From 0cc1ef0d9b814a1e4e33067824d9979fe09021aa Mon Sep 17 00:00:00 2001 From: gdabisias Date: Fri, 25 Aug 2023 15:43:00 +0200 Subject: [PATCH 1/4] Fix cluster secrets access for flyte-core helm charts when used in multi-cluster setup Signed-off-by: gdabisias --- charts/flyte-core/templates/admin/deployment.yaml | 2 ++ .../templates/clusterresourcesync/deployment.yaml | 6 +++--- deployment/eks/flyte_aws_scheduler_helm_generated.yaml | 2 ++ deployment/eks/flyte_helm_controlplane_generated.yaml | 2 ++ deployment/eks/flyte_helm_generated.yaml | 2 ++ deployment/gcp/flyte_helm_controlplane_generated.yaml | 2 ++ deployment/gcp/flyte_helm_generated.yaml | 2 ++ deployment/sandbox/flyte_helm_generated.yaml | 2 ++ 8 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/flyte-core/templates/admin/deployment.yaml b/charts/flyte-core/templates/admin/deployment.yaml index 97deb99457..81587d1973 100755 --- a/charts/flyte-core/templates/admin/deployment.yaml +++ b/charts/flyte-core/templates/admin/deployment.yaml @@ -72,6 +72,8 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets + - mountPath: /var/run/credentials + name: cluster-secrets {{- end }} - name: generate-secrets image: "{{ .Values.flyteadmin.image.repository }}:{{ .Values.flyteadmin.image.tag }}" diff --git a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml index b89a599ab7..7f3ad78269 100644 --- a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml +++ b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml @@ -41,7 +41,7 @@ spec: name: config-volume {{- if gt (len .Values.configmap.clusters.labelClusterMap) 0 }} - mountPath: /var/run/credentials - name: flyte-admin-secrets + name: cluster-secrets {{- end }} serviceAccountName: {{ .Values.cluster_resource_manager.service_account_name }} {{- if .Values.cluster_resource_manager.resources }} @@ -55,9 +55,9 @@ spec: name: flyte-clusterresourcesync-config name: config-volume {{- if gt (len .Values.configmap.clusters.labelClusterMap) 0 }} - - name: flyte-admin-secrets + - name: cluster-secrets secret: - secretName: flyte-admin-secrets + secretName: cluster-secrets {{- end }} {{- if .Values.cluster_resource_manager.config.cluster_resources.standaloneDeployment }} - name: auth diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index 1d7f38973f..23004e5329 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -912,6 +912,8 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets + - mountPath: /var/run/credentials + name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index 67f3c30ade..98865881a0 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -618,6 +618,8 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets + - mountPath: /var/run/credentials + name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index 1d9d44f45e..ac726f0b0b 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -943,6 +943,8 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets + - mountPath: /var/run/credentials + name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 4f0981d1cd..2fea809bf7 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -633,6 +633,8 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets + - mountPath: /var/run/credentials + name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index c51da57718..1f2e5b8c4c 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -966,6 +966,8 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets + - mountPath: /var/run/credentials + name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index ba20c28212..aa626de336 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -6786,6 +6786,8 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets + - mountPath: /var/run/credentials + name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" From a071bade39bdad80fff042c235a1c3c046a82a09 Mon Sep 17 00:00:00 2001 From: gdabisias Date: Tue, 29 Aug 2023 16:20:34 +0200 Subject: [PATCH 2/4] Fix init container secret Signed-off-by: gdabisias --- charts/flyte-core/templates/admin/deployment.yaml | 4 +++- deployment/eks/flyte_aws_scheduler_helm_generated.yaml | 2 -- deployment/eks/flyte_helm_controlplane_generated.yaml | 2 -- deployment/eks/flyte_helm_generated.yaml | 2 -- deployment/gcp/flyte_helm_controlplane_generated.yaml | 2 -- deployment/gcp/flyte_helm_generated.yaml | 2 -- deployment/sandbox/flyte_helm_generated.yaml | 2 -- 7 files changed, 3 insertions(+), 13 deletions(-) diff --git a/charts/flyte-core/templates/admin/deployment.yaml b/charts/flyte-core/templates/admin/deployment.yaml index 81587d1973..b7cf2a1487 100755 --- a/charts/flyte-core/templates/admin/deployment.yaml +++ b/charts/flyte-core/templates/admin/deployment.yaml @@ -72,8 +72,10 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets + {{- if gt (len .Values.configmap.clusters.labelClusterMap) 0 }} - mountPath: /var/run/credentials - name: cluster-secrets + name: cluster-credentials + {{- end }} {{- end }} - name: generate-secrets image: "{{ .Values.flyteadmin.image.repository }}:{{ .Values.flyteadmin.image.tag }}" diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index 23004e5329..1d7f38973f 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -912,8 +912,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - mountPath: /var/run/credentials - name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index 98865881a0..67f3c30ade 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -618,8 +618,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - mountPath: /var/run/credentials - name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index ac726f0b0b..1d9d44f45e 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -943,8 +943,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - mountPath: /var/run/credentials - name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 2fea809bf7..4f0981d1cd 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -633,8 +633,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - mountPath: /var/run/credentials - name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index 1f2e5b8c4c..c51da57718 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -966,8 +966,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - mountPath: /var/run/credentials - name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index aa626de336..ba20c28212 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -6786,8 +6786,6 @@ spec: name: clusters-config-volume - mountPath: /etc/secrets/ name: admin-secrets - - mountPath: /var/run/credentials - name: cluster-secrets - name: generate-secrets image: "cr.flyte.org/flyteorg/flyteadmin:v1.1.118" imagePullPolicy: "IfNotPresent" From 0e5752ecdcab40538ee62a6957169ec34d964531 Mon Sep 17 00:00:00 2001 From: gdabisias Date: Mon, 18 Sep 2023 14:37:28 +0200 Subject: [PATCH 3/4] Fix secret name Signed-off-by: gdabisias --- charts/flyte-binary/README.md | 1 + charts/flyte-core/README.md | 2 +- charts/flyte-core/templates/clusterresourcesync/deployment.yaml | 2 +- charts/flyte-deps/README.md | 2 +- charts/flyte-sandbox/README.md | 1 + charts/flyte/README.md | 2 +- 6 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/flyte-binary/README.md b/charts/flyte-binary/README.md index 522764e1d6..ac76fb4dfa 100644 --- a/charts/flyte-binary/README.md +++ b/charts/flyte-binary/README.md @@ -190,3 +190,4 @@ Chart for basic single Flyte executable deployment | serviceAccount.imagePullSecrets | list | `[]` | | | serviceAccount.labels | object | `{}` | | | serviceAccount.name | string | `""` | | + diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index e94c5593d7..75740b9702 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -277,4 +277,4 @@ helm install gateway bitnami/contour -n flyte | webhook.serviceAccount.create | bool | `true` | Should a service account be created for the webhook | | webhook.serviceAccount.imagePullSecrets | list | `[]` | ImagePullSecrets to automatically assign to the service account | | workflow_notifications | object | `{"config":{},"enabled":false}` | **Optional Component** Workflow notifications module is an optional dependency. Flyte uses cloud native pub-sub systems to notify users of various events in their workflows | -| workflow_scheduler | object | `{"config":{},"enabled":false,"type":""}` | **Optional Component** Flyte uses a cloud hosted Cron scheduler to run workflows on a schedule. The following module is optional. Without, this module, you will not have scheduled launchplans / workflows. Docs: https://docs.flyte.org/en/latest/howto/enable_and_use_schedules.html#setting-up-scheduled-workflows | \ No newline at end of file +| workflow_scheduler | object | `{"config":{},"enabled":false,"type":""}` | **Optional Component** Flyte uses a cloud hosted Cron scheduler to run workflows on a schedule. The following module is optional. Without, this module, you will not have scheduled launchplans / workflows. Docs: https://docs.flyte.org/en/latest/howto/enable_and_use_schedules.html#setting-up-scheduled-workflows | diff --git a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml index 7f3ad78269..bf13c08080 100644 --- a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml +++ b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml @@ -57,7 +57,7 @@ spec: {{- if gt (len .Values.configmap.clusters.labelClusterMap) 0 }} - name: cluster-secrets secret: - secretName: cluster-secrets + secretName: cluster-credentials {{- end }} {{- if .Values.cluster_resource_manager.config.cluster_resources.standaloneDeployment }} - name: auth diff --git a/charts/flyte-deps/README.md b/charts/flyte-deps/README.md index 4d21e6e18e..0cbf338fed 100644 --- a/charts/flyte-deps/README.md +++ b/charts/flyte-deps/README.md @@ -119,4 +119,4 @@ helm upgrade -f values.yaml flyte . | sparkoperator | object | `{"enabled":false}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | | webhook.enabled | bool | `true` | | -| webhook.service | object | `{"annotations":{"projectcontour.io/upstream-protocol.h2c":"grpc"},"type":"ClusterIP"}` | Service settings for the webhook | \ No newline at end of file +| webhook.service | object | `{"annotations":{"projectcontour.io/upstream-protocol.h2c":"grpc"},"type":"ClusterIP"}` | Service settings for the webhook | diff --git a/charts/flyte-sandbox/README.md b/charts/flyte-sandbox/README.md index 47821a9eac..2196a66bb4 100644 --- a/charts/flyte-sandbox/README.md +++ b/charts/flyte-sandbox/README.md @@ -101,3 +101,4 @@ A Helm chart for the Flyte local sandbox | sandbox.proxy.image.pullPolicy | string | `"Never"` | | | sandbox.proxy.image.repository | string | `"envoyproxy/envoy"` | | | sandbox.proxy.image.tag | string | `"sandbox"` | | + diff --git a/charts/flyte/README.md b/charts/flyte/README.md index 18f7c25fde..41d3ea1264 100644 --- a/charts/flyte/README.md +++ b/charts/flyte/README.md @@ -268,4 +268,4 @@ helm upgrade -f values-sandbox.yaml flyte . | redoc.service | object | `{"type":"ClusterIP"}` | Service settings for Minio | | redoc.tolerations | list | `[]` | tolerations for Minio deployment | | sparkoperator | object | `{"enabled":false}` | Optional: Spark Plugin using the Spark Operator | -| sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | \ No newline at end of file +| sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | From 58ad1d87d4876fcb729d0306091b7926eacf0355 Mon Sep 17 00:00:00 2001 From: gdabisias Date: Fri, 22 Sep 2023 15:35:31 +0200 Subject: [PATCH 4/4] Generalise volume mounting points Signed-off-by: gdabisias --- charts/flyte-core/templates/admin/deployment.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/flyte-core/templates/admin/deployment.yaml b/charts/flyte-core/templates/admin/deployment.yaml index b7cf2a1487..8b6dff34af 100755 --- a/charts/flyte-core/templates/admin/deployment.yaml +++ b/charts/flyte-core/templates/admin/deployment.yaml @@ -73,8 +73,9 @@ spec: - mountPath: /etc/secrets/ name: admin-secrets {{- if gt (len .Values.configmap.clusters.labelClusterMap) 0 }} - - mountPath: /var/run/credentials - name: cluster-credentials + {{- with .Values.flyteadmin.additionalVolumeMounts -}} + {{ tpl (toYaml .) $ | nindent 10 }} + {{- end }} {{- end }} {{- end }} - name: generate-secrets