From 3e480d9bb1f4d65430ece99dcac7285b49afd1ef Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Thu, 7 Dec 2023 13:05:33 -0500 Subject: [PATCH 1/3] Add support for ingressClassName Signed-off-by: davidmirror-ops --- charts/flyte-core/templates/common/ingress.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/flyte-core/templates/common/ingress.yaml b/charts/flyte-core/templates/common/ingress.yaml index 19fd66563e..d366c42c9b 100644 --- a/charts/flyte-core/templates/common/ingress.yaml +++ b/charts/flyte-core/templates/common/ingress.yaml @@ -459,7 +459,6 @@ spec: - {{ tpl (toYaml .Values.common.ingress.host) $ }} {{ end }} - {{- if .Values.common.ingress.separateGrpcIngress }} # Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only # enabled on the ingress object, not on backend services (GRPC annotation is set on the ingress, not on the services). @@ -481,6 +480,9 @@ metadata: {{- toYaml . | nindent 4}} {{- end }} spec: + {{- if .Values.common.ingress.ingressClassName }} + ingressClassName: {{ .Values.common.ingress.ingressClassName | quote }} + {{- end }} rules: - host: {{ tpl (toYaml .Values.common.ingress.host) $ }} http: From 915c44a035356cb1d3cdfa3eb56bb20462bb5956 Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Thu, 7 Dec 2023 13:15:17 -0500 Subject: [PATCH 2/3] Add default values Signed-off-by: davidmirror-ops --- charts/flyte-core/README.md | 1 + charts/flyte-core/values-eks.yaml | 2 +- charts/flyte-core/values-gcp.yaml | 2 +- charts/flyte-core/values.yaml | 3 +++ 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 4610da1009..4bf50fa85f 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -74,6 +74,7 @@ helm install gateway bitnami/contour -n flyte | common.databaseSecret.name | string | `""` | Specify name of K8s Secret which contains Database password. Leave it empty if you don't need this Secret | | common.databaseSecret.secretManifest | object | `{}` | Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See https://github.com/godaddy/kubernetes-external-secrets | | common.flyteNamespaceTemplate.enabled | bool | `false` | - Enable or disable creating Flyte namespace in template. Enable when using helm as template-engine only. Disable when using `helm install ...`. | +|common.ingress.ingressClassName | string | `""` | | common.ingress.albSSLRedirect | bool | `false` | - albSSLRedirect adds a special route for ssl redirect. Only useful in combination with the AWS LoadBalancer Controller. | | common.ingress.annotations | object | `{"nginx.ingress.kubernetes.io/app-root":"/console"}` | - Ingress annotations applied to both HTTP and GRPC ingresses. | | common.ingress.enabled | bool | `true` | - Enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. | diff --git a/charts/flyte-core/values-eks.yaml b/charts/flyte-core/values-eks.yaml index 7b7ca446f5..f2bf99b2a2 100644 --- a/charts/flyte-core/values-eks.yaml +++ b/charts/flyte-core/values-eks.yaml @@ -132,12 +132,12 @@ flyteconsole: common: ingress: + ingressClassName: alb albSSLRedirect: true separateGrpcIngress: true annotations: # -- aws-load-balancer-controller v2.1 or higher is required - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.1/ # For EKS if using [ALB](https://kubernetes-sigs.github.io/aws-load-balancer-controller/guide/ingress/annotations/), these annotations are set - kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip diff --git a/charts/flyte-core/values-gcp.yaml b/charts/flyte-core/values-gcp.yaml index 1a53510062..09f992e778 100644 --- a/charts/flyte-core/values-gcp.yaml +++ b/charts/flyte-core/values-gcp.yaml @@ -150,11 +150,11 @@ workflow_notifications: common: ingress: + ingressClassName: nginx host: "{{ .Values.userSettings.hostName }}" tls: enabled: true annotations: - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "true" cert-manager.io/issuer: "letsencrypt-production" # --- separateGrpcIngress puts GRPC routes into a separate ingress if true. Required for certain ingress controllers like nginx. diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 7ad1707e89..09dc3b8c68 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -382,6 +382,9 @@ common: ingress: # --- Enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. enabled: true + # --- Specify the IngressClass corresponding to your Ingress controller. This is useful for automated certificate generation, among other use cases. + # --- https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers + ingressClassName: "" # --- Enable or disable HMR route to flyteconsole. This is useful only for frontend development. webpackHMR: false # --- separateGrpcIngress puts GRPC routes into a separate ingress if true. Required for certain ingress controllers like nginx. From c0b75cf8551808f8492f762e6c31f6a70615a7a3 Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Thu, 7 Dec 2023 13:51:42 -0500 Subject: [PATCH 3/3] make helm Signed-off-by: davidmirror-ops --- charts/flyte-binary/eks-production.yaml | 6 +++--- charts/flyte-core/README.md | 4 ++-- deployment/eks/flyte_aws_scheduler_helm_generated.yaml | 3 +-- deployment/eks/flyte_helm_controlplane_generated.yaml | 3 +-- deployment/eks/flyte_helm_dataplane_generated.yaml | 3 +-- deployment/eks/flyte_helm_generated.yaml | 3 +-- deployment/gcp/flyte_helm_controlplane_generated.yaml | 3 +-- deployment/gcp/flyte_helm_dataplane_generated.yaml | 3 +-- deployment/gcp/flyte_helm_generated.yaml | 3 +-- 9 files changed, 12 insertions(+), 19 deletions(-) diff --git a/charts/flyte-binary/eks-production.yaml b/charts/flyte-binary/eks-production.yaml index 2db827b804..2b2e44bd25 100644 --- a/charts/flyte-binary/eks-production.yaml +++ b/charts/flyte-binary/eks-production.yaml @@ -2,7 +2,8 @@ configuration: database: password: host: - dbname: app + username: + dbname: flyteadmin storage: metadataContainer: userDataContainer: @@ -126,8 +127,7 @@ clusterResourceTemplates: namespace: '{{ namespace }}' ingress: create: true - commonAnnotations: - kubernetes.io/ingress.class: nginx + ingressClassName: nginx httpAnnotations: nginx.ingress.kubernetes.io/app-root: /console grpcAnnotations: diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 4bf50fa85f..99bd552031 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -70,14 +70,14 @@ helm install gateway bitnami/contour -n flyte | cluster_resource_manager.service_account_name | string | `"flyteadmin"` | Service account name to run with | | cluster_resource_manager.templates | list | `[{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"},{"key":"ab_project_resource_quota","value":"apiVersion: v1\nkind: ResourceQuota\nmetadata:\n name: project-quota\n namespace: {{ namespace }}\nspec:\n hard:\n limits.cpu: {{ projectQuotaCpu }}\n limits.memory: {{ projectQuotaMemory }}\n"}]` | Resource templates that should be applied | | cluster_resource_manager.templates[0] | object | `{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"}` | Template for namespaces resources | -| common | object | `{"databaseSecret":{"name":"","secretManifest":{}},"flyteNamespaceTemplate":{"enabled":false},"ingress":{"albSSLRedirect":false,"annotations":{"nginx.ingress.kubernetes.io/app-root":"/console"},"enabled":true,"separateGrpcIngress":false,"separateGrpcIngressAnnotations":{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"},"tls":{"enabled":false},"webpackHMR":false}}` | ---------------------------------------------- COMMON SETTINGS | +| common | object | `{"databaseSecret":{"name":"","secretManifest":{}},"flyteNamespaceTemplate":{"enabled":false},"ingress":{"albSSLRedirect":false,"annotations":{"nginx.ingress.kubernetes.io/app-root":"/console"},"enabled":true,"ingressClassName":"","separateGrpcIngress":false,"separateGrpcIngressAnnotations":{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"},"tls":{"enabled":false},"webpackHMR":false}}` | ---------------------------------------------- COMMON SETTINGS | | common.databaseSecret.name | string | `""` | Specify name of K8s Secret which contains Database password. Leave it empty if you don't need this Secret | | common.databaseSecret.secretManifest | object | `{}` | Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See https://github.com/godaddy/kubernetes-external-secrets | | common.flyteNamespaceTemplate.enabled | bool | `false` | - Enable or disable creating Flyte namespace in template. Enable when using helm as template-engine only. Disable when using `helm install ...`. | -|common.ingress.ingressClassName | string | `""` | | common.ingress.albSSLRedirect | bool | `false` | - albSSLRedirect adds a special route for ssl redirect. Only useful in combination with the AWS LoadBalancer Controller. | | common.ingress.annotations | object | `{"nginx.ingress.kubernetes.io/app-root":"/console"}` | - Ingress annotations applied to both HTTP and GRPC ingresses. | | common.ingress.enabled | bool | `true` | - Enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. | +| common.ingress.ingressClassName | string | `""` | - https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers | | common.ingress.separateGrpcIngress | bool | `false` | - separateGrpcIngress puts GRPC routes into a separate ingress if true. Required for certain ingress controllers like nginx. | | common.ingress.separateGrpcIngressAnnotations | object | `{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"}` | - Extra Ingress annotations applied only to the GRPC ingress. Only makes sense if `separateGrpcIngress` is enabled. | | common.ingress.tls | object | `{"enabled":false}` | - Ingress hostname host: | diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index a05c6869df..e4802acaf6 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -1391,7 +1391,6 @@ metadata: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console spec: rules: @@ -1558,11 +1557,11 @@ metadata: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console alb.ingress.kubernetes.io/backend-protocol-version: GRPC nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: "alb" rules: - host: null http: diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index 323176fea1..73c5ce8dd0 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -1019,7 +1019,6 @@ metadata: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console spec: rules: @@ -1186,11 +1185,11 @@ metadata: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console alb.ingress.kubernetes.io/backend-protocol-version: GRPC nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: "alb" rules: - host: null http: diff --git a/deployment/eks/flyte_helm_dataplane_generated.yaml b/deployment/eks/flyte_helm_dataplane_generated.yaml index 4fc4767953..2e18fb22c9 100644 --- a/deployment/eks/flyte_helm_dataplane_generated.yaml +++ b/deployment/eks/flyte_helm_dataplane_generated.yaml @@ -588,7 +588,6 @@ metadata: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console spec: rules: @@ -755,11 +754,11 @@ metadata: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console alb.ingress.kubernetes.io/backend-protocol-version: GRPC nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: "alb" rules: - host: null http: diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index 1139ce2fbc..bec1a7df24 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -1510,7 +1510,6 @@ metadata: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console spec: rules: @@ -1677,11 +1676,11 @@ metadata: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/target-type: ip - kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console alb.ingress.kubernetes.io/backend-protocol-version: GRPC nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: "alb" rules: - host: null http: diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 27d1319bf4..acfd10a9ef 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -1027,7 +1027,6 @@ metadata: namespace: flyte annotations: cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: @@ -1186,11 +1185,11 @@ metadata: namespace: flyte annotations: cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: "nginx" rules: - host: '' http: diff --git a/deployment/gcp/flyte_helm_dataplane_generated.yaml b/deployment/gcp/flyte_helm_dataplane_generated.yaml index 458d10a150..d3144bc752 100644 --- a/deployment/gcp/flyte_helm_dataplane_generated.yaml +++ b/deployment/gcp/flyte_helm_dataplane_generated.yaml @@ -588,7 +588,6 @@ metadata: namespace: flyte annotations: cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: @@ -747,11 +746,11 @@ metadata: namespace: flyte annotations: cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: "nginx" rules: - host: '' http: diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index ac06058686..fa3f37eb24 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -1525,7 +1525,6 @@ metadata: namespace: flyte annotations: cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: @@ -1684,11 +1683,11 @@ metadata: namespace: flyte annotations: cert-manager.io/issuer: letsencrypt-production - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: "nginx" rules: - host: '' http: