Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add appProtocol to agent service to allow agent to work with istio #5240

Merged

Commits on Jun 25, 2024

  1. Adds appProtocol values of tcp on services

     * flyteadmin http port
     * flyteadmin grpc port
     * flyteconsole grpc port
    
       This is necessary because the ingress may be configured in a way that
       it sends TLS traffic to internal Flyte services. Istio will use port
       names to determine traffic - and may therefore assume the appProtocol
       of http, even though traffic from ingress -> flyteadmin is actually
       https. This misconfiguration prevents any traffic from flowing
       through the ingress to the service.
    
       Flyteadmin http and grcp ports *are* accessible using `http` and
       `grpc` values for appProtocol respectively within the cluster, but as
       soon as traffic travels between the ingress and the service those settings
       will not work. The most "compatible" setting is `tcp` which works for
       any network stream.
    
     - Adds the nginx.ingress.kubernetes.io/service-upstream: "true"
    
       Nginx Controller using endpoints instead of Services kubernetes/ingress-nginx#257
       kubernetes/ingress-nginx@main/docs/user-guide/nginx-configuration/annotations.md#service-upstream
    
    Signed-off-by: noahjax <[email protected]>
    Signed-off-by: ddl-ebrown <[email protected]>
    noahjax authored and ddl-ebrown committed Jun 25, 2024
    Configuration menu
    Copy the full SHA
    8590993 View commit details
    Browse the repository at this point in the history