From fe7c72eddfd5b4436377973b92befb9312e47be3 Mon Sep 17 00:00:00 2001 From: mvaal Date: Tue, 14 May 2024 15:28:35 -0500 Subject: [PATCH 1/5] Improve flyte-core helm chart Fixed flyte-core helm chart where ServiceAccounts were missing and some naming inconsistencies Signed-off-by: mvaal --- charts/flyte-core/templates/_helpers.tpl | 14 ++++++------- .../clusterresourcesync/configmap.yaml | 3 +-- .../clusterresourcesync/deployment.yaml | 4 ++-- .../templates/clusterresourcesync/rbac.yaml | 16 +++++++++++++++ .../templates/console/deployment.yaml | 1 + charts/flyte-core/templates/console/rbac.yaml | 16 +++++++++++++++ .../templates/flytescheduler/deployment.yaml | 2 +- .../flytescheduler/{sa.yaml => rbac.yaml} | 2 +- charts/flyte-core/values.yaml | 20 ++++++++++++++++++- charts/flyteagent/values.yaml | 2 +- 10 files changed, 65 insertions(+), 15 deletions(-) create mode 100644 charts/flyte-core/templates/clusterresourcesync/rbac.yaml create mode 100644 charts/flyte-core/templates/console/rbac.yaml rename charts/flyte-core/templates/flytescheduler/{sa.yaml => rbac.yaml} (98%) diff --git a/charts/flyte-core/templates/_helpers.tpl b/charts/flyte-core/templates/_helpers.tpl index b4361a1e47..e875bd8860 100755 --- a/charts/flyte-core/templates/_helpers.tpl +++ b/charts/flyte-core/templates/_helpers.tpl @@ -14,7 +14,7 @@ {{- define "flyteadmin.name" -}} -flyteadmin +{{- default "flyteadmin" .Values.flyteadmin.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "flyteadmin.selectorLabels" -}} @@ -36,7 +36,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{- define "flytescheduler.name" -}} -flytescheduler +{{- default "flytescheduler" .Values.flytescheduler.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "flytescheduler.selectorLabels" -}} @@ -59,7 +59,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{- define "flyteclusterresourcesync.name" -}} -flyteclusterresourcesync +{{- default "flyteclusterresourcesync" .Values.cluster_resource_manager.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "flyteclusterresourcesync.selectorLabels" -}} @@ -81,7 +81,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{- define "datacatalog.name" -}} -datacatalog +{{- default "datacatalog" .Values.datacatalog.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "datacatalog.selectorLabels" -}} @@ -125,7 +125,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{- define "flytepropeller-manager.name" -}} -flytepropeller-manager +{{- default "flytepropeller-manager" .Values.flytepropeller.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "flytepropeller-manager.selectorLabels" -}} @@ -147,12 +147,12 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{- define "flyte-pod-webhook.name" -}} -flyte-pod-webhook +{{- default "flyte-pod-webhook" .Values.webhook.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "flyteconsole.name" -}} -flyteconsole +{{- default "flyteconsole" .Values.flyteconsole.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "flyteconsole.selectorLabels" -}} diff --git a/charts/flyte-core/templates/clusterresourcesync/configmap.yaml b/charts/flyte-core/templates/clusterresourcesync/configmap.yaml index a58ccd947c..47cda31496 100644 --- a/charts/flyte-core/templates/clusterresourcesync/configmap.yaml +++ b/charts/flyte-core/templates/clusterresourcesync/configmap.yaml @@ -34,5 +34,4 @@ data: clusters: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - - {{- end }} +{{- end }} diff --git a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml index a2fb5d04ae..ae395aea92 100644 --- a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml +++ b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: {{ template "flyteclusterresourcesync.name" . }} namespace: {{ template "flyte.namespace" . }} labels: {{ include "flyteclusterresourcesync.labels" . | nindent 4 }} spec: @@ -55,7 +55,7 @@ spec: - mountPath: /var/run/credentials name: cluster-secrets {{- end }} - serviceAccountName: {{ .Values.cluster_resource_manager.service_account_name }} + serviceAccountName: {{ .Values.cluster_resource_manager.serviceAccount.create | ternary (include "flyteclusterresourcesync.name" .) .Values.cluster_resource_manager.service_account_name }} volumes: {{- include "databaseSecret.volume" . | nindent 8 }} - configMap: name: clusterresource-template diff --git a/charts/flyte-core/templates/clusterresourcesync/rbac.yaml b/charts/flyte-core/templates/clusterresourcesync/rbac.yaml new file mode 100644 index 0000000000..9676788dd9 --- /dev/null +++ b/charts/flyte-core/templates/clusterresourcesync/rbac.yaml @@ -0,0 +1,16 @@ +{{- if .Values.cluster_resource_manager.enabled }} +{{- if .Values.cluster_resource_manager.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "flyteclusterresourcesync.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteclusterresourcesync.labels" . | nindent 4 }} + {{- with .Values.cluster_resource_manager.serviceAccount.annotations }} + annotations: {{ tpl (toYaml .) $ | nindent 4 }} + {{- end}} +{{- with .Values.cluster_resource_manager.serviceAccount.imagePullSecrets }} +imagePullSecrets: {{ tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/flyte-core/templates/console/deployment.yaml b/charts/flyte-core/templates/console/deployment.yaml index 2d89e0265a..8b7f9e492e 100644 --- a/charts/flyte-core/templates/console/deployment.yaml +++ b/charts/flyte-core/templates/console/deployment.yaml @@ -59,6 +59,7 @@ spec: volumeMounts: - mountPath: /srv/flyte name: shared-data + serviceAccountName: {{ template "flyteconsole.name" . }} volumes: - emptyDir: {} name: shared-data diff --git a/charts/flyte-core/templates/console/rbac.yaml b/charts/flyte-core/templates/console/rbac.yaml new file mode 100644 index 0000000000..50ac787e77 --- /dev/null +++ b/charts/flyte-core/templates/console/rbac.yaml @@ -0,0 +1,16 @@ +{{- if .Values.flyteconsole.enabled }} +{{- if .Values.flyteconsole.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "flyteconsole.name" . }} + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteconsole.labels" . | nindent 4 }} + {{- with .Values.flyteconsole.serviceAccount.annotations }} + annotations: {{ tpl (toYaml .) $ | nindent 4 }} + {{- end}} +{{- with .Values.flyteconsole.serviceAccount.imagePullSecrets }} +imagePullSecrets: {{ tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/flyte-core/templates/flytescheduler/deployment.yaml b/charts/flyte-core/templates/flytescheduler/deployment.yaml index 14db8c48a7..2d9591ecaf 100755 --- a/charts/flyte-core/templates/flytescheduler/deployment.yaml +++ b/charts/flyte-core/templates/flytescheduler/deployment.yaml @@ -112,5 +112,5 @@ spec: {{- with .Values.flytescheduler.tolerations }} tolerations: {{ tpl (toYaml .) $ | nindent 8 }} {{- end }} -{{- end }} {{- end }} +{{- end }} diff --git a/charts/flyte-core/templates/flytescheduler/sa.yaml b/charts/flyte-core/templates/flytescheduler/rbac.yaml similarity index 98% rename from charts/flyte-core/templates/flytescheduler/sa.yaml rename to charts/flyte-core/templates/flytescheduler/rbac.yaml index 6304820d83..72b8e21f8c 100644 --- a/charts/flyte-core/templates/flytescheduler/sa.yaml +++ b/charts/flyte-core/templates/flytescheduler/rbac.yaml @@ -17,5 +17,5 @@ imagePullSecrets: {{ tpl (toYaml .) $ | nindent 2 }} {{- end }} --- -{{- end }} + {{- end }} {{- end }} diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 4d1e77def0..2151fd15f0 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -399,10 +399,18 @@ flyteconsole: service: annotations: {} type: ClusterIP + # -- Configuration for service accounts for FlyteConsole + serviceAccount: + # -- Should a service account be created for the console + create: true + # -- Annotations for ServiceAccount attached to the console + annotations: {} + # -- ImagePullSecrets to automatically assign to the service console + imagePullSecrets: [] # -- Annotations for Flyteconsole pods podAnnotations: {} # -- Additional Flyteconsole container environment variables - podEnv: {} + podEnv: [] # -- Labels for Flyteconsole pods podLabels: {} # -- nodeSelector for Flyteconsole deployment @@ -903,8 +911,18 @@ cluster_resource_manager: # -- Enables the Cluster resource manager component enabled: true standaloneDeployment: false + # nameOverride String to override flyteclusterresourcesync.name template + nameOverride: # -- Service account name to run with service_account_name: flyteadmin + # -- Configuration for service accounts for ClusterResource, will ignore service_account_name if set + serviceAccount: + # -- Should a service account be created for the ClusterResource + create: true + # -- Annotations for ServiceAccount attached to the ClusterResource + annotations: { } + # -- ImagePullSecrets to automatically assign to the service ClusterResource + imagePullSecrets: [ ] # -- Annotations for ClusterResource pods podAnnotations: {} # -- Additional ClusterResource container environment variables diff --git a/charts/flyteagent/values.yaml b/charts/flyteagent/values.yaml index ecfc08e40a..e35ad81037 100755 --- a/charts/flyteagent/values.yaml +++ b/charts/flyteagent/values.yaml @@ -69,7 +69,7 @@ securityContext: # -- Annotations for flyteagent pods podAnnotations: {} # -- Additional flyteagent pod container environment variables -podEnv: {} +podEnv: [] # -- Labels for flyteagent pods podLabels: {} # -- nodeSelector for flyteagent deployment From 16963fdc4182295b1bcd165a29ce1e9b6c2768f2 Mon Sep 17 00:00:00 2001 From: mvaal Date: Tue, 14 May 2024 15:42:20 -0500 Subject: [PATCH 2/5] Fixed remaining podEnv defaults Signed-off-by: mvaal --- charts/flyte-core/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 2151fd15f0..b80a6d3e79 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -171,7 +171,7 @@ flytescheduler: # -- Annotations for Flytescheduler pods podAnnotations: {} # -- Additional Flytescheduler container environment variables - podEnv: {} + podEnv: [] # -- Labels for Flytescheduler pods podLabels: {} # -- nodeSelector for Flytescheduler deployment @@ -243,7 +243,7 @@ datacatalog: # -- Annotations for Datacatalog pods podAnnotations: {} # -- Additional Datacatalog container environment variables - podEnv: {} + podEnv: [] # -- Labels for Datacatalog pods podLabels: {} # -- nodeSelector for Datacatalog deployment @@ -329,7 +329,7 @@ flytepropeller: # -- Annotations for Flytepropeller pods podAnnotations: {} # -- Additional Flytepropeller container environment variables - podEnv: {} + podEnv: [] # -- Labels for Flytepropeller pods podLabels: {} # -- nodeSelector for Flytepropeller deployment @@ -926,7 +926,7 @@ cluster_resource_manager: # -- Annotations for ClusterResource pods podAnnotations: {} # -- Additional ClusterResource container environment variables - podEnv: {} + podEnv: [] # -- Labels for ClusterResource pods podLabels: {} # -- nodeSelector for ClusterResource deployment From 0d6bcbc66d225d9c1d0393369f1d68038c72f406 Mon Sep 17 00:00:00 2001 From: mvaal Date: Wed, 15 May 2024 14:27:02 -0500 Subject: [PATCH 3/5] Update generated_helm Signed-off-by: mvaal --- charts/flyte-core/README.md | 20 ++++++++---- charts/flyteagent/README.md | 2 +- .../flyte_aws_scheduler_helm_generated.yaml | 29 +++++++++++++++-- .../flyte_helm_controlplane_generated.yaml | 31 +++++++++++++++++-- deployment/eks/flyte_helm_generated.yaml | 31 +++++++++++++++++-- .../flyte_helm_controlplane_generated.yaml | 31 +++++++++++++++++-- deployment/gcp/flyte_helm_generated.yaml | 31 +++++++++++++++++-- deployment/sandbox/flyte_helm_generated.yaml | 31 +++++++++++++++++-- .../manifests/complete-agent.yaml | 2 +- .../sandbox-bundled/manifests/complete.yaml | 2 +- docker/sandbox-bundled/manifests/dev.yaml | 2 +- 11 files changed, 185 insertions(+), 27 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 7e2da9da96..8c1661161f 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -60,7 +60,7 @@ helm install gateway bitnami/contour -n flyte | cloud_events.eventsPublisher.eventTypes[0] | string | `"all"` | | | cloud_events.eventsPublisher.topicName | string | `"arn:aws:sns:us-east-2:123456:123-my-topic"` | | | cloud_events.type | string | `"aws"` | | -| cluster_resource_manager | object | `{"config":{"cluster_resources":{"customData":[{"production":[{"projectQuotaCpu":{"value":"5"}},{"projectQuotaMemory":{"value":"4000Mi"}}]},{"staging":[{"projectQuotaCpu":{"value":"2"}},{"projectQuotaMemory":{"value":"3000Mi"}}]},{"development":[{"projectQuotaCpu":{"value":"4"}},{"projectQuotaMemory":{"value":"3000Mi"}}]}],"refreshInterval":"5m","standaloneDeployment":false,"templatePath":"/etc/flyte/clusterresource/templates"}},"enabled":true,"nodeSelector":{},"podAnnotations":{},"podEnv":{},"podLabels":{},"resources":{},"service_account_name":"flyteadmin","standaloneDeployment":false,"templates":[{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"},{"key":"ab_project_resource_quota","value":"apiVersion: v1\nkind: ResourceQuota\nmetadata:\n name: project-quota\n namespace: {{ namespace }}\nspec:\n hard:\n limits.cpu: {{ projectQuotaCpu }}\n limits.memory: {{ projectQuotaMemory }}\n"}]}` | Configuration for the Cluster resource manager component. This is an optional component, that enables automatic cluster configuration. This is useful to set default quotas, manage namespaces etc that map to a project/domain | +| cluster_resource_manager | object | `{"config":{"cluster_resources":{"customData":[{"production":[{"projectQuotaCpu":{"value":"5"}},{"projectQuotaMemory":{"value":"4000Mi"}}]},{"staging":[{"projectQuotaCpu":{"value":"2"}},{"projectQuotaMemory":{"value":"3000Mi"}}]},{"development":[{"projectQuotaCpu":{"value":"4"}},{"projectQuotaMemory":{"value":"3000Mi"}}]}],"refreshInterval":"5m","standaloneDeployment":false,"templatePath":"/etc/flyte/clusterresource/templates"}},"enabled":true,"nameOverride":null,"nodeSelector":{},"podAnnotations":{},"podEnv":[],"podLabels":{},"resources":{},"serviceAccount":{"annotations":{},"create":true,"imagePullSecrets":[]},"service_account_name":"flyteadmin","standaloneDeployment":false,"templates":[{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"},{"key":"ab_project_resource_quota","value":"apiVersion: v1\nkind: ResourceQuota\nmetadata:\n name: project-quota\n namespace: {{ namespace }}\nspec:\n hard:\n limits.cpu: {{ projectQuotaCpu }}\n limits.memory: {{ projectQuotaMemory }}\n"}]}` | Configuration for the Cluster resource manager component. This is an optional component, that enables automatic cluster configuration. This is useful to set default quotas, manage namespaces etc that map to a project/domain | | cluster_resource_manager.config | object | `{"cluster_resources":{"customData":[{"production":[{"projectQuotaCpu":{"value":"5"}},{"projectQuotaMemory":{"value":"4000Mi"}}]},{"staging":[{"projectQuotaCpu":{"value":"2"}},{"projectQuotaMemory":{"value":"3000Mi"}}]},{"development":[{"projectQuotaCpu":{"value":"4"}},{"projectQuotaMemory":{"value":"3000Mi"}}]}],"refreshInterval":"5m","standaloneDeployment":false,"templatePath":"/etc/flyte/clusterresource/templates"}}` | Configmap for ClusterResource parameters | | cluster_resource_manager.config.cluster_resources | object | `{"customData":[{"production":[{"projectQuotaCpu":{"value":"5"}},{"projectQuotaMemory":{"value":"4000Mi"}}]},{"staging":[{"projectQuotaCpu":{"value":"2"}},{"projectQuotaMemory":{"value":"3000Mi"}}]},{"development":[{"projectQuotaCpu":{"value":"4"}},{"projectQuotaMemory":{"value":"3000Mi"}}]}],"refreshInterval":"5m","standaloneDeployment":false,"templatePath":"/etc/flyte/clusterresource/templates"}` | ClusterResource parameters Refer to the [structure](https://pkg.go.dev/github.com/lyft/flyteadmin@v0.3.37/pkg/runtime/interfaces#ClusterResourceConfig) to customize. | | cluster_resource_manager.config.cluster_resources.refreshInterval | string | `"5m"` | How frequently to run the sync process | @@ -68,9 +68,13 @@ helm install gateway bitnami/contour -n flyte | cluster_resource_manager.enabled | bool | `true` | Enables the Cluster resource manager component | | cluster_resource_manager.nodeSelector | object | `{}` | nodeSelector for ClusterResource deployment | | cluster_resource_manager.podAnnotations | object | `{}` | Annotations for ClusterResource pods | -| cluster_resource_manager.podEnv | object | `{}` | Additional ClusterResource container environment variables | +| cluster_resource_manager.podEnv | list | `[]` | Additional ClusterResource container environment variables | | cluster_resource_manager.podLabels | object | `{}` | Labels for ClusterResource pods | | cluster_resource_manager.resources | object | `{}` | Resources for ClusterResource deployment | +| cluster_resource_manager.serviceAccount | object | `{"annotations":{},"create":true,"imagePullSecrets":[]}` | Configuration for service accounts for ClusterResource, will ignore service_account_name if set | +| cluster_resource_manager.serviceAccount.annotations | object | `{}` | Annotations for ServiceAccount attached to the ClusterResource | +| cluster_resource_manager.serviceAccount.create | bool | `true` | Should a service account be created for the ClusterResource | +| cluster_resource_manager.serviceAccount.imagePullSecrets | list | `[]` | ImagePullSecrets to automatically assign to the service ClusterResource | | cluster_resource_manager.service_account_name | string | `"flyteadmin"` | Service account name to run with | | cluster_resource_manager.templates | list | `[{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"},{"key":"ab_project_resource_quota","value":"apiVersion: v1\nkind: ResourceQuota\nmetadata:\n name: project-quota\n namespace: {{ namespace }}\nspec:\n hard:\n limits.cpu: {{ projectQuotaCpu }}\n limits.memory: {{ projectQuotaMemory }}\n"}]` | Resource templates that should be applied | | cluster_resource_manager.templates[0] | object | `{"key":"aa_namespace","value":"apiVersion: v1\nkind: Namespace\nmetadata:\n name: {{ namespace }}\nspec:\n finalizers:\n - kubernetes\n"}` | Template for namespaces resources | @@ -133,7 +137,7 @@ helm install gateway bitnami/contour -n flyte | datacatalog.image.tag | string | `"v1.12.0"` | Docker image tag | | datacatalog.nodeSelector | object | `{}` | nodeSelector for Datacatalog deployment | | datacatalog.podAnnotations | object | `{}` | Annotations for Datacatalog pods | -| datacatalog.podEnv | object | `{}` | Additional Datacatalog container environment variables | +| datacatalog.podEnv | list | `[]` | Additional Datacatalog container environment variables | | datacatalog.podLabels | object | `{}` | Labels for Datacatalog pods | | datacatalog.priorityClassName | string | `""` | Sets priorityClassName for datacatalog pod(s). | | datacatalog.replicaCount | int | `1` | Replicas count for Datacatalog deployment | @@ -208,13 +212,17 @@ helm install gateway bitnami/contour -n flyte | flyteconsole.imagePullSecrets | list | `[]` | ImagePullSecrets to assign to the Flyteconsole deployment | | flyteconsole.nodeSelector | object | `{}` | nodeSelector for Flyteconsole deployment | | flyteconsole.podAnnotations | object | `{}` | Annotations for Flyteconsole pods | -| flyteconsole.podEnv | object | `{}` | Additional Flyteconsole container environment variables | +| flyteconsole.podEnv | list | `[]` | Additional Flyteconsole container environment variables | | flyteconsole.podLabels | object | `{}` | Labels for Flyteconsole pods | | flyteconsole.priorityClassName | string | `""` | Sets priorityClassName for flyte console pod(s). | | flyteconsole.replicaCount | int | `1` | Replicas count for Flyteconsole deployment | | flyteconsole.resources | object | `{"limits":{"cpu":"500m","memory":"250Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Default resources requests and limits for Flyteconsole deployment | | flyteconsole.securityContext | object | `{"fsGroupChangePolicy":"OnRootMismatch","runAsNonRoot":true,"runAsUser":1000,"seLinuxOptions":{"type":"spc_t"}}` | Sets securityContext for flyteconsole pod(s). | | flyteconsole.service | object | `{"annotations":{},"type":"ClusterIP"}` | Service settings for Flyteconsole | +| flyteconsole.serviceAccount | object | `{"annotations":{},"create":true,"imagePullSecrets":[]}` | Configuration for service accounts for FlyteConsole | +| flyteconsole.serviceAccount.annotations | object | `{}` | Annotations for ServiceAccount attached to the console | +| flyteconsole.serviceAccount.create | bool | `true` | Should a service account be created for the console | +| flyteconsole.serviceAccount.imagePullSecrets | list | `[]` | ImagePullSecrets to automatically assign to the service console | | flyteconsole.tolerations | list | `[]` | tolerations for Flyteconsole deployment | | flytepropeller.additionalContainers | list | `[]` | Appends additional containers to the deployment spec. May include template values. | | flytepropeller.additionalVolumeMounts | list | `[]` | Appends additional volume mounts to the main container's spec. May include template values. | @@ -232,7 +240,7 @@ helm install gateway bitnami/contour -n flyte | flytepropeller.manager | bool | `false` | | | flytepropeller.nodeSelector | object | `{}` | nodeSelector for Flytepropeller deployment | | flytepropeller.podAnnotations | object | `{}` | Annotations for Flytepropeller pods | -| flytepropeller.podEnv | object | `{}` | Additional Flytepropeller container environment variables | +| flytepropeller.podEnv | list | `[]` | Additional Flytepropeller container environment variables | | flytepropeller.podLabels | object | `{}` | Labels for Flytepropeller pods | | flytepropeller.priorityClassName | string | `""` | Sets priorityClassName for propeller pod(s). | | flytepropeller.replicaCount | int | `1` | Replicas count for Flytepropeller deployment | @@ -262,7 +270,7 @@ helm install gateway bitnami/contour -n flyte | flytescheduler.image.tag | string | `"v1.12.0"` | Docker image tag | | flytescheduler.nodeSelector | object | `{}` | nodeSelector for Flytescheduler deployment | | flytescheduler.podAnnotations | object | `{}` | Annotations for Flytescheduler pods | -| flytescheduler.podEnv | object | `{}` | Additional Flytescheduler container environment variables | +| flytescheduler.podEnv | list | `[]` | Additional Flytescheduler container environment variables | | flytescheduler.podLabels | object | `{}` | Labels for Flytescheduler pods | | flytescheduler.priorityClassName | string | `""` | Sets priorityClassName for flyte scheduler pod(s). | | flytescheduler.resources | object | `{"limits":{"cpu":"250m","ephemeral-storage":"100Mi","memory":"500Mi"},"requests":{"cpu":"10m","ephemeral-storage":"50Mi","memory":"50Mi"}}` | Default resources requests and limits for Flytescheduler deployment | diff --git a/charts/flyteagent/README.md b/charts/flyteagent/README.md index 18cc0a9ef9..8088c60a63 100644 --- a/charts/flyteagent/README.md +++ b/charts/flyteagent/README.md @@ -24,7 +24,7 @@ A Helm chart for Flyte agent | nameOverride | string | `""` | | | nodeSelector | object | `{}` | nodeSelector for flyteagent deployment | | podAnnotations | object | `{}` | Annotations for flyteagent pods | -| podEnv | object | `{}` | Additional flyteagent pod container environment variables | +| podEnv | list | `[]` | Additional flyteagent pod container environment variables | | podLabels | object | `{}` | Labels for flyteagent pods | | podSecurityContext | object | `{}` | Security context for pod | | ports.containerPort | int | `8000` | | diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index ed1aca0b94..35c4a3042f 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -13,6 +13,30 @@ metadata: annotations: eks.amazonaws.com/role-arn: arn:aws:iam:::role/iam-role-flyte --- +# Source: flyte-core/templates/clusterresourcesync/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteclusterresourcesync + namespace: flyte + labels: + app.kubernetes.io/name: flyteclusterresourcesync + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- +# Source: flyte-core/templates/console/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteconsole + namespace: flyte + labels: + app.kubernetes.io/name: flyteconsole + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- # Source: flyte-core/templates/datacatalog/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -1028,7 +1052,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: flyteclusterresourcesync namespace: flyte labels: app.kubernetes.io/name: flyteclusterresourcesync @@ -1068,7 +1092,7 @@ spec: name: resource-templates - mountPath: /etc/flyte/config name: config-volume - serviceAccountName: flyteadmin + serviceAccountName: flyteclusterresourcesync volumes: - name: db-pass secret: @@ -1136,6 +1160,7 @@ spec: volumeMounts: - mountPath: /srv/flyte name: shared-data + serviceAccountName: flyteconsole volumes: - emptyDir: {} name: shared-data diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index 133238300d..f344056fe3 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -13,6 +13,30 @@ metadata: annotations: eks.amazonaws.com/role-arn: arn:aws:iam:::role/iam-role-flyte --- +# Source: flyte-core/templates/clusterresourcesync/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteclusterresourcesync + namespace: flyte + labels: + app.kubernetes.io/name: flyteclusterresourcesync + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- +# Source: flyte-core/templates/console/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteconsole + namespace: flyte + labels: + app.kubernetes.io/name: flyteconsole + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- # Source: flyte-core/templates/datacatalog/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -27,7 +51,7 @@ metadata: annotations: eks.amazonaws.com/role-arn: arn:aws:iam:::role/iam-role-flyte --- -# Source: flyte-core/templates/flytescheduler/sa.yaml +# Source: flyte-core/templates/flytescheduler/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -733,7 +757,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: flyteclusterresourcesync namespace: flyte labels: app.kubernetes.io/name: flyteclusterresourcesync @@ -773,7 +797,7 @@ spec: name: resource-templates - mountPath: /etc/flyte/config name: config-volume - serviceAccountName: flyteadmin + serviceAccountName: flyteclusterresourcesync volumes: - name: db-pass secret: @@ -841,6 +865,7 @@ spec: volumeMounts: - mountPath: /srv/flyte name: shared-data + serviceAccountName: flyteconsole volumes: - emptyDir: {} name: shared-data diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index fc3cf6fe68..952e2dabf2 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -13,6 +13,30 @@ metadata: annotations: eks.amazonaws.com/role-arn: arn:aws:iam:::role/iam-role-flyte --- +# Source: flyte-core/templates/clusterresourcesync/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteclusterresourcesync + namespace: flyte + labels: + app.kubernetes.io/name: flyteclusterresourcesync + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- +# Source: flyte-core/templates/console/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteconsole + namespace: flyte + labels: + app.kubernetes.io/name: flyteconsole + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- # Source: flyte-core/templates/datacatalog/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -27,7 +51,7 @@ metadata: annotations: eks.amazonaws.com/role-arn: arn:aws:iam:::role/iam-role-flyte --- -# Source: flyte-core/templates/flytescheduler/sa.yaml +# Source: flyte-core/templates/flytescheduler/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -1059,7 +1083,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: flyteclusterresourcesync namespace: flyte labels: app.kubernetes.io/name: flyteclusterresourcesync @@ -1099,7 +1123,7 @@ spec: name: resource-templates - mountPath: /etc/flyte/config name: config-volume - serviceAccountName: flyteadmin + serviceAccountName: flyteclusterresourcesync volumes: - name: db-pass secret: @@ -1167,6 +1191,7 @@ spec: volumeMounts: - mountPath: /srv/flyte name: shared-data + serviceAccountName: flyteconsole volumes: - emptyDir: {} name: shared-data diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 4d83f1c096..9f111e9f36 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -13,6 +13,30 @@ metadata: annotations: iam.gke.io/gcp-service-account: gsa-flyteadmin@.iam.gserviceaccount.com --- +# Source: flyte-core/templates/clusterresourcesync/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteclusterresourcesync + namespace: flyte + labels: + app.kubernetes.io/name: flyteclusterresourcesync + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- +# Source: flyte-core/templates/console/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteconsole + namespace: flyte + labels: + app.kubernetes.io/name: flyteconsole + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- # Source: flyte-core/templates/datacatalog/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -27,7 +51,7 @@ metadata: annotations: iam.gke.io/gcp-service-account: gsa-datacatalog@.iam.gserviceaccount.com --- -# Source: flyte-core/templates/flytescheduler/sa.yaml +# Source: flyte-core/templates/flytescheduler/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -748,7 +772,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: flyteclusterresourcesync namespace: flyte labels: app.kubernetes.io/name: flyteclusterresourcesync @@ -788,7 +812,7 @@ spec: name: resource-templates - mountPath: /etc/flyte/config name: config-volume - serviceAccountName: flyteadmin + serviceAccountName: flyteclusterresourcesync volumes: - name: db-pass secret: @@ -856,6 +880,7 @@ spec: volumeMounts: - mountPath: /srv/flyte name: shared-data + serviceAccountName: flyteconsole volumes: - emptyDir: {} name: shared-data diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index 0f24d0f3bc..bcb4cbdeb5 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -13,6 +13,30 @@ metadata: annotations: iam.gke.io/gcp-service-account: gsa-flyteadmin@.iam.gserviceaccount.com --- +# Source: flyte-core/templates/clusterresourcesync/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteclusterresourcesync + namespace: flyte + labels: + app.kubernetes.io/name: flyteclusterresourcesync + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- +# Source: flyte-core/templates/console/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteconsole + namespace: flyte + labels: + app.kubernetes.io/name: flyteconsole + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-core-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- # Source: flyte-core/templates/datacatalog/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -27,7 +51,7 @@ metadata: annotations: iam.gke.io/gcp-service-account: gsa-datacatalog@.iam.gserviceaccount.com --- -# Source: flyte-core/templates/flytescheduler/sa.yaml +# Source: flyte-core/templates/flytescheduler/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -1082,7 +1106,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: flyteclusterresourcesync namespace: flyte labels: app.kubernetes.io/name: flyteclusterresourcesync @@ -1122,7 +1146,7 @@ spec: name: resource-templates - mountPath: /etc/flyte/config name: config-volume - serviceAccountName: flyteadmin + serviceAccountName: flyteclusterresourcesync volumes: - name: db-pass secret: @@ -1190,6 +1214,7 @@ spec: volumeMounts: - mountPath: /srv/flyte name: shared-data + serviceAccountName: flyteconsole volumes: - emptyDir: {} name: shared-data diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index d5bff37291..808c8d551a 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -39,6 +39,30 @@ metadata: helm.sh/chart: flyte-v0.1.10 app.kubernetes.io/managed-by: Helm --- +# Source: flyte/charts/flyte/templates/clusterresourcesync/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteclusterresourcesync + namespace: flyte + labels: + app.kubernetes.io/name: flyteclusterresourcesync + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- +# Source: flyte/charts/flyte/templates/console/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flyteconsole + namespace: flyte + labels: + app.kubernetes.io/name: flyteconsole + app.kubernetes.io/instance: flyte + helm.sh/chart: flyte-v0.1.10 + app.kubernetes.io/managed-by: Helm +--- # Source: flyte/charts/flyte/templates/datacatalog/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -51,7 +75,7 @@ metadata: helm.sh/chart: flyte-v0.1.10 app.kubernetes.io/managed-by: Helm --- -# Source: flyte/charts/flyte/templates/flytescheduler/sa.yaml +# Source: flyte/charts/flyte/templates/flytescheduler/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -6853,7 +6877,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: flyteclusterresourcesync namespace: flyte labels: app.kubernetes.io/name: flyteclusterresourcesync @@ -6892,7 +6916,7 @@ spec: name: resource-templates - mountPath: /etc/flyte/config name: config-volume - serviceAccountName: flyteadmin + serviceAccountName: flyteclusterresourcesync volumes: - configMap: @@ -6963,6 +6987,7 @@ spec: volumeMounts: - mountPath: /srv/flyte name: shared-data + serviceAccountName: flyteconsole volumes: - emptyDir: {} name: shared-data diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index 1a51b6c936..ef2f0ce395 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -1412,7 +1412,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: d563e28ff21175650cb1ea90edc1dd85af7b789c802d6ff1a5b47aed4ef5bbb7 + checksum/secret: 9303f5d6e01a1eb3aab5a0fdc685b9b8e6111313b089811f3ab850a93e53d705 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 9f630adad7..5592ab9b6a 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -1360,7 +1360,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 623b2f28f1a032701661182d8abe2689d92cfb9cc1a0f914a0c5795a2e36b26a + checksum/secret: 0da65e53dd5ca3b119aaec26358e6b9802d9a9464dec83dc8a6c3b753da5bf28 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index 87799de014..9a4f4eea95 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 9d9bc246a2339e714b527427e4357b28dc7ebb9e4cccb0fba84577bb6a0a4333 + checksum/secret: 5728933052cf453a130d281ed64d973b4e7a4d5db26d6c05deb2cec5db9f9348 labels: app: docker-registry release: flyte-sandbox From 35494d750d1e611576599e2a74550ba2721e1bfd Mon Sep 17 00:00:00 2001 From: mvaal Date: Tue, 28 May 2024 10:07:59 -0500 Subject: [PATCH 4/5] Fix lint issues in flyte-core values.yaml Signed-off-by: mvaal --- charts/flyte-core/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index b80a6d3e79..8f993354e9 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -920,9 +920,9 @@ cluster_resource_manager: # -- Should a service account be created for the ClusterResource create: true # -- Annotations for ServiceAccount attached to the ClusterResource - annotations: { } + annotations: {} # -- ImagePullSecrets to automatically assign to the service ClusterResource - imagePullSecrets: [ ] + imagePullSecrets: [] # -- Annotations for ClusterResource pods podAnnotations: {} # -- Additional ClusterResource container environment variables From 9e3e27c888bbc7f9e322257f598f23778c439bb1 Mon Sep 17 00:00:00 2001 From: mvaal Date: Fri, 14 Jun 2024 12:49:44 -0500 Subject: [PATCH 5/5] Added clustersync generated ServiceAccount to admin ClusterRoleBinding Since clustersync is running flyteadmin, we want to give it the same permissions as flyteadmin SA (since that is the one we are replacing) Signed-off-by: mvaal --- charts/flyte-core/templates/admin/rbac.yaml | 5 +++++ deployment/eks/flyte_aws_scheduler_helm_generated.yaml | 3 +++ deployment/eks/flyte_helm_controlplane_generated.yaml | 3 +++ deployment/eks/flyte_helm_generated.yaml | 3 +++ deployment/gcp/flyte_helm_controlplane_generated.yaml | 3 +++ deployment/gcp/flyte_helm_generated.yaml | 3 +++ deployment/sandbox/flyte_helm_generated.yaml | 3 +++ docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 10 files changed, 29 insertions(+), 6 deletions(-) diff --git a/charts/flyte-core/templates/admin/rbac.yaml b/charts/flyte-core/templates/admin/rbac.yaml index 41fedd2f9d..c457c9e8c9 100644 --- a/charts/flyte-core/templates/admin/rbac.yaml +++ b/charts/flyte-core/templates/admin/rbac.yaml @@ -44,5 +44,10 @@ subjects: - kind: ServiceAccount name: {{ template "flyteadmin.name" . }} namespace: {{ template "flyte.namespace" . }} +{{- if and .Values.cluster_resource_manager.enabled .Values.cluster_resource_manager.serviceAccount.create }} +- kind: ServiceAccount + name: {{ template "flyteclusterresourcesync.name" . }} + namespace: {{ template "flyte.namespace" . }} +{{- end }} {{- end }} {{- end }} diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index 238a14cb7d..5b3bb1e281 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -714,6 +714,9 @@ subjects: - kind: ServiceAccount name: flyteadmin namespace: flyte +- kind: ServiceAccount + name: flyteclusterresourcesync + namespace: flyte --- # Source: flyte-core/templates/propeller/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index f665411304..8df733e13e 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -472,6 +472,9 @@ subjects: - kind: ServiceAccount name: flyteadmin namespace: flyte +- kind: ServiceAccount + name: flyteclusterresourcesync + namespace: flyte --- # Source: flyte-core/templates/admin/service.yaml apiVersion: v1 diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index e97ba7e353..5c15408ab9 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -745,6 +745,9 @@ subjects: - kind: ServiceAccount name: flyteadmin namespace: flyte +- kind: ServiceAccount + name: flyteclusterresourcesync + namespace: flyte --- # Source: flyte-core/templates/propeller/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 8a6726fafe..f647ae52f9 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -485,6 +485,9 @@ subjects: - kind: ServiceAccount name: flyteadmin namespace: flyte +- kind: ServiceAccount + name: flyteclusterresourcesync + namespace: flyte --- # Source: flyte-core/templates/admin/service.yaml apiVersion: v1 diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index 06f1f51f41..ba0b11fe44 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -766,6 +766,9 @@ subjects: - kind: ServiceAccount name: flyteadmin namespace: flyte +- kind: ServiceAccount + name: flyteclusterresourcesync + namespace: flyte --- # Source: flyte-core/templates/propeller/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index 8027da71bf..51d668446b 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -5844,6 +5844,9 @@ subjects: - kind: ServiceAccount name: flyteadmin namespace: flyte +- kind: ServiceAccount + name: flyteclusterresourcesync + namespace: flyte --- # Source: flyte/charts/flyte/templates/propeller/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index 0a18e42b33..b46729643e 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -816,7 +816,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: eHMzc0p4bTZoSVVFb1V0Uw== + haSharedSecret: cTJyU1FoblFlSGVGNDVIbQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1412,7 +1412,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 174761d8b2609550a723b808cf0807c0b29cd4d3e1050ee85178a46fbca1a61c + checksum/secret: 7c53c291d4d8875ecdf6f5072888a0a9521a5cb596b0d286eb0d92c38c282143 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 2bdaa4bb4a..12a2461e37 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -796,7 +796,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: OFdhR0JObmY4TkFWd1JaMg== + haSharedSecret: Z0Zmd3RERGZjTGlDeVNHdQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1360,7 +1360,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 71ade407a1350a0e7ee684b637e0a0d15cf511e83431b5466448e1a79da1d275 + checksum/secret: 6412325d0219a370ef734cf7519c3801ce777451cb0fba8089be148c9d979675 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index 0ea904cd28..d5b5a4f5c1 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: b1k1Q0xLa2hkR3doaG9NMg== + haSharedSecret: eTBrZ0E2N2MyTHlrRFI3cg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 7d2c67983dc470228224d912a242b2abcc695e391dc54f755e95dd5b820c7215 + checksum/secret: 0a6583f9a5847a1e190ac95fd96644c7d42b293037225522a8702d34c95e65ca labels: app: docker-registry release: flyte-sandbox