0.1.11"

This reverts commit ddfe840.

Signed-off-by: Cornelis Boon <[email protected]>

* add default configuration to allow scheduling on gpu nodes in GKE

Signed-off-by: Cornelis Boon <[email protected]>

* add default gpu-partition-size label to allow scheduling on multi-instance GPUs in GKE

Signed-off-by: Cornelis Boon <[email protected]>

* run make helm

Signed-off-by: Cornelis Boon <[email protected]>

* fix linting errors

Signed-off-by: Cornelis Boon <[email protected]>

---------

Signed-off-by: Cornelis Boon <[email protected]>
  • Loading branch information
cjidboon94 authored and yubofredwang committed Mar 26, 2024
1 parent bf71c60 commit a76eca9
Show file tree
Hide file tree
Showing 5 changed files with 153 additions and 6 deletions.
1 change: 1 addition & 0 deletions charts/flyte-binary/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)

version: v0.1.10 # VERSION

# This is the version number of the application being deployed. This version number should be
Expand Down
146 changes: 146 additions & 0 deletions charts/flyte-binary/gke-starter.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
# configuration Specify configuration for Flyte
configuration:
# database Specify configuration for Flyte's database connection
database:
# username Name for user to connect to database as
username: postgres
# password Password to connect to database with
# If set, a Secret will be created with this value and mounted to Flyte pod
password: ""
# host Hostname of database instance
host: 127.0.0.1
# dbname Name of database to use
dbname: flyteadmin
# storage Specify configuration for object store
storage:
# metadataContainer Bucket to store Flyte metadata
metadataContainer: "my-organization-flyte-container"
# userDataContainer Bucket to store Flyte user data
userDataContainer: "my-organization-flyte-container"
# provider Object store provider (Supported values: s3, gcs)
provider: gcs
# providerConfig Additional object store provider-specific configuration
providerConfig:
# gcs Provider configuration for GCS object store
gcs:
# project Google Cloud project in which bucket resides
project: "my-organization-gcp-project"
# logging Specify configuration for logs emitted by Flyte
logging:
# level Set the log level
level: 5
# plugins Specify additional logging plugins
plugins:
# stackdriver Configure logging plugin to have logs visible in StackDriver
stackdriver:
enabled: true
templateUri: |
"https://console.cloud.google.com/logs/query;query=resource.labels.namespace_name%3D%22{{.namespace}}%22%0Aresource.labels.pod_name%3D%22{{.podName}}%22%0Aresource.labels.container_name%3D%22{{.containerName}}%22?project=<GCP_PROJECT_ID>&angularJsUrl=%2Flogs%2Fviewer%3Fproject%3D<GCP_PROJECT_ID>"
# auth Specify configuration for Flyte authentication
auth:
# enabled Enable Flyte authentication
enabled: false
# oidc OIDC configuration for Flyte authentication
oidc:
# baseUrl URL for OIDC provider
baseUrl: ""
# clientId Flyte application client ID
clientId: ""
# clientSecret Flyte application client secret
clientSecret: ""
# internal Configuration for internal authentication
# The settings for internal still need to be defined if you wish to use an external auth server
# These credentials are used during communication between the FlyteAdmin and Propeller microservices
internal:
# clientId Client ID for internal authentication - set to flytepropeller or external auth server
clientId: flytepropeller
# clientSecret Client secret for internal authentication
clientSecret: ""
# clientSecretHash Bcrypt hash of clientSecret
clientSecretHash: ""
# authorizedUris Set of URIs that clients are allowed to visit the service on
authorizedUris: []

# inline Specify additional configuration or overrides for Flyte, to be merged with the base configuration
inline:
#This section automates the IAM Role annotation for the default KSA on each project namespace to enable IRSA
#Learn more: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
cluster_resources:
customData:
- production:
- defaultIamServiceAccount:
value: <FLYTE_IAM_SA_EMAIL>
- staging:
- defaultIamServiceAccount:
value: <FLYTE_IAM_SA_EMAIL>
- development:
- defaultIamServiceAccount:
value: <FLYTE_IAM_SA_EMAIL>
plugins:
k8s:
inject-finalizer: true
gpu-device-node-label: cloud.google.com/gke-accelerator
gpu-partition-size-node-label: cloud.google.com/gke-gpu-partition-size
resource-tolerations:
- nvidia.com/gpu:
- key: "nvidia.com/gpu"
operator: "Equal"
value: "present"
effect: "NoSchedule"
# Configuration for the Datacatalog engine, used when caching is enabled
# Learn more: https://docs.flyte.org/en/latest/deployment/configuration/generated/datacatalog_config.html
storage:
cache:
max_size_mbs: 10
target_gc_percent: 100
tasks:
task-plugins:
enabled-plugins:
- container
- sidecar
- K8S-ARRAY #used for MapTasks
default-for-task-types:
- container: container
- container_array: K8S-ARRAY

# clusterResourceTemplates Specify templates for Kubernetes resources that should be created for new Flyte projects
clusterResourceTemplates:
# inline Specify additional cluster resource templates, to be merged with the base configuration
inline:
#This section automates the creation of the project-domain namespaces
001_namespace.yaml: |
apiVersion: v1
kind: Namespace
metadata:
name: '{{ namespace }}'
# This block performs the automated annotation of KSAs across all project-domain namespaces. Make sure to bind the KSA to the GSA after KSAs are created: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to
002_serviceaccount.yaml: |
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: '{{ namespace }}'
annotations:
iam.gke.io/gcp-service-account: '{{ defaultIamServiceAccount }}'
# serviceAccount Configure Flyte ServiceAccount
serviceAccount:
# create Create ServiceAccount for Flyte
create: true
#Automates annotation of default flyte-binary KSA. Make sure to bind the KSA to the GSA: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to
annotations:
iam.gke.io/gcp-service-account: <FLYTE_IAM_SA_EMAIL>
# rbac Configure Kubernetes RBAC for Flyte
rbac:
# create Create ClusterRole and ClusterRoleBinding resources
create: true
# extraRules Add additional rules to the ClusterRole
extraRules:
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- patch
4 changes: 2 additions & 2 deletions docker/sandbox-bundled/manifests/complete-agent.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -816,7 +816,7 @@ type: Opaque
---
apiVersion: v1
data:
haSharedSecret: allvNmJ4bUxTcVo2Z0lObw==
haSharedSecret: QWVsREJpZnlIR2N1UXJSMg==
proxyPassword: ""
proxyUsername: ""
kind: Secret
Expand Down Expand Up @@ -1412,7 +1412,7 @@ spec:
metadata:
annotations:
checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
checksum/secret: 7e2eea3d2c604971389c67f39e7d553b6329ea37af5254119febf0a125e55e64
checksum/secret: 6eadd3a29b61a78cf3a7712f3370a10fc0ec1a61c40753a48c7fa8bea69a6ec6
labels:
app: docker-registry
release: flyte-sandbox
Expand Down
4 changes: 2 additions & 2 deletions docker/sandbox-bundled/manifests/complete.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -796,7 +796,7 @@ type: Opaque
---
apiVersion: v1
data:
haSharedSecret: d2Fqb3NpcVh5a1JUaGR4Vg==
haSharedSecret: NmtkWjAwUWhadWlzb0xNcA==
proxyPassword: ""
proxyUsername: ""
kind: Secret
Expand Down Expand Up @@ -1360,7 +1360,7 @@ spec:
metadata:
annotations:
checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
checksum/secret: 087a8de1fb03ba21b367df5aa3a47d77ec2acbdeb9b6d2fa66c0caa04c304246
checksum/secret: 98727a2bd78c4e88ef413663ebff406f78c8fdbda001f7ba7b6b784934cd4d4a
labels:
app: docker-registry
release: flyte-sandbox
Expand Down
4 changes: 2 additions & 2 deletions docker/sandbox-bundled/manifests/dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -499,7 +499,7 @@ metadata:
---
apiVersion: v1
data:
haSharedSecret: WGtoeXNQV2FrV0lGeWJMeg==
haSharedSecret: WG01UkdoN2dNTzBMRjJDVA==
proxyPassword: ""
proxyUsername: ""
kind: Secret
Expand Down Expand Up @@ -934,7 +934,7 @@ spec:
metadata:
annotations:
checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
checksum/secret: 63c7525d8f4e16616715d985d9581611a83fe095e65b51cc25c61f9009f595da
checksum/secret: 5400c48803b4ae9d08115e0f52f00245498c0b06d11d318a36590b01f91e2753
labels:
app: docker-registry
release: flyte-sandbox
Expand Down

0 comments on commit a76eca9

Please sign in to comment.