diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 5a18ff8b7c8..a4518bb3ac7 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -73,13 +73,14 @@ helm install gateway bitnami/contour -n flyte | cluster_resource_manager.service_account_name | string | `"flyteadmin"` | Service account name to run with | | cluster_resource_manager.templates | list | `[{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"},{"key":"ab_project_resource_quota","value":"apiVersion: v1\nkind: ResourceQuota\nmetadata:\n name: project-quota\n namespace: {{ namespace }}\nspec:\n hard:\n limits.cpu: {{ projectQuotaCpu }}\n limits.memory: {{ projectQuotaMemory }}\n"}]` | Resource templates that should be applied | | cluster_resource_manager.templates[0] | object | `{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"}` | Template for namespaces resources | -| common | object | `{"databaseSecret":{"name":"","secretManifest":{}},"flyteNamespaceTemplate":{"enabled":false},"ingress":{"albSSLRedirect":false,"annotations":{"nginx.ingress.kubernetes.io/app-root":"/console"},"enabled":true,"separateGrpcIngress":false,"separateGrpcIngressAnnotations":{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"},"tls":{"enabled":false},"webpackHMR":false}}` | ---------------------------------------------- COMMON SETTINGS | +| common | object | `{"databaseSecret":{"name":"","secretManifest":{}},"flyteNamespaceTemplate":{"enabled":false},"ingress":{"albSSLRedirect":false,"annotations":{"nginx.ingress.kubernetes.io/app-root":"/console"},"enabled":true,"ingressClassName":null,"separateGrpcIngress":false,"separateGrpcIngressAnnotations":{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"},"tls":{"enabled":false},"webpackHMR":false}}` | ---------------------------------------------- COMMON SETTINGS | | common.databaseSecret.name | string | `""` | Specify name of K8s Secret which contains Database password. Leave it empty if you don't need this Secret | | common.databaseSecret.secretManifest | object | `{}` | Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See https://github.com/godaddy/kubernetes-external-secrets | | common.flyteNamespaceTemplate.enabled | bool | `false` | - Enable or disable creating Flyte namespace in template. Enable when using helm as template-engine only. Disable when using `helm install ...`. | | common.ingress.albSSLRedirect | bool | `false` | - albSSLRedirect adds a special route for ssl redirect. Only useful in combination with the AWS LoadBalancer Controller. | | common.ingress.annotations | object | `{"nginx.ingress.kubernetes.io/app-root":"/console"}` | - Ingress annotations applied to both HTTP and GRPC ingresses. | | common.ingress.enabled | bool | `true` | - Enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. | +| common.ingress.ingressClassName | string | `nil` | - Sets the ingressClassName | | common.ingress.separateGrpcIngress | bool | `false` | - separateGrpcIngress puts GRPC routes into a separate ingress if true. Required for certain ingress controllers like nginx. | | common.ingress.separateGrpcIngressAnnotations | object | `{"nginx.ingress.kubernetes.io/backend-protocol":"GRPC"}` | - Extra Ingress annotations applied only to the GRPC ingress. Only makes sense if `separateGrpcIngress` is enabled. | | common.ingress.tls | object | `{"enabled":false}` | - Ingress hostname host: | diff --git a/charts/flyte-core/templates/common/ingress.yaml b/charts/flyte-core/templates/common/ingress.yaml index 2a45152a0b7..69f7c4ae070 100644 --- a/charts/flyte-core/templates/common/ingress.yaml +++ b/charts/flyte-core/templates/common/ingress.yaml @@ -163,6 +163,7 @@ metadata: annotations: {{ tpl (toYaml .) $ | nindent 4}} {{- end }} spec: + ingressClassName: {{ .Values.common.ingress.ingressClassName | quote }} rules: - http: paths: @@ -477,14 +478,13 @@ kind: Ingress metadata: name: {{ template "flyte.name" . }}-grpc namespace: {{ template "flyte.namespace" . }} - annotations: - {{- with .Values.common.ingress.annotations }} - {{- tpl (toYaml .) $ | nindent 4}} - {{- end }} - {{- with .Values.common.ingress.separateGrpcIngressAnnotations }} - {{- toYaml . | nindent 4}} + {{- $annotations := .Values.common.ingress.annotations | deepCopy -}} + {{- $_ := merge $annotations .Values.common.ingress.separateGrpcIngressAnnotations -}} + {{- with $annotations }} + annotations: {{ tpl (toYaml .) $ | nindent 4}} {{- end }} spec: + ingressClassName: {{ .Values.common.ingress.ingressClassName | quote }} rules: - host: {{ tpl (toYaml .Values.common.ingress.host) $ }} http: diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 07eb76eeb6c..16e7accc5ea 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -432,6 +432,8 @@ common: # -- Specify your Secret (with sensitive data) or pseudo-manifest (without sensitive data). See https://github.com/godaddy/kubernetes-external-secrets secretManifest: {} ingress: + # --- Sets the ingressClassName + ingressClassName: # --- Enable or disable creating Ingress for Flyte. Relevant to disable when using e.g. Istio as ingress controller. enabled: true # --- Enable or disable HMR route to flyteconsole. This is useful only for frontend development. diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index 44bc9bf6976..a0aebff4957 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -1394,6 +1394,7 @@ metadata: kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console spec: + ingressClassName: rules: - http: paths: @@ -1549,9 +1550,10 @@ kind: Ingress metadata: name: flyte-core-grpc namespace: flyte - annotations: + annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC alb.ingress.kubernetes.io/certificate-arn: '' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' @@ -1560,9 +1562,9 @@ metadata: alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console - alb.ingress.kubernetes.io/backend-protocol-version: GRPC nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: rules: - host: null http: diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index 5db040c65dd..be8b4423719 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -1020,6 +1020,7 @@ metadata: kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console spec: + ingressClassName: rules: - http: paths: @@ -1175,9 +1176,10 @@ kind: Ingress metadata: name: flyte-core-grpc namespace: flyte - annotations: + annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC alb.ingress.kubernetes.io/certificate-arn: '' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' @@ -1186,9 +1188,9 @@ metadata: alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console - alb.ingress.kubernetes.io/backend-protocol-version: GRPC nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: rules: - host: null http: diff --git a/deployment/eks/flyte_helm_dataplane_generated.yaml b/deployment/eks/flyte_helm_dataplane_generated.yaml index d4c301510b9..5fa5c094984 100644 --- a/deployment/eks/flyte_helm_dataplane_generated.yaml +++ b/deployment/eks/flyte_helm_dataplane_generated.yaml @@ -593,6 +593,7 @@ metadata: kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console spec: + ingressClassName: rules: - http: paths: @@ -748,9 +749,10 @@ kind: Ingress metadata: name: flyte-core-grpc namespace: flyte - annotations: + annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC alb.ingress.kubernetes.io/certificate-arn: '' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' @@ -759,9 +761,9 @@ metadata: alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console - alb.ingress.kubernetes.io/backend-protocol-version: GRPC nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: rules: - host: null http: diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index dc69345261c..1b84af16a53 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -1513,6 +1513,7 @@ metadata: kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console spec: + ingressClassName: rules: - http: paths: @@ -1668,9 +1669,10 @@ kind: Ingress metadata: name: flyte-core-grpc namespace: flyte - annotations: + annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC alb.ingress.kubernetes.io/certificate-arn: '' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' @@ -1679,9 +1681,9 @@ metadata: alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb nginx.ingress.kubernetes.io/app-root: /console - alb.ingress.kubernetes.io/backend-protocol-version: GRPC nginx.ingress.kubernetes.io/backend-protocol: GRPC spec: + ingressClassName: rules: - host: null http: diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index dc4c4825d2c..d9ea49361c1 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -1029,6 +1029,7 @@ metadata: nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: + ingressClassName: rules: - http: paths: @@ -1182,13 +1183,14 @@ kind: Ingress metadata: name: flyte-core-grpc namespace: flyte - annotations: + annotations: cert-manager.io/issuer: letsencrypt-production kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: GRPC + nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: + ingressClassName: rules: - host: '' http: diff --git a/deployment/gcp/flyte_helm_dataplane_generated.yaml b/deployment/gcp/flyte_helm_dataplane_generated.yaml index fb6147e78bf..b7cd4932aed 100644 --- a/deployment/gcp/flyte_helm_dataplane_generated.yaml +++ b/deployment/gcp/flyte_helm_dataplane_generated.yaml @@ -594,6 +594,7 @@ metadata: nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: + ingressClassName: rules: - http: paths: @@ -747,13 +748,14 @@ kind: Ingress metadata: name: flyte-core-grpc namespace: flyte - annotations: + annotations: cert-manager.io/issuer: letsencrypt-production kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: GRPC + nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: + ingressClassName: rules: - host: '' http: diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index 88a62d6ad2c..f6ae64796f0 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -1529,6 +1529,7 @@ metadata: nginx.ingress.kubernetes.io/app-root: /console nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: + ingressClassName: rules: - http: paths: @@ -1682,13 +1683,14 @@ kind: Ingress metadata: name: flyte-core-grpc namespace: flyte - annotations: + annotations: cert-manager.io/issuer: letsencrypt-production kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/app-root: /console - nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: GRPC + nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: + ingressClassName: rules: - host: '' http: diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index d6506ebe21d..f5e26ef0bbc 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -7538,6 +7538,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/app-root: /console spec: + ingressClassName: rules: - http: paths: