From 44eaba8e059042ff7189b4912970e254e0b88fe0 Mon Sep 17 00:00:00 2001 From: Julian Einhaus Date: Wed, 3 Apr 2024 07:38:02 +0200 Subject: [PATCH] Create separate grpc service for flyteadmin This allows setting annotations that are required for some ingress controllers for grpc communication only on the parts that actually use grpc. Without this separation either the console or the grpc endpoints did not work properly with some ingress controllers, e.g. traefik. Signed-off-by: Julian Einhaus --- .../templates/admin/service-grpc.yaml | 29 +++++++++++++++++++ .../flyte-core/templates/admin/service.yaml | 14 ++++----- .../flyte-core/templates/common/ingress.yaml | 24 +++++++-------- charts/flyte-core/values-gcp.yaml | 8 ++--- ...loak-idp-flyteclients-without-browser.yaml | 2 +- charts/flyte-core/values-sandbox.yaml | 2 +- charts/flyte-core/values.yaml | 7 +++-- 7 files changed, 59 insertions(+), 27 deletions(-) create mode 100644 charts/flyte-core/templates/admin/service-grpc.yaml diff --git a/charts/flyte-core/templates/admin/service-grpc.yaml b/charts/flyte-core/templates/admin/service-grpc.yaml new file mode 100644 index 00000000000..77906627a29 --- /dev/null +++ b/charts/flyte-core/templates/admin/service-grpc.yaml @@ -0,0 +1,29 @@ +{{- if .Values.flyteadmin.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "flyteadmin.name" . }}-grpc + namespace: {{ template "flyte.namespace" . }} + labels: {{ include "flyteadmin.labels" . | nindent 4 }} + annotations: + {{- if .Values.flyteadmin.service.annotations }} + {{ tpl ( .Values.flyteadmin.service.annotations | toYaml ) . | nindent 4 }} + {{- end }} + {{- if .Values.flyteadmin.service.grpcAnnotations }} + {{ tpl ( .Values.flyteadmin.service.grpcAnnotations | toYaml ) . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.flyteadmin.service.type}} + type: {{ . }} + {{- end }} + {{- with .Values.flyteadmin.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ . }} + {{- end }} + ports: + - name: grpc + port: 81 + protocol: TCP + targetPort: 8089 + selector: {{ include "flyteadmin.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/flyte-core/templates/admin/service.yaml b/charts/flyte-core/templates/admin/service.yaml index 577533e48b0..95bdb5ae7d5 100644 --- a/charts/flyte-core/templates/admin/service.yaml +++ b/charts/flyte-core/templates/admin/service.yaml @@ -5,9 +5,13 @@ metadata: name: {{ template "flyteadmin.name" . }} namespace: {{ template "flyte.namespace" . }} labels: {{ include "flyteadmin.labels" . | nindent 4 }} - {{- with .Values.flyteadmin.service.annotations }} - annotations: {{ tpl (toYaml .) $ | nindent 4 }} - {{- end }} + annotations: + {{- if .Values.flyteadmin.service.annotations }} + {{ tpl ( .Values.flyteadmin.service.annotations | toYaml ) . | nindent 4 }} + {{- end }} + {{- if .Values.flyteadmin.service.httpAnnotations }} + {{ tpl ( .Values.flyteadmin.service.httpAnnotations | toYaml ) . | nindent 4 }} + {{- end }} spec: {{- with .Values.flyteadmin.service.type}} type: {{ . }} @@ -21,10 +25,6 @@ spec: port: 80 protocol: TCP targetPort: 8088 - - name: grpc - port: 81 - protocol: TCP - targetPort: 8089 - name: redoc protocol: TCP port: 87 diff --git a/charts/flyte-core/templates/common/ingress.yaml b/charts/flyte-core/templates/common/ingress.yaml index d812f2abe3a..e58073434ff 100644 --- a/charts/flyte-core/templates/common/ingress.yaml +++ b/charts/flyte-core/templates/common/ingress.yaml @@ -8,84 +8,84 @@ pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /grpc.health.v1.Health pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} - path: /grpc.health.v1.Health/* pathType: ImplementationSpecific backend: service: - name: flyteadmin + name: flyteadmin-grpc port: number: {{ $grpcPort }} {{- end }} diff --git a/charts/flyte-core/values-gcp.yaml b/charts/flyte-core/values-gcp.yaml index b402924699a..57b08c0570c 100644 --- a/charts/flyte-core/values-gcp.yaml +++ b/charts/flyte-core/values-gcp.yaml @@ -6,9 +6,9 @@ userSettings: dbHost: dbPassword: # These two storage buckets could be the same or you could specify different buckets if required. Both keys are required. -# Learn more https://docs.flyte.org/en/latest/concepts/data_management.html#understand-how-flyte-handles-data - bucketName: - rawDataBucketName: +# Learn more https://docs.flyte.org/en/latest/concepts/data_management.html#understand-how-flyte-handles-data + bucketName: + rawDataBucketName: hostName: # @@ -35,7 +35,7 @@ flyteadmin: ephemeral-storage: 2Gi memory: 1G service: - annotations: + grpcAnnotations: # Required for the ingress to properly route grpc traffic to grpc port cloud.google.com/app-protocols: '{"grpc":"HTTP2"}' affinity: diff --git a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml index 5b12b7b3f9a..6f2f7ef6c5a 100644 --- a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml +++ b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml @@ -52,7 +52,7 @@ flyteadmin: - flyteexamples # -- Service settings for Flyteadmin service: - annotations: + grpcAnnotations: projectcontour.io/upstream-protocol.h2c: grpc type: ClusterIP loadBalancerSourceRanges: [] diff --git a/charts/flyte-core/values-sandbox.yaml b/charts/flyte-core/values-sandbox.yaml index c0e6d38404d..76abd98b634 100644 --- a/charts/flyte-core/values-sandbox.yaml +++ b/charts/flyte-core/values-sandbox.yaml @@ -3,7 +3,7 @@ flyteadmin: serviceMonitor: enabled: false service: - annotations: + grpcAnnotations: projectcontour.io/upstream-protocol.h2c: grpc type: ClusterIP loadBalancerSourceRanges: [] diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 8b1e4b89d62..d6c03d1fc2c 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -50,8 +50,11 @@ flyteadmin: - flyteexamples # -- Service settings for Flyteadmin service: - annotations: - projectcontour.io/upstream-protocol.h2c: grpc + annotations: {} + httpAnnotations: {} + grpcAnnotations: {} + # projectcontour.io/upstream-protocol.h2c: grpc + # traefik.ingress.kubernetes.io/service.serversscheme: h2c type: ClusterIP loadBalancerSourceRanges: [] # -- Configuration for service accounts for FlyteAdmin