From 6e415a096babcbb91a9517cba754c3794e55cac6 Mon Sep 17 00:00:00 2001
From: davidmirror-ops <david espejo@union.ai>
Date: Wed, 6 Mar 2024 12:26:09 -0500
Subject: [PATCH 1/5] Add variables to ease separate bucket config

Signed-off-by: davidmirror-ops <david espejo@union.ai>
---
 charts/flyte-core/values-eks.yaml | 7 +++++--
 charts/flyte-core/values-gcp.yaml | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/charts/flyte-core/values-eks.yaml b/charts/flyte-core/values-eks.yaml
index b05cd1f61c..a2a2afd4f6 100644
--- a/charts/flyte-core/values-eks.yaml
+++ b/charts/flyte-core/values-eks.yaml
@@ -4,7 +4,10 @@ userSettings:
   certificateArn: <CERTIFICATE_ARN>
   dbPassword: <DB_PASSWORD>
   rdsHost: <RDS_HOST>
-  bucketName: <BUCKET_NAME>
+# These two storage buckets could be the same or you could specify different buckets if required. Both keys are required.
+# Learn more https://docs.flyte.org/en/latest/concepts/data_management.html#understand-how-flyte-handles-data 
+  bucketName: <METADATA_BUCKET_NAME> 
+  rawDataBucketName: <RAW_DATA_BUCKET_NAME>  
   logGroup: <LOG_GROUP_NAME>
   redisHostUrl: <REDIS_HOST_URL>
   redisHostKey: <REDIS_HOST_KEY>
@@ -238,7 +241,7 @@ configmap:
 
   core:
     propeller:
-      rawoutput-prefix: "s3://{{ .Values.userSettings.bucketName }}/"
+      rawoutput-prefix: "s3://{{ .Values.userSettings.rawDataBucketName }}/"
       workers: 40
       gc-interval: 12h
       max-workflow-retries: 50
diff --git a/charts/flyte-core/values-gcp.yaml b/charts/flyte-core/values-gcp.yaml
index 4051fb23b9..ebe9bbc5af 100644
--- a/charts/flyte-core/values-gcp.yaml
+++ b/charts/flyte-core/values-gcp.yaml
@@ -5,7 +5,10 @@ userSettings:
   googleProjectId: <PROJECT-ID>
   dbHost: <CLOUD-SQL-IP>
   dbPassword: <DBPASSWORD>
-  bucketName: <BUCKETNAME>
+# These two storage buckets could be the same or you could specify different buckets if required. Both keys are required.
+# Learn more https://docs.flyte.org/en/latest/concepts/data_management.html#understand-how-flyte-handles-data 
+  bucketName: <METADATA_BUCKET_NAME> 
+  rawDataBucketName: <RAW_DATA_BUCKET_NAME> 
   hostName: <HOSTNAME>
 
 #
@@ -267,7 +270,7 @@ configmap:
 
   core:
     propeller:
-      rawoutput-prefix: "gs://{{ .Values.userSettings.bucketName }}/"
+      rawoutput-prefix: "gs://{{ .Values.userSettings.rawDataBucketName }}/"
       workers: 40
       gc-interval: 12h
       max-workflow-retries: 50

From 00506b37ef8673f6f5f846b5557cac0c9c99a165 Mon Sep 17 00:00:00 2001
From: davidmirror-ops <david espejo@union.ai>
Date: Wed, 6 Mar 2024 12:56:32 -0500
Subject: [PATCH 2/5] Output of make helm

Signed-off-by: davidmirror-ops <david espejo@union.ai>
---
 .../flyte_aws_scheduler_helm_generated.yaml   |   16 +-
 .../flyte_helm_controlplane_generated.yaml    |   10 +-
 .../eks/flyte_helm_dataplane_generated.yaml   |    8 +-
 deployment/eks/flyte_helm_generated.yaml      |   18 +-
 .../flyte_helm_controlplane_generated.yaml    |   10 +-
 .../gcp/flyte_helm_dataplane_generated.yaml   |    8 +-
 deployment/gcp/flyte_helm_generated.yaml      |   18 +-
 .../sandbox-bundled/manifests/complete.yaml   | 1828 -----------------
 8 files changed, 44 insertions(+), 1872 deletions(-)

diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
index 83c0d249c5..f8068896d4 100644
--- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
+++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
@@ -181,7 +181,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -390,7 +390,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -472,7 +472,7 @@ data:
           rate: 100
           type: bucket
         type: batch
-      rawoutput-prefix: s3://<BUCKET_NAME>/
+      rawoutput-prefix: s3://<RAW_DATA_BUCKET_NAME>/
       workers: 40
       workflow-reeval-duration: 30s
     webhook:
@@ -502,7 +502,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -847,7 +847,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "2b5c85969f2bd85bb51a084f9fd72c20c3aca94be99e53cb4c4e9f78e77ebc5"
+        configChecksum: "f8c197f2b26c6bc2602b8259b392a69949bf5fd53cec34940d79e4ac10071d0"
       labels: 
         app.kubernetes.io/name: flyteadmin
         app.kubernetes.io/instance: flyte
@@ -1165,7 +1165,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "59ef5b555bd41c3e854a315f21031c76dfa876455ff8069b989cb6c28ec1f17"
+        configChecksum: "c2a15ce5dc2fa465986d6006f93450723da58166b3ad5ee35a91cb37d5c39da"
       labels: 
         app.kubernetes.io/name: datacatalog
         app.kubernetes.io/instance: flyte
@@ -1267,7 +1267,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "6f925c4627a6ae0040ea2073d2f5faca3fbfa82c90d90eae474819f23d52212"
+        configChecksum: "caab2bb9bc47011a1dd062ef60bc60db304994153d15661654b2e37d7823f77"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1349,7 +1349,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b1
       annotations:
-        configChecksum: "6f925c4627a6ae0040ea2073d2f5faca3fbfa82c90d90eae474819f23d52212"
+        configChecksum: "caab2bb9bc47011a1dd062ef60bc60db304994153d15661654b2e37d7823f77"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml
index b60694f947..15b4e0c878 100644
--- a/deployment/eks/flyte_helm_controlplane_generated.yaml
+++ b/deployment/eks/flyte_helm_controlplane_generated.yaml
@@ -162,7 +162,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -356,7 +356,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -553,7 +553,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "053b20ebc40227f6ed8ddc61f5997ee7997c604158f773779f20ec61af11a2f"
+        configChecksum: "b4ef4165bf685d7192588d47908b2f286a1ce3b34abc3778dff4b7fce7c95e6"
       labels: 
         app.kubernetes.io/name: flyteadmin
         app.kubernetes.io/instance: flyte
@@ -871,7 +871,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "59ef5b555bd41c3e854a315f21031c76dfa876455ff8069b989cb6c28ec1f17"
+        configChecksum: "c2a15ce5dc2fa465986d6006f93450723da58166b3ad5ee35a91cb37d5c39da"
       labels: 
         app.kubernetes.io/name: datacatalog
         app.kubernetes.io/instance: flyte
@@ -973,7 +973,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "053b20ebc40227f6ed8ddc61f5997ee7997c604158f773779f20ec61af11a2f"
+        configChecksum: "b4ef4165bf685d7192588d47908b2f286a1ce3b34abc3778dff4b7fce7c95e6"
       labels: 
         app.kubernetes.io/name: flytescheduler
         app.kubernetes.io/instance: flyte
diff --git a/deployment/eks/flyte_helm_dataplane_generated.yaml b/deployment/eks/flyte_helm_dataplane_generated.yaml
index 90d327cb9e..3e6edb6de8 100644
--- a/deployment/eks/flyte_helm_dataplane_generated.yaml
+++ b/deployment/eks/flyte_helm_dataplane_generated.yaml
@@ -137,7 +137,7 @@ data:
           rate: 100
           type: bucket
         type: batch
-      rawoutput-prefix: s3://<BUCKET_NAME>/
+      rawoutput-prefix: s3://<RAW_DATA_BUCKET_NAME>/
       workers: 40
       workflow-reeval-duration: 30s
     webhook:
@@ -167,7 +167,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -427,7 +427,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "6f925c4627a6ae0040ea2073d2f5faca3fbfa82c90d90eae474819f23d52212"
+        configChecksum: "caab2bb9bc47011a1dd062ef60bc60db304994153d15661654b2e37d7823f77"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -509,7 +509,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b1
       annotations:
-        configChecksum: "6f925c4627a6ae0040ea2073d2f5faca3fbfa82c90d90eae474819f23d52212"
+        configChecksum: "caab2bb9bc47011a1dd062ef60bc60db304994153d15661654b2e37d7823f77"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml
index 8f34f4f236..151d16f953 100644
--- a/deployment/eks/flyte_helm_generated.yaml
+++ b/deployment/eks/flyte_helm_generated.yaml
@@ -193,7 +193,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -387,7 +387,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -503,7 +503,7 @@ data:
           rate: 100
           type: bucket
         type: batch
-      rawoutput-prefix: s3://<BUCKET_NAME>/
+      rawoutput-prefix: s3://<RAW_DATA_BUCKET_NAME>/
       workers: 40
       workflow-reeval-duration: 30s
     webhook:
@@ -533,7 +533,7 @@ data:
   storage.yaml: | 
     storage:
       type: s3
-      container: "<BUCKET_NAME>"
+      container: "<METADATA_BUCKET_NAME>"
       connection:
         auth-type: iam
         region: <AWS_REGION>
@@ -878,7 +878,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "053b20ebc40227f6ed8ddc61f5997ee7997c604158f773779f20ec61af11a2f"
+        configChecksum: "b4ef4165bf685d7192588d47908b2f286a1ce3b34abc3778dff4b7fce7c95e6"
       labels: 
         app.kubernetes.io/name: flyteadmin
         app.kubernetes.io/instance: flyte
@@ -1196,7 +1196,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "59ef5b555bd41c3e854a315f21031c76dfa876455ff8069b989cb6c28ec1f17"
+        configChecksum: "c2a15ce5dc2fa465986d6006f93450723da58166b3ad5ee35a91cb37d5c39da"
       labels: 
         app.kubernetes.io/name: datacatalog
         app.kubernetes.io/instance: flyte
@@ -1298,7 +1298,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "053b20ebc40227f6ed8ddc61f5997ee7997c604158f773779f20ec61af11a2f"
+        configChecksum: "b4ef4165bf685d7192588d47908b2f286a1ce3b34abc3778dff4b7fce7c95e6"
       labels: 
         app.kubernetes.io/name: flytescheduler
         app.kubernetes.io/instance: flyte
@@ -1397,7 +1397,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "6f925c4627a6ae0040ea2073d2f5faca3fbfa82c90d90eae474819f23d52212"
+        configChecksum: "caab2bb9bc47011a1dd062ef60bc60db304994153d15661654b2e37d7823f77"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1479,7 +1479,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b1
       annotations:
-        configChecksum: "6f925c4627a6ae0040ea2073d2f5faca3fbfa82c90d90eae474819f23d52212"
+        configChecksum: "caab2bb9bc47011a1dd062ef60bc60db304994153d15661654b2e37d7823f77"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml
index 7e0b58b832..e0f66150cb 100644
--- a/deployment/gcp/flyte_helm_controlplane_generated.yaml
+++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml
@@ -170,7 +170,7 @@ data:
           json: ""
           project_id: <PROJECT-ID>
           scopes: https://www.googleapis.com/auth/cloud-platform
-      container: "<BUCKETNAME>"
+      container: "<METADATA_BUCKET_NAME>"
       enable-multicontainer: false
       limits:
         maxDownloadMBs: 10
@@ -372,7 +372,7 @@ data:
           json: ""
           project_id: <PROJECT-ID>
           scopes: https://www.googleapis.com/auth/cloud-platform
-      container: "<BUCKETNAME>"
+      container: "<METADATA_BUCKET_NAME>"
       enable-multicontainer: false
       limits:
         maxDownloadMBs: 10
@@ -568,7 +568,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
+        configChecksum: "a9253bcb4c6383ad4113db0325b54cfe6069d9f27ceaa3b1baf68ba7ead5c67"
       labels: 
         app.kubernetes.io/name: flyteadmin
         app.kubernetes.io/instance: flyte
@@ -886,7 +886,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "bc69ed841506b28a42ac19bd0884d483472b3d11fe85fe7e546b879aeb30a85"
+        configChecksum: "905a2a911a85dbf8d4f1dc3be24b9c4fd7bb46481db0e174274d6aea6129b4c"
       labels: 
         app.kubernetes.io/name: datacatalog
         app.kubernetes.io/instance: flyte
@@ -988,7 +988,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
+        configChecksum: "a9253bcb4c6383ad4113db0325b54cfe6069d9f27ceaa3b1baf68ba7ead5c67"
       labels: 
         app.kubernetes.io/name: flytescheduler
         app.kubernetes.io/instance: flyte
diff --git a/deployment/gcp/flyte_helm_dataplane_generated.yaml b/deployment/gcp/flyte_helm_dataplane_generated.yaml
index d19a4d48c4..56761d3ea3 100644
--- a/deployment/gcp/flyte_helm_dataplane_generated.yaml
+++ b/deployment/gcp/flyte_helm_dataplane_generated.yaml
@@ -137,7 +137,7 @@ data:
           rate: 100
           type: bucket
         type: batch
-      rawoutput-prefix: gs://<BUCKETNAME>/
+      rawoutput-prefix: gs://<RAW_DATA_BUCKET_NAME>/
       workers: 40
       workflow-reeval-duration: 30s
     webhook:
@@ -173,7 +173,7 @@ data:
           json: ""
           project_id: <PROJECT-ID>
           scopes: https://www.googleapis.com/auth/cloud-platform
-      container: "<BUCKETNAME>"
+      container: "<METADATA_BUCKET_NAME>"
       enable-multicontainer: false
       limits:
         maxDownloadMBs: 10
@@ -435,7 +435,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "9c6856d58b3168a752486076eccbc6783bbb94d62b47139c6cab6e1fe12174c"
+        configChecksum: "20a71f9f307180510d3819f93c59265686f346e4468706c510450b8c8c0d205"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -516,7 +516,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b1
       annotations:
-        configChecksum: "9c6856d58b3168a752486076eccbc6783bbb94d62b47139c6cab6e1fe12174c"
+        configChecksum: "20a71f9f307180510d3819f93c59265686f346e4468706c510450b8c8c0d205"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml
index 5b8757459c..6715f3ee9a 100644
--- a/deployment/gcp/flyte_helm_generated.yaml
+++ b/deployment/gcp/flyte_helm_generated.yaml
@@ -201,7 +201,7 @@ data:
           json: ""
           project_id: <PROJECT-ID>
           scopes: https://www.googleapis.com/auth/cloud-platform
-      container: "<BUCKETNAME>"
+      container: "<METADATA_BUCKET_NAME>"
       enable-multicontainer: false
       limits:
         maxDownloadMBs: 10
@@ -403,7 +403,7 @@ data:
           json: ""
           project_id: <PROJECT-ID>
           scopes: https://www.googleapis.com/auth/cloud-platform
-      container: "<BUCKETNAME>"
+      container: "<METADATA_BUCKET_NAME>"
       enable-multicontainer: false
       limits:
         maxDownloadMBs: 10
@@ -516,7 +516,7 @@ data:
           rate: 100
           type: bucket
         type: batch
-      rawoutput-prefix: gs://<BUCKETNAME>/
+      rawoutput-prefix: gs://<RAW_DATA_BUCKET_NAME>/
       workers: 40
       workflow-reeval-duration: 30s
     webhook:
@@ -552,7 +552,7 @@ data:
           json: ""
           project_id: <PROJECT-ID>
           scopes: https://www.googleapis.com/auth/cloud-platform
-      container: "<BUCKETNAME>"
+      container: "<METADATA_BUCKET_NAME>"
       enable-multicontainer: false
       limits:
         maxDownloadMBs: 10
@@ -901,7 +901,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
+        configChecksum: "a9253bcb4c6383ad4113db0325b54cfe6069d9f27ceaa3b1baf68ba7ead5c67"
       labels: 
         app.kubernetes.io/name: flyteadmin
         app.kubernetes.io/instance: flyte
@@ -1219,7 +1219,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "bc69ed841506b28a42ac19bd0884d483472b3d11fe85fe7e546b879aeb30a85"
+        configChecksum: "905a2a911a85dbf8d4f1dc3be24b9c4fd7bb46481db0e174274d6aea6129b4c"
       labels: 
         app.kubernetes.io/name: datacatalog
         app.kubernetes.io/instance: flyte
@@ -1321,7 +1321,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "2e169a911a8234dd42d06ca0887279093f4ed36033d0543749ce126b26b50f3"
+        configChecksum: "a9253bcb4c6383ad4113db0325b54cfe6069d9f27ceaa3b1baf68ba7ead5c67"
       labels: 
         app.kubernetes.io/name: flytescheduler
         app.kubernetes.io/instance: flyte
@@ -1420,7 +1420,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "9c6856d58b3168a752486076eccbc6783bbb94d62b47139c6cab6e1fe12174c"
+        configChecksum: "20a71f9f307180510d3819f93c59265686f346e4468706c510450b8c8c0d205"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1501,7 +1501,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b1
       annotations:
-        configChecksum: "9c6856d58b3168a752486076eccbc6783bbb94d62b47139c6cab6e1fe12174c"
+        configChecksum: "20a71f9f307180510d3819f93c59265686f346e4468706c510450b8c8c0d205"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml
index 36aca312f3..e69de29bb2 100644
--- a/docker/sandbox-bundled/manifests/complete.yaml
+++ b/docker/sandbox-bundled/manifests/complete.yaml
@@ -1,1828 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: flyte
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox
-  namespace: flyte
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
----
-apiVersion: v1
-automountServiceAccountToken: true
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: minio
-    helm.sh/chart: minio-12.6.7
-  name: flyte-sandbox-minio
-  namespace: flyte
-secrets:
-- name: flyte-sandbox-minio
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
-rules:
-- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-key-holder
-  - kubernetes-dashboard-certs
-  - kubernetes-dashboard-csrf
-  resources:
-  - secrets
-  verbs:
-  - get
-  - update
-  - delete
-- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-settings
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - update
-- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - dashboard-metrics-scraper
-  resources:
-  - services
-  verbs:
-  - proxy
-- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - 'http:heapster:'
-  - 'https:heapster:'
-  - dashboard-metrics-scraper
-  - http:dashboard-metrics-scraper
-  resources:
-  - services/proxy
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-cluster-role
-  namespace: flyte
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - resourcequotas
-  - secrets
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - delete
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - podtemplates
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - flyte.lyft.com
-  resources:
-  - flyteworkflows
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - post
-  - update
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - create
-  - get
-  - list
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - mutatingwebhookconfigurations
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-- apiGroups:
-  - '*'
-  resources:
-  - '*'
-  verbs:
-  - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard-readonly
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - endpoints
-  - persistentvolumeclaims
-  - pods
-  - replicationcontrollers
-  - replicationcontrollers/scale
-  - serviceaccounts
-  - services
-  - nodes
-  - persistentvolumeclaims
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - bindings
-  - events
-  - limitranges
-  - namespaces/status
-  - pods/log
-  - pods/status
-  - replicationcontrollers/status
-  - resourcequotas
-  - resourcequotas/status
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - daemonsets
-  - deployments
-  - deployments/scale
-  - replicasets
-  - replicasets/scale
-  - statefulsets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - autoscaling
-  resources:
-  - horizontalpodautoscalers
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - batch
-  resources:
-  - cronjobs
-  - jobs
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - extensions
-  resources:
-  - daemonsets
-  - deployments
-  - deployments/scale
-  - ingresses
-  - networkpolicies
-  - replicasets
-  - replicasets/scale
-  - replicationcontrollers/scale
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - policy
-  resources:
-  - poddisruptionbudgets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - networkpolicies
-  - ingresses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - storageclasses
-  - volumeattachments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterrolebindings
-  - clusterroles
-  - roles
-  - rolebindings
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: flyte-sandbox-kubernetes-dashboard
-subjects:
-- kind: ServiceAccount
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-cluster-role-binding
-  namespace: flyte
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: flyte-sandbox-cluster-role
-subjects:
-- kind: ServiceAccount
-  name: flyte-sandbox
-  namespace: flyte
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard-readonly
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: flyte-sandbox-kubernetes-dashboard-readonly
-subjects:
-- kind: ServiceAccount
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
----
-apiVersion: v1
-data:
-  namespace.yaml: |
-    apiVersion: v1
-    kind: Namespace
-    metadata:
-      name: '{{ namespace }}'
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-cluster-resource-templates
-  namespace: flyte
----
-apiVersion: v1
-data:
-  000-core.yaml: |
-    admin:
-      endpoint: localhost:8089
-      insecure: true
-    catalog-cache:
-      endpoint: localhost:8081
-      insecure: true
-      type: datacatalog
-    cluster_resources:
-      standaloneDeployment: false
-      templatePath: /etc/flyte/cluster-resource-templates
-    logger:
-      show-source: true
-      level: 5
-    propeller:
-      create-flyteworkflow-crd: true
-    webhook:
-      certDir: /var/run/flyte/certs
-      localCert: true
-      secretName: flyte-sandbox-webhook-secret
-      serviceName: flyte-sandbox-webhook
-      servicePort: 443
-    flyte:
-      admin:
-        disableClusterResourceManager: false
-        disableScheduler: false
-        disabled: false
-        seedProjects:
-        - flytesnacks
-      dataCatalog:
-        disabled: false
-      propeller:
-        disableWebhook: false
-        disabled: false
-  001-plugins.yaml: |
-    tasks:
-      task-plugins:
-        default-for-task-types:
-          container: container
-          container_array: k8s-array
-          sidecar: sidecar
-        enabled-plugins:
-        - container
-        - sidecar
-        - k8s-array
-        - agent-service
-    plugins:
-      logs:
-        kubernetes-enabled: true
-        kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }}
-        cloudwatch-enabled: false
-        stackdriver-enabled: false
-      k8s:
-        co-pilot:
-          image: "cr.flyte.org/flyteorg/flytecopilot:v1.11.0-b1"
-      k8s-array:
-        logs:
-          config:
-            kubernetes-enabled: true
-            kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }}
-            cloudwatch-enabled: false
-            stackdriver-enabled: false
-  002-database.yaml: |
-    database:
-      postgres:
-        username: postgres
-        host: flyte-sandbox-postgresql
-        port: 5432
-        dbname: flyte
-        options: "sslmode=disable"
-  003-storage.yaml: |
-    propeller:
-      rawoutput-prefix: s3://my-s3-bucket/data
-    storage:
-      type: stow
-      stow:
-        kind: s3
-        config:
-          region: us-east-1
-          disable_ssl: true
-          v2_signing: true
-          endpoint: http://flyte-sandbox-minio.flyte:9000
-          auth_type: accesskey
-      container: my-s3-bucket
-  100-inline-config.yaml: |
-    plugins:
-      k8s:
-        default-env-vars:
-        - FLYTE_AWS_ENDPOINT: http://flyte-sandbox-minio.flyte:9000
-        - FLYTE_AWS_ACCESS_KEY_ID: minio
-        - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage
-    storage:
-      signedURL:
-        stowConfigOverride:
-          endpoint: http://localhost:30002
-    task_resources:
-      defaults:
-        cpu: 500m
-        ephemeralStorage: 0
-        gpu: 0
-        memory: 1Gi
-      limits:
-        cpu: 0
-        ephemeralStorage: 0
-        gpu: 0
-        memory: 0
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-config
-  namespace: flyte
----
-apiVersion: v1
-data:
-  config.yml: |-
-    health:
-      storagedriver:
-        enabled: true
-        interval: 10s
-        threshold: 3
-    http:
-      addr: :5000
-      debug:
-        addr: :5001
-        prometheus:
-          enabled: false
-          path: /metrics
-      headers:
-        X-Content-Type-Options:
-        - nosniff
-    log:
-      fields:
-        service: registry
-    storage:
-      cache:
-        blobdescriptor: inmemory
-    version: 0.1
-kind: ConfigMap
-metadata:
-  labels:
-    app: docker-registry
-    chart: docker-registry-2.2.2
-    heritage: Helm
-    release: flyte-sandbox
-  name: flyte-sandbox-docker-registry-config
-  namespace: flyte
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: flyte-sandbox-extra-cluster-resource-templates
-  namespace: flyte
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: flyte-sandbox-extra-config
-  namespace: flyte
----
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-        access_log_path: /dev/stdout
-    static_resources:
-        listeners:
-            - address:
-                  socket_address:
-                      address: 0.0.0.0
-                      port_value: 8000
-              filter_chains:
-                  - filters:
-                        - name: envoy.filters.network.http_connection_manager
-                          typed_config:
-                              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                              stat_prefix: ingress_http
-                              codec_type: AUTO
-                              upgrade_configs:
-                                  - upgrade_type: websocket
-                              route_config:
-                                  name: local_route
-                                  virtual_hosts:
-                                      - name: backend
-                                        domains:
-                                            - "*"
-                                        routes:
-                                            - match:
-                                                  path: "/"
-                                              redirect:
-                                                  path_redirect: "/console/"
-                                            - match:
-                                                  prefix: "/.well-known"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/__webpack_hmr"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/api"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/callback"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/config"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/console"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/healthcheck"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/login"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/logout"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/me"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/oauth2"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/v1"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/flyteidl.service.AdminService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/flyteidl.service.AuthMetadataService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/flyteidl.service.DataProxyService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/flyteidl.service.IdentityService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/grpc.health.v1.Health"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/flyteidl.service.SignalService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  path: "/kubernetes-dashboard"
-                                              redirect:
-                                                  path_redirect: "/kubernetes-dashboard/"
-                                            - match:
-                                                  prefix: "/kubernetes-dashboard/"
-                                              route:
-                                                  cluster: kubernetes-dashboard
-                                                  prefix_rewrite: /
-                                            - match:
-                                                  path: "/minio"
-                                              redirect:
-                                                  path_redirect: "/minio/"
-                                            - match:
-                                                  prefix: "/minio/"
-                                              route:
-                                                  cluster: minio
-                                                  prefix_rewrite: /
-                              http_filters:
-                                  - name: envoy.filters.http.router
-                                    typed_config:
-                                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-        clusters:
-            - name: flyte
-              connect_timeout: 0.25s
-              type: STRICT_DNS
-              lb_policy: ROUND_ROBIN
-              load_assignment:
-                  cluster_name: flyte
-                  endpoints:
-                      - lb_endpoints:
-                            - endpoint:
-                                  address:
-                                      socket_address:
-                                          address: flyte-sandbox-http
-                                          port_value: 8088
-            - name: flyte_grpc
-              connect_timeout: 0.25s
-              type: STRICT_DNS
-              lb_policy: ROUND_ROBIN
-              http2_protocol_options: {}
-              load_assignment:
-                  cluster_name: flyte_grpc
-                  endpoints:
-                      - lb_endpoints:
-                            - endpoint:
-                                  address:
-                                      socket_address:
-                                          address: flyte-sandbox-grpc
-                                          port_value: 8089
-            - name: kubernetes-dashboard
-              connect_timeout: 0.25s
-              type: STRICT_DNS
-              lb_policy: ROUND_ROBIN
-              load_assignment:
-                  cluster_name: kubernetes-dashboard
-                  endpoints:
-                      - lb_endpoints:
-                            - endpoint:
-                                  address:
-                                      socket_address:
-                                          address: flyte-sandbox-kubernetes-dashboard
-                                          port_value: 80
-            - name: minio
-              connect_timeout: 0.25s
-              type: STRICT_DNS
-              lb_policy: ROUND_ROBIN
-              load_assignment:
-                  cluster_name: minio
-                  endpoints:
-                      - lb_endpoints:
-                            - endpoint:
-                                  address:
-                                      socket_address:
-                                          address: flyte-sandbox-minio
-                                          port_value: 9001
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-proxy-config
-  namespace: flyte
----
-apiVersion: v1
-data: null
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-settings
-  namespace: flyte
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-config-secret
-  namespace: flyte
-stringData:
-  012-database-secrets.yaml: |
-    database:
-      postgres:
-        password: "postgres"
-  013-storage-secrets.yaml: |
-    storage:
-      stow:
-        config:
-          access_key_id: "minio"
-          secret_key: "miniostorage"
-type: Opaque
----
-apiVersion: v1
-data:
-  haSharedSecret: QVo4T0pQZmZLcFZmNjIyNQ==
-  proxyPassword: ""
-  proxyUsername: ""
-kind: Secret
-metadata:
-  labels:
-    app: docker-registry
-    chart: docker-registry-2.2.2
-    heritage: Helm
-    release: flyte-sandbox
-  name: flyte-sandbox-docker-registry-secret
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard-certs
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-data:
-  root-password: bWluaW9zdG9yYWdl
-  root-user: bWluaW8=
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: minio
-    helm.sh/chart: minio-12.6.7
-  name: flyte-sandbox-minio
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-data:
-  postgres-password: cG9zdGdyZXM=
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: postgresql
-    helm.sh/chart: postgresql-12.8.1
-  name: flyte-sandbox-postgresql
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-csrf
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-key-holder
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: docker-registry
-    chart: docker-registry-2.2.2
-    heritage: Helm
-    release: flyte-sandbox
-  name: flyte-sandbox-docker-registry
-  namespace: flyte
-spec:
-  ports:
-  - name: http-5000
-    nodePort: 30000
-    port: 5000
-    protocol: TCP
-    targetPort: 5000
-  selector:
-    app: docker-registry
-    release: flyte-sandbox
-  type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-grpc
-  namespace: flyte
-spec:
-  ports:
-  - name: grpc
-    nodePort: null
-    port: 8089
-    targetPort: grpc
-  selector:
-    app.kubernetes.io/component: flyte-binary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: flyte-sandbox
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-http
-  namespace: flyte
-spec:
-  ports:
-  - name: http
-    nodePort: null
-    port: 8088
-    targetPort: http
-  selector:
-    app.kubernetes.io/component: flyte-binary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: flyte-sandbox
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-    kubernetes.io/cluster-service: "true"
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
-spec:
-  ports:
-  - name: http
-    port: 80
-    targetPort: http
-  selector:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: kubernetes-dashboard
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: minio
-    helm.sh/chart: minio-12.6.7
-  name: flyte-sandbox-minio
-  namespace: flyte
-spec:
-  externalTrafficPolicy: Cluster
-  ports:
-  - name: minio-api
-    nodePort: 30002
-    port: 9000
-    targetPort: minio-api
-  - name: minio-console
-    port: 9001
-    targetPort: minio-console
-  selector:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: minio
-  type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: postgresql
-    helm.sh/chart: postgresql-12.8.1
-  name: flyte-sandbox-postgresql
-  namespace: flyte
-spec:
-  externalTrafficPolicy: Cluster
-  ports:
-  - name: tcp-postgresql
-    nodePort: 30001
-    port: 5432
-    targetPort: tcp-postgresql
-  selector:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: postgresql
-  sessionAffinity: None
-  type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: postgresql
-    helm.sh/chart: postgresql-12.8.1
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-  name: flyte-sandbox-postgresql-hl
-  namespace: flyte
-spec:
-  clusterIP: None
-  ports:
-  - name: tcp-postgresql
-    port: 5432
-    targetPort: tcp-postgresql
-  publishNotReadyAddresses: true
-  selector:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: postgresql
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-proxy
-  namespace: flyte
-spec:
-  ports:
-  - name: http
-    nodePort: 30080
-    port: 8000
-    protocol: TCP
-  selector:
-    app.kubernetes.io/component: proxy
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: flyte-sandbox
-  type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-webhook
-  namespace: flyte
-spec:
-  ports:
-  - name: webhook
-    port: 443
-    targetPort: webhook
-  selector:
-    app.kubernetes.io/component: flyte-binary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: flyte-sandbox
-  type: ClusterIP
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-db-storage
-  namespace: flyte
-spec:
-  accessModes:
-  - ReadWriteOnce
-  capacity:
-    storage: 1Gi
-  hostPath:
-    path: /var/lib/flyte/storage/db
-  storageClassName: manual
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-minio-storage
-  namespace: flyte
-spec:
-  accessModes:
-  - ReadWriteOnce
-  capacity:
-    storage: 1Gi
-  hostPath:
-    path: /var/lib/flyte/storage/minio
-  storageClassName: manual
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-db-storage
-  namespace: flyte
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: manual
-  volumeName: flyte-sandbox-db-storage
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-minio-storage
-  namespace: flyte
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: manual
-  volumeName: flyte-sandbox-minio-storage
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: flyte-binary
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: flyte-sandbox
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      annotations:
-        checksum/cluster-resource-templates: 6fd9b172465e3089fcc59f738b92b8dc4d8939360c19de8ee65f68b0e7422035
-        checksum/configuration: 1362bc266b00c161aac0a24f7db312b9d6b9e68d7d8d8859ec8e171b9dc3e2bd
-        checksum/configuration-secret: 09216ffaa3d29e14f88b1f30af580d02a2a5e014de4d750b7f275cc07ed4e914
-      labels:
-        app.kubernetes.io/component: flyte-binary
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/name: flyte-sandbox
-    spec:
-      containers:
-      - args:
-        - start
-        - --config
-        - /etc/flyte/config.d/*.yaml
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        image: flyte-binary:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          httpGet:
-            path: /healthcheck
-            port: http
-          initialDelaySeconds: 30
-        name: flyte
-        ports:
-        - containerPort: 8088
-          name: http
-        - containerPort: 8089
-          name: grpc
-        - containerPort: 9443
-          name: webhook
-        readinessProbe:
-          httpGet:
-            path: /healthcheck
-            port: http
-          initialDelaySeconds: 30
-        volumeMounts:
-        - mountPath: /etc/flyte/cluster-resource-templates
-          name: cluster-resource-templates
-        - mountPath: /etc/flyte/config.d
-          name: config
-        - mountPath: /var/run/flyte
-          name: state
-      initContainers:
-      - args:
-        - |
-          until pg_isready \
-            -h flyte-sandbox-postgresql \
-            -p 5432 \
-            -U postgres
-          do
-            echo waiting for database
-            sleep 0.1
-          done
-        command:
-        - sh
-        - -ec
-        image: bitnami/postgresql:sandbox
-        imagePullPolicy: Never
-        name: wait-for-db
-      serviceAccountName: flyte-sandbox
-      volumes:
-      - name: cluster-resource-templates
-        projected:
-          sources:
-          - configMap:
-              name: flyte-sandbox-cluster-resource-templates
-          - configMap:
-              name: flyte-sandbox-extra-cluster-resource-templates
-      - name: config
-        projected:
-          sources:
-          - configMap:
-              name: flyte-sandbox-config
-          - secret:
-              name: flyte-sandbox-config-secret
-          - configMap:
-              name: flyte-sandbox-extra-config
-      - emptyDir: {}
-        name: state
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-buildkit
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: buildkit
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: flyte-sandbox
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: buildkit
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/name: flyte-sandbox
-    spec:
-      containers:
-      - args:
-        - --addr
-        - unix:///run/buildkit/buildkitd.sock
-        - --addr
-        - tcp://0.0.0.0:30003
-        image: moby/buildkit:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          exec:
-            command:
-            - buildctl
-            - debug
-            - workers
-          initialDelaySeconds: 5
-          periodSeconds: 30
-        name: buildkit
-        ports:
-        - containerPort: 30003
-          name: tcp
-          protocol: TCP
-        readinessProbe:
-          exec:
-            command:
-            - buildctl
-            - debug
-            - workers
-          initialDelaySeconds: 5
-          periodSeconds: 30
-        securityContext:
-          privileged: true
-      dnsPolicy: ClusterFirstWithHostNet
-      hostNetwork: true
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: docker-registry
-    chart: docker-registry-2.2.2
-    heritage: Helm
-    release: flyte-sandbox
-  name: flyte-sandbox-docker-registry
-  namespace: flyte
-spec:
-  minReadySeconds: 5
-  replicas: 1
-  selector:
-    matchLabels:
-      app: docker-registry
-      release: flyte-sandbox
-  template:
-    metadata:
-      annotations:
-        checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: f5e2b9fbf28a7d7815a094f72366cac395bd0aacd7890faa07e80ec700770fc5
-      labels:
-        app: docker-registry
-        release: flyte-sandbox
-    spec:
-      containers:
-      - command:
-        - /bin/registry
-        - serve
-        - /etc/docker/registry/config.yml
-        env:
-        - name: REGISTRY_HTTP_SECRET
-          valueFrom:
-            secretKeyRef:
-              key: haSharedSecret
-              name: flyte-sandbox-docker-registry-secret
-        - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
-          value: /var/lib/registry
-        image: registry:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 5000
-        name: docker-registry
-        ports:
-        - containerPort: 5000
-        readinessProbe:
-          httpGet:
-            path: /
-            port: 5000
-        resources: {}
-        volumeMounts:
-        - mountPath: /etc/docker/registry
-          name: flyte-sandbox-docker-registry-config
-        - mountPath: /var/lib/registry/
-          name: data
-      securityContext:
-        fsGroup: 1000
-        runAsUser: 1000
-      volumes:
-      - configMap:
-          name: flyte-sandbox-docker-registry-config
-        name: flyte-sandbox-docker-registry-config
-      - emptyDir: {}
-        name: data
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: kubernetes-dashboard
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: kubernetes-dashboard
-  strategy:
-    rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 1
-    type: RollingUpdate
-  template:
-    metadata:
-      annotations: null
-      labels:
-        app.kubernetes.io/component: kubernetes-dashboard
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.7.0
-        helm.sh/chart: kubernetes-dashboard-6.0.0
-    spec:
-      containers:
-      - args:
-        - --namespace=flyte
-        - --metrics-provider=none
-        - --enable-insecure-login
-        - --enable-skip-login
-        image: kubernetesui/dashboard:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 9090
-            scheme: HTTP
-          initialDelaySeconds: 30
-          timeoutSeconds: 30
-        name: kubernetes-dashboard
-        ports:
-        - containerPort: 9090
-          name: http
-          protocol: TCP
-        resources:
-          limits:
-            cpu: 2
-            memory: 200Mi
-          requests:
-            cpu: 100m
-            memory: 200Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 2001
-          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /certs
-          name: kubernetes-dashboard-certs
-        - mountPath: /tmp
-          name: tmp-volume
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: flyte-sandbox-kubernetes-dashboard
-      volumes:
-      - name: kubernetes-dashboard-certs
-        secret:
-          secretName: flyte-sandbox-kubernetes-dashboard-certs
-      - emptyDir: {}
-        name: tmp-volume
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: minio
-    helm.sh/chart: minio-12.6.7
-  name: flyte-sandbox-minio
-  namespace: flyte
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: minio
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      annotations:
-        checksum/credentials-secret: ecce809e3af19025d134846a9a81e163dd41df7e26abf2c6657895d9d13607a9
-      labels:
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: minio
-        helm.sh/chart: minio-12.6.7
-    spec:
-      affinity:
-        nodeAffinity: null
-        podAffinity: null
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchLabels:
-                  app.kubernetes.io/instance: flyte-sandbox
-                  app.kubernetes.io/name: minio
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      containers:
-      - env:
-        - name: BITNAMI_DEBUG
-          value: "false"
-        - name: MINIO_SCHEME
-          value: http
-        - name: MINIO_FORCE_NEW_KEYS
-          value: "no"
-        - name: MINIO_ROOT_USER
-          valueFrom:
-            secretKeyRef:
-              key: root-user
-              name: flyte-sandbox-minio
-        - name: MINIO_ROOT_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: root-password
-              name: flyte-sandbox-minio
-        - name: MINIO_DEFAULT_BUCKETS
-          value: my-s3-bucket
-        - name: MINIO_BROWSER
-          value: "on"
-        - name: MINIO_PROMETHEUS_AUTH_TYPE
-          value: public
-        - name: MINIO_CONSOLE_PORT_NUMBER
-          value: "9001"
-        - name: MINIO_BROWSER_REDIRECT_URL
-          value: http://localhost:30080/minio
-        envFrom: null
-        image: docker.io/bitnami/minio:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          failureThreshold: 5
-          httpGet:
-            path: /minio/health/live
-            port: minio-api
-            scheme: HTTP
-          initialDelaySeconds: 5
-          periodSeconds: 5
-          successThreshold: 1
-          timeoutSeconds: 5
-        name: minio
-        ports:
-        - containerPort: 9000
-          name: minio-api
-          protocol: TCP
-        - containerPort: 9001
-          name: minio-console
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 5
-          initialDelaySeconds: 5
-          periodSeconds: 5
-          successThreshold: 1
-          tcpSocket:
-            port: minio-api
-          timeoutSeconds: 1
-        resources:
-          limits: {}
-          requests: {}
-        securityContext:
-          runAsNonRoot: true
-          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /data
-          name: data
-      initContainers:
-      - command:
-        - /bin/bash
-        - -ec
-        - |
-          chown -R 1001:1001 /data
-        image: docker.io/bitnami/os-shell:sandbox
-        imagePullPolicy: Never
-        name: volume-permissions
-        resources:
-          limits: {}
-          requests: {}
-        securityContext:
-          runAsUser: 0
-        volumeMounts:
-        - mountPath: /data
-          name: data
-      securityContext:
-        fsGroup: 1001
-      serviceAccountName: flyte-sandbox-minio
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: flyte-sandbox-minio-storage
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-proxy
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: proxy
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: flyte-sandbox
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: proxy
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/name: flyte-sandbox
-    spec:
-      containers:
-      - image: envoyproxy/envoy:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          initialDelaySeconds: 30
-          tcpSocket:
-            port: http
-        name: proxy
-        ports:
-        - containerPort: 8000
-          name: http
-        readinessProbe:
-          tcpSocket:
-            port: http
-        volumeMounts:
-        - mountPath: /etc/envoy
-          name: config
-      volumes:
-      - configMap:
-          name: flyte-sandbox-proxy-config
-        name: config
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  labels:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: postgresql
-    helm.sh/chart: postgresql-12.8.1
-  name: flyte-sandbox-postgresql
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: primary
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: postgresql
-  serviceName: flyte-sandbox-postgresql-hl
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: primary
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: postgresql
-        helm.sh/chart: postgresql-12.8.1
-      name: flyte-sandbox-postgresql
-    spec:
-      affinity:
-        nodeAffinity: null
-        podAffinity: null
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchLabels:
-                  app.kubernetes.io/component: primary
-                  app.kubernetes.io/instance: flyte-sandbox
-                  app.kubernetes.io/name: postgresql
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      containers:
-      - env:
-        - name: BITNAMI_DEBUG
-          value: "false"
-        - name: POSTGRESQL_PORT_NUMBER
-          value: "5432"
-        - name: POSTGRESQL_VOLUME_DIR
-          value: /bitnami/postgresql
-        - name: PGDATA
-          value: /bitnami/postgresql/data
-        - name: POSTGRES_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: postgres-password
-              name: flyte-sandbox-postgresql
-        - name: POSTGRESQL_ENABLE_LDAP
-          value: "no"
-        - name: POSTGRESQL_ENABLE_TLS
-          value: "no"
-        - name: POSTGRESQL_LOG_HOSTNAME
-          value: "false"
-        - name: POSTGRESQL_LOG_CONNECTIONS
-          value: "false"
-        - name: POSTGRESQL_LOG_DISCONNECTIONS
-          value: "false"
-        - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
-          value: "off"
-        - name: POSTGRESQL_CLIENT_MIN_MESSAGES
-          value: error
-        - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
-          value: pgaudit
-        image: docker.io/bitnami/postgresql:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
-          failureThreshold: 6
-          initialDelaySeconds: 30
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 5
-        name: postgresql
-        ports:
-        - containerPort: 5432
-          name: tcp-postgresql
-        readinessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - -e
-            - |
-              exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
-              [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
-          failureThreshold: 6
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 5
-        resources:
-          limits: {}
-          requests:
-            cpu: 250m
-            memory: 256Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          runAsGroup: 0
-          runAsNonRoot: true
-          runAsUser: 1001
-          seccompProfile:
-            type: RuntimeDefault
-        volumeMounts:
-        - mountPath: /bitnami/postgresql
-          name: data
-      hostIPC: false
-      hostNetwork: false
-      initContainers:
-      - command:
-        - /bin/sh
-        - -ec
-        - |
-          chown 1001:1001 /bitnami/postgresql
-          mkdir -p /bitnami/postgresql/data
-          chmod 700 /bitnami/postgresql/data
-          find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \
-            xargs -r chown -R 1001:1001
-        image: docker.io/bitnami/os-shell:sandbox
-        imagePullPolicy: Never
-        name: init-chmod-data
-        resources:
-          limits: {}
-          requests: {}
-        securityContext:
-          runAsGroup: 0
-          runAsNonRoot: false
-          runAsUser: 0
-          seccompProfile:
-            type: RuntimeDefault
-        volumeMounts:
-        - mountPath: /bitnami/postgresql
-          name: data
-      securityContext:
-        fsGroup: 1001
-      serviceAccountName: default
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: flyte-sandbox-db-storage
-  updateStrategy:
-    rollingUpdate: {}
-    type: RollingUpdate

From cbcded1c570b2eab4785bfa4522ffc4e0e545056 Mon Sep 17 00:00:00 2001
From: davidmirror-ops <david espejo@union.ai>
Date: Wed, 13 Mar 2024 12:54:23 -0500
Subject: [PATCH 3/5] Make Helm 3rd round

Signed-off-by: davidmirror-ops <david espejo@union.ai>
---
 .../flyte_aws_scheduler_helm_generated.yaml   |    4 +-
 .../eks/flyte_helm_dataplane_generated.yaml   |    4 +-
 deployment/eks/flyte_helm_generated.yaml      |    4 +-
 .../gcp/flyte_helm_dataplane_generated.yaml   |    4 +-
 deployment/gcp/flyte_helm_generated.yaml      |    4 +-
 .../manifests/complete-agent.yaml             |    4 +-
 .../sandbox-bundled/manifests/complete.yaml   | 3656 ++++++++---------
 docker/sandbox-bundled/manifests/dev.yaml     |    4 +-
 8 files changed, 1842 insertions(+), 1842 deletions(-)

diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
index aa93da1a20..290a4350d3 100644
--- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
+++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
@@ -1268,7 +1268,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "64a0a51a13929685cf9e74444b216f25bfc9dbdb542d6d491db345519111197"
+        configChecksum: "ab9f3b81cd9e4a406179615bbca142195b4fb74d42aa6c784b0f079a84a63eb"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1350,7 +1350,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0
       annotations:
-        configChecksum: "64a0a51a13929685cf9e74444b216f25bfc9dbdb542d6d491db345519111197"
+        configChecksum: "ab9f3b81cd9e4a406179615bbca142195b4fb74d42aa6c784b0f079a84a63eb"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/eks/flyte_helm_dataplane_generated.yaml b/deployment/eks/flyte_helm_dataplane_generated.yaml
index 31037e623f..838c2c6d63 100644
--- a/deployment/eks/flyte_helm_dataplane_generated.yaml
+++ b/deployment/eks/flyte_helm_dataplane_generated.yaml
@@ -428,7 +428,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "64a0a51a13929685cf9e74444b216f25bfc9dbdb542d6d491db345519111197"
+        configChecksum: "ab9f3b81cd9e4a406179615bbca142195b4fb74d42aa6c784b0f079a84a63eb"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -510,7 +510,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0
       annotations:
-        configChecksum: "64a0a51a13929685cf9e74444b216f25bfc9dbdb542d6d491db345519111197"
+        configChecksum: "ab9f3b81cd9e4a406179615bbca142195b4fb74d42aa6c784b0f079a84a63eb"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml
index 46656aac3a..94fe0e87a0 100644
--- a/deployment/eks/flyte_helm_generated.yaml
+++ b/deployment/eks/flyte_helm_generated.yaml
@@ -1398,7 +1398,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "64a0a51a13929685cf9e74444b216f25bfc9dbdb542d6d491db345519111197"
+        configChecksum: "ab9f3b81cd9e4a406179615bbca142195b4fb74d42aa6c784b0f079a84a63eb"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1480,7 +1480,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0
       annotations:
-        configChecksum: "64a0a51a13929685cf9e74444b216f25bfc9dbdb542d6d491db345519111197"
+        configChecksum: "ab9f3b81cd9e4a406179615bbca142195b4fb74d42aa6c784b0f079a84a63eb"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/gcp/flyte_helm_dataplane_generated.yaml b/deployment/gcp/flyte_helm_dataplane_generated.yaml
index 41219bf1e7..73a45f471f 100644
--- a/deployment/gcp/flyte_helm_dataplane_generated.yaml
+++ b/deployment/gcp/flyte_helm_dataplane_generated.yaml
@@ -436,7 +436,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "cc8b6585fb0703724b6418fea14f52893fdd6913d5aee513867e84d66e23d72"
+        configChecksum: "d964d1aa4d4524f27359945ee64279390b6c0949b26ece64272797d0e4b02cd"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -517,7 +517,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0
       annotations:
-        configChecksum: "cc8b6585fb0703724b6418fea14f52893fdd6913d5aee513867e84d66e23d72"
+        configChecksum: "d964d1aa4d4524f27359945ee64279390b6c0949b26ece64272797d0e4b02cd"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml
index 0c067c7e97..5b4a33b3e9 100644
--- a/deployment/gcp/flyte_helm_generated.yaml
+++ b/deployment/gcp/flyte_helm_generated.yaml
@@ -1421,7 +1421,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "cc8b6585fb0703724b6418fea14f52893fdd6913d5aee513867e84d66e23d72"
+        configChecksum: "d964d1aa4d4524f27359945ee64279390b6c0949b26ece64272797d0e4b02cd"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1502,7 +1502,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0
       annotations:
-        configChecksum: "cc8b6585fb0703724b6418fea14f52893fdd6913d5aee513867e84d66e23d72"
+        configChecksum: "d964d1aa4d4524f27359945ee64279390b6c0949b26ece64272797d0e4b02cd"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml
index d918d083fe..0a6ad278cc 100644
--- a/docker/sandbox-bundled/manifests/complete-agent.yaml
+++ b/docker/sandbox-bundled/manifests/complete-agent.yaml
@@ -816,7 +816,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: bFdEdjRZTHJpYjZlVjJFUA==
+  haSharedSecret: TjcwUUU5a0I4NjY1VEZ6QQ==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1412,7 +1412,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 4e48fca207a5d670db85e2a3c006dc4299ca542f111df37bc4657732e90f7fbb
+        checksum/secret: f1051560597442e19f00458f2d7e59764124ab7f5f37ad7e64af8fa0750aa8bf
       labels:
         app: docker-registry
         release: flyte-sandbox
diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml
index 1b0c5c1b5c..708af73aed 100644
--- a/docker/sandbox-bundled/manifests/complete.yaml
+++ b/docker/sandbox-bundled/manifests/complete.yaml
@@ -1,1828 +1,1828 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: flyte
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox
-  namespace: flyte
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
----
-apiVersion: v1
-automountServiceAccountToken: true
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: minio
-    helm.sh/chart: minio-12.6.7
-  name: flyte-sandbox-minio
-  namespace: flyte
-secrets:
-- name: flyte-sandbox-minio
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
-rules:
-- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-key-holder
-  - kubernetes-dashboard-certs
-  - kubernetes-dashboard-csrf
-  resources:
-  - secrets
-  verbs:
-  - get
-  - update
-  - delete
-- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-settings
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - update
-- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - dashboard-metrics-scraper
-  resources:
-  - services
-  verbs:
-  - proxy
-- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - 'http:heapster:'
-  - 'https:heapster:'
-  - dashboard-metrics-scraper
-  - http:dashboard-metrics-scraper
-  resources:
-  - services/proxy
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-cluster-role
-  namespace: flyte
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - resourcequotas
-  - secrets
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - delete
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - podtemplates
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - flyte.lyft.com
-  resources:
-  - flyteworkflows
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - post
-  - update
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - create
-  - get
-  - list
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - mutatingwebhookconfigurations
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-- apiGroups:
-  - '*'
-  resources:
-  - '*'
-  verbs:
-  - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard-readonly
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - endpoints
-  - persistentvolumeclaims
-  - pods
-  - replicationcontrollers
-  - replicationcontrollers/scale
-  - serviceaccounts
-  - services
-  - nodes
-  - persistentvolumeclaims
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - bindings
-  - events
-  - limitranges
-  - namespaces/status
-  - pods/log
-  - pods/status
-  - replicationcontrollers/status
-  - resourcequotas
-  - resourcequotas/status
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - daemonsets
-  - deployments
-  - deployments/scale
-  - replicasets
-  - replicasets/scale
-  - statefulsets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - autoscaling
-  resources:
-  - horizontalpodautoscalers
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - batch
-  resources:
-  - cronjobs
-  - jobs
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - extensions
-  resources:
-  - daemonsets
-  - deployments
-  - deployments/scale
-  - ingresses
-  - networkpolicies
-  - replicasets
-  - replicasets/scale
-  - replicationcontrollers/scale
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - policy
-  resources:
-  - poddisruptionbudgets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - networkpolicies
-  - ingresses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - storageclasses
-  - volumeattachments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterrolebindings
-  - clusterroles
-  - roles
-  - rolebindings
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: flyte-sandbox-kubernetes-dashboard
-subjects:
-- kind: ServiceAccount
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-cluster-role-binding
-  namespace: flyte
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: flyte-sandbox-cluster-role
-subjects:
-- kind: ServiceAccount
-  name: flyte-sandbox
-  namespace: flyte
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard-readonly
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: flyte-sandbox-kubernetes-dashboard-readonly
-subjects:
-- kind: ServiceAccount
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
----
-apiVersion: v1
-data:
-  namespace.yaml: |
-    apiVersion: v1
-    kind: Namespace
-    metadata:
-      name: '{{ namespace }}'
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-cluster-resource-templates
-  namespace: flyte
----
-apiVersion: v1
-data:
-  000-core.yaml: |
-    admin:
-      endpoint: localhost:8089
-      insecure: true
-    catalog-cache:
-      endpoint: localhost:8081
-      insecure: true
-      type: datacatalog
-    cluster_resources:
-      standaloneDeployment: false
-      templatePath: /etc/flyte/cluster-resource-templates
-    logger:
-      show-source: true
-      level: 5
-    propeller:
-      create-flyteworkflow-crd: true
-    webhook:
-      certDir: /var/run/flyte/certs
-      localCert: true
-      secretName: flyte-sandbox-webhook-secret
-      serviceName: flyte-sandbox-webhook
-      servicePort: 443
-    flyte:
-      admin:
-        disableClusterResourceManager: false
-        disableScheduler: false
-        disabled: false
-        seedProjects:
-        - flytesnacks
-      dataCatalog:
-        disabled: false
-      propeller:
-        disableWebhook: false
-        disabled: false
-  001-plugins.yaml: |
-    tasks:
-      task-plugins:
-        default-for-task-types:
-          container: container
-          container_array: k8s-array
-          sidecar: sidecar
-        enabled-plugins:
-        - container
-        - sidecar
-        - k8s-array
-        - agent-service
-    plugins:
-      logs:
-        kubernetes-enabled: true
-        kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }}
-        cloudwatch-enabled: false
-        stackdriver-enabled: false
-      k8s:
-        co-pilot:
-          image: "cr.flyte.org/flyteorg/flytecopilot:v1.11.0"
-      k8s-array:
-        logs:
-          config:
-            kubernetes-enabled: true
-            kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }}
-            cloudwatch-enabled: false
-            stackdriver-enabled: false
-  002-database.yaml: |
-    database:
-      postgres:
-        username: postgres
-        host: flyte-sandbox-postgresql
-        port: 5432
-        dbname: flyte
-        options: "sslmode=disable"
-  003-storage.yaml: |
-    propeller:
-      rawoutput-prefix: s3://my-s3-bucket/data
-    storage:
-      type: stow
-      stow:
-        kind: s3
-        config:
-          region: us-east-1
-          disable_ssl: true
-          v2_signing: true
-          endpoint: http://flyte-sandbox-minio.flyte:9000
-          auth_type: accesskey
-      container: my-s3-bucket
-  100-inline-config.yaml: |
-    plugins:
-      k8s:
-        default-env-vars:
-        - FLYTE_AWS_ENDPOINT: http://flyte-sandbox-minio.flyte:9000
-        - FLYTE_AWS_ACCESS_KEY_ID: minio
-        - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage
-    storage:
-      signedURL:
-        stowConfigOverride:
-          endpoint: http://localhost:30002
-    task_resources:
-      defaults:
-        cpu: 500m
-        ephemeralStorage: 0
-        gpu: 0
-        memory: 1Gi
-      limits:
-        cpu: 0
-        ephemeralStorage: 0
-        gpu: 0
-        memory: 0
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-config
-  namespace: flyte
----
-apiVersion: v1
-data:
-  config.yml: |-
-    health:
-      storagedriver:
-        enabled: true
-        interval: 10s
-        threshold: 3
-    http:
-      addr: :5000
-      debug:
-        addr: :5001
-        prometheus:
-          enabled: false
-          path: /metrics
-      headers:
-        X-Content-Type-Options:
-        - nosniff
-    log:
-      fields:
-        service: registry
-    storage:
-      cache:
-        blobdescriptor: inmemory
-    version: 0.1
-kind: ConfigMap
-metadata:
-  labels:
-    app: docker-registry
-    chart: docker-registry-2.2.2
-    heritage: Helm
-    release: flyte-sandbox
-  name: flyte-sandbox-docker-registry-config
-  namespace: flyte
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: flyte-sandbox-extra-cluster-resource-templates
-  namespace: flyte
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: flyte-sandbox-extra-config
-  namespace: flyte
----
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-        access_log_path: /dev/stdout
-    static_resources:
-        listeners:
-            - address:
-                  socket_address:
-                      address: 0.0.0.0
-                      port_value: 8000
-              filter_chains:
-                  - filters:
-                        - name: envoy.filters.network.http_connection_manager
-                          typed_config:
-                              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                              stat_prefix: ingress_http
-                              codec_type: AUTO
-                              upgrade_configs:
-                                  - upgrade_type: websocket
-                              route_config:
-                                  name: local_route
-                                  virtual_hosts:
-                                      - name: backend
-                                        domains:
-                                            - "*"
-                                        routes:
-                                            - match:
-                                                  path: "/"
-                                              redirect:
-                                                  path_redirect: "/console/"
-                                            - match:
-                                                  prefix: "/.well-known"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/__webpack_hmr"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/api"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/callback"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/config"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/console"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/healthcheck"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/login"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/logout"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/me"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/oauth2"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/v1"
-                                              route:
-                                                  cluster: flyte
-                                            - match:
-                                                  prefix: "/flyteidl.service.AdminService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/flyteidl.service.AuthMetadataService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/flyteidl.service.DataProxyService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/flyteidl.service.IdentityService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/grpc.health.v1.Health"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  prefix: "/flyteidl.service.SignalService"
-                                              route:
-                                                  cluster: flyte_grpc
-                                            - match:
-                                                  path: "/kubernetes-dashboard"
-                                              redirect:
-                                                  path_redirect: "/kubernetes-dashboard/"
-                                            - match:
-                                                  prefix: "/kubernetes-dashboard/"
-                                              route:
-                                                  cluster: kubernetes-dashboard
-                                                  prefix_rewrite: /
-                                            - match:
-                                                  path: "/minio"
-                                              redirect:
-                                                  path_redirect: "/minio/"
-                                            - match:
-                                                  prefix: "/minio/"
-                                              route:
-                                                  cluster: minio
-                                                  prefix_rewrite: /
-                              http_filters:
-                                  - name: envoy.filters.http.router
-                                    typed_config:
-                                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-        clusters:
-            - name: flyte
-              connect_timeout: 0.25s
-              type: STRICT_DNS
-              lb_policy: ROUND_ROBIN
-              load_assignment:
-                  cluster_name: flyte
-                  endpoints:
-                      - lb_endpoints:
-                            - endpoint:
-                                  address:
-                                      socket_address:
-                                          address: flyte-sandbox-http
-                                          port_value: 8088
-            - name: flyte_grpc
-              connect_timeout: 0.25s
-              type: STRICT_DNS
-              lb_policy: ROUND_ROBIN
-              http2_protocol_options: {}
-              load_assignment:
-                  cluster_name: flyte_grpc
-                  endpoints:
-                      - lb_endpoints:
-                            - endpoint:
-                                  address:
-                                      socket_address:
-                                          address: flyte-sandbox-grpc
-                                          port_value: 8089
-            - name: kubernetes-dashboard
-              connect_timeout: 0.25s
-              type: STRICT_DNS
-              lb_policy: ROUND_ROBIN
-              load_assignment:
-                  cluster_name: kubernetes-dashboard
-                  endpoints:
-                      - lb_endpoints:
-                            - endpoint:
-                                  address:
-                                      socket_address:
-                                          address: flyte-sandbox-kubernetes-dashboard
-                                          port_value: 80
-            - name: minio
-              connect_timeout: 0.25s
-              type: STRICT_DNS
-              lb_policy: ROUND_ROBIN
-              load_assignment:
-                  cluster_name: minio
-                  endpoints:
-                      - lb_endpoints:
-                            - endpoint:
-                                  address:
-                                      socket_address:
-                                          address: flyte-sandbox-minio
-                                          port_value: 9001
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-proxy-config
-  namespace: flyte
----
-apiVersion: v1
-data: null
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-settings
-  namespace: flyte
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-config-secret
-  namespace: flyte
-stringData:
-  012-database-secrets.yaml: |
-    database:
-      postgres:
-        password: "postgres"
-  013-storage-secrets.yaml: |
-    storage:
-      stow:
-        config:
-          access_key_id: "minio"
-          secret_key: "miniostorage"
-type: Opaque
----
-apiVersion: v1
-data:
-  haSharedSecret: VFF5OW9ocFA1SFBaeEhFTQ==
-  proxyPassword: ""
-  proxyUsername: ""
-kind: Secret
-metadata:
-  labels:
-    app: docker-registry
-    chart: docker-registry-2.2.2
-    heritage: Helm
-    release: flyte-sandbox
-  name: flyte-sandbox-docker-registry-secret
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard-certs
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-data:
-  root-password: bWluaW9zdG9yYWdl
-  root-user: bWluaW8=
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: minio
-    helm.sh/chart: minio-12.6.7
-  name: flyte-sandbox-minio
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-data:
-  postgres-password: cG9zdGdyZXM=
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: postgresql
-    helm.sh/chart: postgresql-12.8.1
-  name: flyte-sandbox-postgresql
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-csrf
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-key-holder
-  namespace: flyte
-type: Opaque
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: docker-registry
-    chart: docker-registry-2.2.2
-    heritage: Helm
-    release: flyte-sandbox
-  name: flyte-sandbox-docker-registry
-  namespace: flyte
-spec:
-  ports:
-  - name: http-5000
-    nodePort: 30000
-    port: 5000
-    protocol: TCP
-    targetPort: 5000
-  selector:
-    app: docker-registry
-    release: flyte-sandbox
-  type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-grpc
-  namespace: flyte
-spec:
-  ports:
-  - name: grpc
-    nodePort: null
-    port: 8089
-    targetPort: grpc
-  selector:
-    app.kubernetes.io/component: flyte-binary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: flyte-sandbox
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-http
-  namespace: flyte
-spec:
-  ports:
-  - name: http
-    nodePort: null
-    port: 8088
-    targetPort: http
-  selector:
-    app.kubernetes.io/component: flyte-binary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: flyte-sandbox
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-    kubernetes.io/cluster-service: "true"
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
-spec:
-  ports:
-  - name: http
-    port: 80
-    targetPort: http
-  selector:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: kubernetes-dashboard
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: minio
-    helm.sh/chart: minio-12.6.7
-  name: flyte-sandbox-minio
-  namespace: flyte
-spec:
-  externalTrafficPolicy: Cluster
-  ports:
-  - name: minio-api
-    nodePort: 30002
-    port: 9000
-    targetPort: minio-api
-  - name: minio-console
-    port: 9001
-    targetPort: minio-console
-  selector:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: minio
-  type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: postgresql
-    helm.sh/chart: postgresql-12.8.1
-  name: flyte-sandbox-postgresql
-  namespace: flyte
-spec:
-  externalTrafficPolicy: Cluster
-  ports:
-  - name: tcp-postgresql
-    nodePort: 30001
-    port: 5432
-    targetPort: tcp-postgresql
-  selector:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: postgresql
-  sessionAffinity: None
-  type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: postgresql
-    helm.sh/chart: postgresql-12.8.1
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-  name: flyte-sandbox-postgresql-hl
-  namespace: flyte
-spec:
-  clusterIP: None
-  ports:
-  - name: tcp-postgresql
-    port: 5432
-    targetPort: tcp-postgresql
-  publishNotReadyAddresses: true
-  selector:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: postgresql
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-proxy
-  namespace: flyte
-spec:
-  ports:
-  - name: http
-    nodePort: 30080
-    port: 8000
-    protocol: TCP
-  selector:
-    app.kubernetes.io/component: proxy
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: flyte-sandbox
-  type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox-webhook
-  namespace: flyte
-spec:
-  ports:
-  - name: webhook
-    port: 443
-    targetPort: webhook
-  selector:
-    app.kubernetes.io/component: flyte-binary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/name: flyte-sandbox
-  type: ClusterIP
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-db-storage
-  namespace: flyte
-spec:
-  accessModes:
-  - ReadWriteOnce
-  capacity:
-    storage: 1Gi
-  hostPath:
-    path: /var/lib/flyte/storage/db
-  storageClassName: manual
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-minio-storage
-  namespace: flyte
-spec:
-  accessModes:
-  - ReadWriteOnce
-  capacity:
-    storage: 1Gi
-  hostPath:
-    path: /var/lib/flyte/storage/minio
-  storageClassName: manual
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-db-storage
-  namespace: flyte
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: manual
-  volumeName: flyte-sandbox-db-storage
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-minio-storage
-  namespace: flyte
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: manual
-  volumeName: flyte-sandbox-minio-storage
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: flyte-binary-v0.1.10
-  name: flyte-sandbox
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: flyte-binary
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: flyte-sandbox
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      annotations:
-        checksum/cluster-resource-templates: 6fd9b172465e3089fcc59f738b92b8dc4d8939360c19de8ee65f68b0e7422035
-        checksum/configuration: cd9caceec9bd91bdf1eedb10aee289a53786fc70df8c3f4951881abb9f937c49
-        checksum/configuration-secret: 09216ffaa3d29e14f88b1f30af580d02a2a5e014de4d750b7f275cc07ed4e914
-      labels:
-        app.kubernetes.io/component: flyte-binary
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/name: flyte-sandbox
-    spec:
-      containers:
-      - args:
-        - start
-        - --config
-        - /etc/flyte/config.d/*.yaml
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        image: flyte-binary:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          httpGet:
-            path: /healthcheck
-            port: http
-          initialDelaySeconds: 30
-        name: flyte
-        ports:
-        - containerPort: 8088
-          name: http
-        - containerPort: 8089
-          name: grpc
-        - containerPort: 9443
-          name: webhook
-        readinessProbe:
-          httpGet:
-            path: /healthcheck
-            port: http
-          initialDelaySeconds: 30
-        volumeMounts:
-        - mountPath: /etc/flyte/cluster-resource-templates
-          name: cluster-resource-templates
-        - mountPath: /etc/flyte/config.d
-          name: config
-        - mountPath: /var/run/flyte
-          name: state
-      initContainers:
-      - args:
-        - |
-          until pg_isready \
-            -h flyte-sandbox-postgresql \
-            -p 5432 \
-            -U postgres
-          do
-            echo waiting for database
-            sleep 0.1
-          done
-        command:
-        - sh
-        - -ec
-        image: bitnami/postgresql:sandbox
-        imagePullPolicy: Never
-        name: wait-for-db
-      serviceAccountName: flyte-sandbox
-      volumes:
-      - name: cluster-resource-templates
-        projected:
-          sources:
-          - configMap:
-              name: flyte-sandbox-cluster-resource-templates
-          - configMap:
-              name: flyte-sandbox-extra-cluster-resource-templates
-      - name: config
-        projected:
-          sources:
-          - configMap:
-              name: flyte-sandbox-config
-          - secret:
-              name: flyte-sandbox-config-secret
-          - configMap:
-              name: flyte-sandbox-extra-config
-      - emptyDir: {}
-        name: state
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-buildkit
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: buildkit
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: flyte-sandbox
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: buildkit
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/name: flyte-sandbox
-    spec:
-      containers:
-      - args:
-        - --addr
-        - unix:///run/buildkit/buildkitd.sock
-        - --addr
-        - tcp://0.0.0.0:30003
-        image: moby/buildkit:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          exec:
-            command:
-            - buildctl
-            - debug
-            - workers
-          initialDelaySeconds: 5
-          periodSeconds: 30
-        name: buildkit
-        ports:
-        - containerPort: 30003
-          name: tcp
-          protocol: TCP
-        readinessProbe:
-          exec:
-            command:
-            - buildctl
-            - debug
-            - workers
-          initialDelaySeconds: 5
-          periodSeconds: 30
-        securityContext:
-          privileged: true
-      dnsPolicy: ClusterFirstWithHostNet
-      hostNetwork: true
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: docker-registry
-    chart: docker-registry-2.2.2
-    heritage: Helm
-    release: flyte-sandbox
-  name: flyte-sandbox-docker-registry
-  namespace: flyte
-spec:
-  minReadySeconds: 5
-  replicas: 1
-  selector:
-    matchLabels:
-      app: docker-registry
-      release: flyte-sandbox
-  template:
-    metadata:
-      annotations:
-        checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 58164ccf22adab677f5be0934c63dfffcaf63125d1b61f4e3257ad6abbad5344
-      labels:
-        app: docker-registry
-        release: flyte-sandbox
-    spec:
-      containers:
-      - command:
-        - /bin/registry
-        - serve
-        - /etc/docker/registry/config.yml
-        env:
-        - name: REGISTRY_HTTP_SECRET
-          valueFrom:
-            secretKeyRef:
-              key: haSharedSecret
-              name: flyte-sandbox-docker-registry-secret
-        - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
-          value: /var/lib/registry
-        image: registry:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 5000
-        name: docker-registry
-        ports:
-        - containerPort: 5000
-        readinessProbe:
-          httpGet:
-            path: /
-            port: 5000
-        resources: {}
-        volumeMounts:
-        - mountPath: /etc/docker/registry
-          name: flyte-sandbox-docker-registry-config
-        - mountPath: /var/lib/registry/
-          name: data
-      securityContext:
-        fsGroup: 1000
-        runAsUser: 1000
-      volumes:
-      - configMap:
-          name: flyte-sandbox-docker-registry-config
-        name: flyte-sandbox-docker-registry-config
-      - emptyDir: {}
-        name: data
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: flyte-sandbox-kubernetes-dashboard
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: kubernetes-dashboard
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: kubernetes-dashboard
-  strategy:
-    rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 1
-    type: RollingUpdate
-  template:
-    metadata:
-      annotations: null
-      labels:
-        app.kubernetes.io/component: kubernetes-dashboard
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.7.0
-        helm.sh/chart: kubernetes-dashboard-6.0.0
-    spec:
-      containers:
-      - args:
-        - --namespace=flyte
-        - --metrics-provider=none
-        - --enable-insecure-login
-        - --enable-skip-login
-        image: kubernetesui/dashboard:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 9090
-            scheme: HTTP
-          initialDelaySeconds: 30
-          timeoutSeconds: 30
-        name: kubernetes-dashboard
-        ports:
-        - containerPort: 9090
-          name: http
-          protocol: TCP
-        resources:
-          limits:
-            cpu: 2
-            memory: 200Mi
-          requests:
-            cpu: 100m
-            memory: 200Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 2001
-          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /certs
-          name: kubernetes-dashboard-certs
-        - mountPath: /tmp
-          name: tmp-volume
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: flyte-sandbox-kubernetes-dashboard
-      volumes:
-      - name: kubernetes-dashboard-certs
-        secret:
-          secretName: flyte-sandbox-kubernetes-dashboard-certs
-      - emptyDir: {}
-        name: tmp-volume
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: minio
-    helm.sh/chart: minio-12.6.7
-  name: flyte-sandbox-minio
-  namespace: flyte
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: minio
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      annotations:
-        checksum/credentials-secret: ecce809e3af19025d134846a9a81e163dd41df7e26abf2c6657895d9d13607a9
-      labels:
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: minio
-        helm.sh/chart: minio-12.6.7
-    spec:
-      affinity:
-        nodeAffinity: null
-        podAffinity: null
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchLabels:
-                  app.kubernetes.io/instance: flyte-sandbox
-                  app.kubernetes.io/name: minio
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      containers:
-      - env:
-        - name: BITNAMI_DEBUG
-          value: "false"
-        - name: MINIO_SCHEME
-          value: http
-        - name: MINIO_FORCE_NEW_KEYS
-          value: "no"
-        - name: MINIO_ROOT_USER
-          valueFrom:
-            secretKeyRef:
-              key: root-user
-              name: flyte-sandbox-minio
-        - name: MINIO_ROOT_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: root-password
-              name: flyte-sandbox-minio
-        - name: MINIO_DEFAULT_BUCKETS
-          value: my-s3-bucket
-        - name: MINIO_BROWSER
-          value: "on"
-        - name: MINIO_PROMETHEUS_AUTH_TYPE
-          value: public
-        - name: MINIO_CONSOLE_PORT_NUMBER
-          value: "9001"
-        - name: MINIO_BROWSER_REDIRECT_URL
-          value: http://localhost:30080/minio
-        envFrom: null
-        image: docker.io/bitnami/minio:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          failureThreshold: 5
-          httpGet:
-            path: /minio/health/live
-            port: minio-api
-            scheme: HTTP
-          initialDelaySeconds: 5
-          periodSeconds: 5
-          successThreshold: 1
-          timeoutSeconds: 5
-        name: minio
-        ports:
-        - containerPort: 9000
-          name: minio-api
-          protocol: TCP
-        - containerPort: 9001
-          name: minio-console
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 5
-          initialDelaySeconds: 5
-          periodSeconds: 5
-          successThreshold: 1
-          tcpSocket:
-            port: minio-api
-          timeoutSeconds: 1
-        resources:
-          limits: {}
-          requests: {}
-        securityContext:
-          runAsNonRoot: true
-          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /data
-          name: data
-      initContainers:
-      - command:
-        - /bin/bash
-        - -ec
-        - |
-          chown -R 1001:1001 /data
-        image: docker.io/bitnami/os-shell:sandbox
-        imagePullPolicy: Never
-        name: volume-permissions
-        resources:
-          limits: {}
-          requests: {}
-        securityContext:
-          runAsUser: 0
-        volumeMounts:
-        - mountPath: /data
-          name: data
-      securityContext:
-        fsGroup: 1001
-      serviceAccountName: flyte-sandbox-minio
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: flyte-sandbox-minio-storage
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: flyte-sandbox
-    app.kubernetes.io/version: 1.16.1
-    helm.sh/chart: flyte-sandbox-0.1.0
-  name: flyte-sandbox-proxy
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: proxy
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: flyte-sandbox
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: proxy
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/name: flyte-sandbox
-    spec:
-      containers:
-      - image: envoyproxy/envoy:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          initialDelaySeconds: 30
-          tcpSocket:
-            port: http
-        name: proxy
-        ports:
-        - containerPort: 8000
-          name: http
-        readinessProbe:
-          tcpSocket:
-            port: http
-        volumeMounts:
-        - mountPath: /etc/envoy
-          name: config
-      volumes:
-      - configMap:
-          name: flyte-sandbox-proxy-config
-        name: config
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  labels:
-    app.kubernetes.io/component: primary
-    app.kubernetes.io/instance: flyte-sandbox
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: postgresql
-    helm.sh/chart: postgresql-12.8.1
-  name: flyte-sandbox-postgresql
-  namespace: flyte
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: primary
-      app.kubernetes.io/instance: flyte-sandbox
-      app.kubernetes.io/name: postgresql
-  serviceName: flyte-sandbox-postgresql-hl
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: primary
-        app.kubernetes.io/instance: flyte-sandbox
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: postgresql
-        helm.sh/chart: postgresql-12.8.1
-      name: flyte-sandbox-postgresql
-    spec:
-      affinity:
-        nodeAffinity: null
-        podAffinity: null
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchLabels:
-                  app.kubernetes.io/component: primary
-                  app.kubernetes.io/instance: flyte-sandbox
-                  app.kubernetes.io/name: postgresql
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      containers:
-      - env:
-        - name: BITNAMI_DEBUG
-          value: "false"
-        - name: POSTGRESQL_PORT_NUMBER
-          value: "5432"
-        - name: POSTGRESQL_VOLUME_DIR
-          value: /bitnami/postgresql
-        - name: PGDATA
-          value: /bitnami/postgresql/data
-        - name: POSTGRES_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: postgres-password
-              name: flyte-sandbox-postgresql
-        - name: POSTGRESQL_ENABLE_LDAP
-          value: "no"
-        - name: POSTGRESQL_ENABLE_TLS
-          value: "no"
-        - name: POSTGRESQL_LOG_HOSTNAME
-          value: "false"
-        - name: POSTGRESQL_LOG_CONNECTIONS
-          value: "false"
-        - name: POSTGRESQL_LOG_DISCONNECTIONS
-          value: "false"
-        - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
-          value: "off"
-        - name: POSTGRESQL_CLIENT_MIN_MESSAGES
-          value: error
-        - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
-          value: pgaudit
-        image: docker.io/bitnami/postgresql:sandbox
-        imagePullPolicy: Never
-        livenessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
-          failureThreshold: 6
-          initialDelaySeconds: 30
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 5
-        name: postgresql
-        ports:
-        - containerPort: 5432
-          name: tcp-postgresql
-        readinessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - -e
-            - |
-              exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
-              [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
-          failureThreshold: 6
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 5
-        resources:
-          limits: {}
-          requests:
-            cpu: 250m
-            memory: 256Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          runAsGroup: 0
-          runAsNonRoot: true
-          runAsUser: 1001
-          seccompProfile:
-            type: RuntimeDefault
-        volumeMounts:
-        - mountPath: /bitnami/postgresql
-          name: data
-      hostIPC: false
-      hostNetwork: false
-      initContainers:
-      - command:
-        - /bin/sh
-        - -ec
-        - |
-          chown 1001:1001 /bitnami/postgresql
-          mkdir -p /bitnami/postgresql/data
-          chmod 700 /bitnami/postgresql/data
-          find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \
-            xargs -r chown -R 1001:1001
-        image: docker.io/bitnami/os-shell:sandbox
-        imagePullPolicy: Never
-        name: init-chmod-data
-        resources:
-          limits: {}
-          requests: {}
-        securityContext:
-          runAsGroup: 0
-          runAsNonRoot: false
-          runAsUser: 0
-          seccompProfile:
-            type: RuntimeDefault
-        volumeMounts:
-        - mountPath: /bitnami/postgresql
-          name: data
-      securityContext:
-        fsGroup: 1001
-      serviceAccountName: default
-      volumes:
-      - name: data
-        persistentVolumeClaim:
-          claimName: flyte-sandbox-db-storage
-  updateStrategy:
-    rollingUpdate: {}
-    type: RollingUpdate
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flyte
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox
+  namespace: flyte
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: flyte-sandbox-kubernetes-dashboard
+  namespace: flyte
+---
+apiVersion: v1
+automountServiceAccountToken: true
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: minio
+    helm.sh/chart: minio-12.6.7
+  name: flyte-sandbox-minio
+  namespace: flyte
+secrets:
+- name: flyte-sandbox-minio
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: flyte-sandbox-kubernetes-dashboard
+  namespace: flyte
+rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - kubernetes-dashboard-key-holder
+  - kubernetes-dashboard-certs
+  - kubernetes-dashboard-csrf
+  resources:
+  - secrets
+  verbs:
+  - get
+  - update
+  - delete
+- apiGroups:
+  - ""
+  resourceNames:
+  - kubernetes-dashboard-settings
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - ""
+  resourceNames:
+  - heapster
+  - dashboard-metrics-scraper
+  resources:
+  - services
+  verbs:
+  - proxy
+- apiGroups:
+  - ""
+  resourceNames:
+  - heapster
+  - 'http:heapster:'
+  - 'https:heapster:'
+  - dashboard-metrics-scraper
+  - http:dashboard-metrics-scraper
+  resources:
+  - services/proxy
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox-cluster-role
+  namespace: flyte
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - resourcequotas
+  - secrets
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - podtemplates
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - flyte.lyft.com
+  resources:
+  - flyteworkflows
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - post
+  - update
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
+  - get
+  - list
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: flyte-sandbox-kubernetes-dashboard-readonly
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - persistentvolumeclaims
+  - pods
+  - replicationcontrollers
+  - replicationcontrollers/scale
+  - serviceaccounts
+  - services
+  - nodes
+  - persistentvolumeclaims
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - bindings
+  - events
+  - limitranges
+  - namespaces/status
+  - pods/log
+  - pods/status
+  - replicationcontrollers/status
+  - resourcequotas
+  - resourcequotas/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  - deployments/scale
+  - replicasets
+  - replicasets/scale
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - deployments/scale
+  - ingresses
+  - networkpolicies
+  - replicasets
+  - replicasets/scale
+  - replicationcontrollers/scale
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  - ingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - volumeattachments
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  - roles
+  - rolebindings
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: flyte-sandbox-kubernetes-dashboard
+  namespace: flyte
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: flyte-sandbox-kubernetes-dashboard
+subjects:
+- kind: ServiceAccount
+  name: flyte-sandbox-kubernetes-dashboard
+  namespace: flyte
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox-cluster-role-binding
+  namespace: flyte
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flyte-sandbox-cluster-role
+subjects:
+- kind: ServiceAccount
+  name: flyte-sandbox
+  namespace: flyte
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: flyte-sandbox-kubernetes-dashboard-readonly
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flyte-sandbox-kubernetes-dashboard-readonly
+subjects:
+- kind: ServiceAccount
+  name: flyte-sandbox-kubernetes-dashboard
+  namespace: flyte
+---
+apiVersion: v1
+data:
+  namespace.yaml: |
+    apiVersion: v1
+    kind: Namespace
+    metadata:
+      name: '{{ namespace }}'
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox-cluster-resource-templates
+  namespace: flyte
+---
+apiVersion: v1
+data:
+  000-core.yaml: |
+    admin:
+      endpoint: localhost:8089
+      insecure: true
+    catalog-cache:
+      endpoint: localhost:8081
+      insecure: true
+      type: datacatalog
+    cluster_resources:
+      standaloneDeployment: false
+      templatePath: /etc/flyte/cluster-resource-templates
+    logger:
+      show-source: true
+      level: 5
+    propeller:
+      create-flyteworkflow-crd: true
+    webhook:
+      certDir: /var/run/flyte/certs
+      localCert: true
+      secretName: flyte-sandbox-webhook-secret
+      serviceName: flyte-sandbox-webhook
+      servicePort: 443
+    flyte:
+      admin:
+        disableClusterResourceManager: false
+        disableScheduler: false
+        disabled: false
+        seedProjects:
+        - flytesnacks
+      dataCatalog:
+        disabled: false
+      propeller:
+        disableWebhook: false
+        disabled: false
+  001-plugins.yaml: |
+    tasks:
+      task-plugins:
+        default-for-task-types:
+          container: container
+          container_array: k8s-array
+          sidecar: sidecar
+        enabled-plugins:
+        - container
+        - sidecar
+        - k8s-array
+        - agent-service
+    plugins:
+      logs:
+        kubernetes-enabled: true
+        kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }}
+        cloudwatch-enabled: false
+        stackdriver-enabled: false
+      k8s:
+        co-pilot:
+          image: "cr.flyte.org/flyteorg/flytecopilot:v1.11.0"
+      k8s-array:
+        logs:
+          config:
+            kubernetes-enabled: true
+            kubernetes-template-uri: http://localhost:30080/kubernetes-dashboard/#/log/{{.namespace }}/{{ .podName }}/pod?namespace={{ .namespace }}
+            cloudwatch-enabled: false
+            stackdriver-enabled: false
+  002-database.yaml: |
+    database:
+      postgres:
+        username: postgres
+        host: flyte-sandbox-postgresql
+        port: 5432
+        dbname: flyte
+        options: "sslmode=disable"
+  003-storage.yaml: |
+    propeller:
+      rawoutput-prefix: s3://my-s3-bucket/data
+    storage:
+      type: stow
+      stow:
+        kind: s3
+        config:
+          region: us-east-1
+          disable_ssl: true
+          v2_signing: true
+          endpoint: http://flyte-sandbox-minio.flyte:9000
+          auth_type: accesskey
+      container: my-s3-bucket
+  100-inline-config.yaml: |
+    plugins:
+      k8s:
+        default-env-vars:
+        - FLYTE_AWS_ENDPOINT: http://flyte-sandbox-minio.flyte:9000
+        - FLYTE_AWS_ACCESS_KEY_ID: minio
+        - FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage
+    storage:
+      signedURL:
+        stowConfigOverride:
+          endpoint: http://localhost:30002
+    task_resources:
+      defaults:
+        cpu: 500m
+        ephemeralStorage: 0
+        gpu: 0
+        memory: 1Gi
+      limits:
+        cpu: 0
+        ephemeralStorage: 0
+        gpu: 0
+        memory: 0
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox-config
+  namespace: flyte
+---
+apiVersion: v1
+data:
+  config.yml: |-
+    health:
+      storagedriver:
+        enabled: true
+        interval: 10s
+        threshold: 3
+    http:
+      addr: :5000
+      debug:
+        addr: :5001
+        prometheus:
+          enabled: false
+          path: /metrics
+      headers:
+        X-Content-Type-Options:
+        - nosniff
+    log:
+      fields:
+        service: registry
+    storage:
+      cache:
+        blobdescriptor: inmemory
+    version: 0.1
+kind: ConfigMap
+metadata:
+  labels:
+    app: docker-registry
+    chart: docker-registry-2.2.2
+    heritage: Helm
+    release: flyte-sandbox
+  name: flyte-sandbox-docker-registry-config
+  namespace: flyte
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: flyte-sandbox-extra-cluster-resource-templates
+  namespace: flyte
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: flyte-sandbox-extra-config
+  namespace: flyte
+---
+apiVersion: v1
+data:
+  envoy.yaml: |
+    admin:
+        access_log_path: /dev/stdout
+    static_resources:
+        listeners:
+            - address:
+                  socket_address:
+                      address: 0.0.0.0
+                      port_value: 8000
+              filter_chains:
+                  - filters:
+                        - name: envoy.filters.network.http_connection_manager
+                          typed_config:
+                              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                              stat_prefix: ingress_http
+                              codec_type: AUTO
+                              upgrade_configs:
+                                  - upgrade_type: websocket
+                              route_config:
+                                  name: local_route
+                                  virtual_hosts:
+                                      - name: backend
+                                        domains:
+                                            - "*"
+                                        routes:
+                                            - match:
+                                                  path: "/"
+                                              redirect:
+                                                  path_redirect: "/console/"
+                                            - match:
+                                                  prefix: "/.well-known"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/__webpack_hmr"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/api"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/callback"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/config"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/console"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/healthcheck"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/login"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/logout"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/me"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/oauth2"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/v1"
+                                              route:
+                                                  cluster: flyte
+                                            - match:
+                                                  prefix: "/flyteidl.service.AdminService"
+                                              route:
+                                                  cluster: flyte_grpc
+                                            - match:
+                                                  prefix: "/flyteidl.service.AuthMetadataService"
+                                              route:
+                                                  cluster: flyte_grpc
+                                            - match:
+                                                  prefix: "/flyteidl.service.DataProxyService"
+                                              route:
+                                                  cluster: flyte_grpc
+                                            - match:
+                                                  prefix: "/flyteidl.service.IdentityService"
+                                              route:
+                                                  cluster: flyte_grpc
+                                            - match:
+                                                  prefix: "/grpc.health.v1.Health"
+                                              route:
+                                                  cluster: flyte_grpc
+                                            - match:
+                                                  prefix: "/flyteidl.service.SignalService"
+                                              route:
+                                                  cluster: flyte_grpc
+                                            - match:
+                                                  path: "/kubernetes-dashboard"
+                                              redirect:
+                                                  path_redirect: "/kubernetes-dashboard/"
+                                            - match:
+                                                  prefix: "/kubernetes-dashboard/"
+                                              route:
+                                                  cluster: kubernetes-dashboard
+                                                  prefix_rewrite: /
+                                            - match:
+                                                  path: "/minio"
+                                              redirect:
+                                                  path_redirect: "/minio/"
+                                            - match:
+                                                  prefix: "/minio/"
+                                              route:
+                                                  cluster: minio
+                                                  prefix_rewrite: /
+                              http_filters:
+                                  - name: envoy.filters.http.router
+                                    typed_config:
+                                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        clusters:
+            - name: flyte
+              connect_timeout: 0.25s
+              type: STRICT_DNS
+              lb_policy: ROUND_ROBIN
+              load_assignment:
+                  cluster_name: flyte
+                  endpoints:
+                      - lb_endpoints:
+                            - endpoint:
+                                  address:
+                                      socket_address:
+                                          address: flyte-sandbox-http
+                                          port_value: 8088
+            - name: flyte_grpc
+              connect_timeout: 0.25s
+              type: STRICT_DNS
+              lb_policy: ROUND_ROBIN
+              http2_protocol_options: {}
+              load_assignment:
+                  cluster_name: flyte_grpc
+                  endpoints:
+                      - lb_endpoints:
+                            - endpoint:
+                                  address:
+                                      socket_address:
+                                          address: flyte-sandbox-grpc
+                                          port_value: 8089
+            - name: kubernetes-dashboard
+              connect_timeout: 0.25s
+              type: STRICT_DNS
+              lb_policy: ROUND_ROBIN
+              load_assignment:
+                  cluster_name: kubernetes-dashboard
+                  endpoints:
+                      - lb_endpoints:
+                            - endpoint:
+                                  address:
+                                      socket_address:
+                                          address: flyte-sandbox-kubernetes-dashboard
+                                          port_value: 80
+            - name: minio
+              connect_timeout: 0.25s
+              type: STRICT_DNS
+              lb_policy: ROUND_ROBIN
+              load_assignment:
+                  cluster_name: minio
+                  endpoints:
+                      - lb_endpoints:
+                            - endpoint:
+                                  address:
+                                      socket_address:
+                                          address: flyte-sandbox-minio
+                                          port_value: 9001
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.1
+    helm.sh/chart: flyte-sandbox-0.1.0
+  name: flyte-sandbox-proxy-config
+  namespace: flyte
+---
+apiVersion: v1
+data: null
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: kubernetes-dashboard-settings
+  namespace: flyte
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox-config-secret
+  namespace: flyte
+stringData:
+  012-database-secrets.yaml: |
+    database:
+      postgres:
+        password: "postgres"
+  013-storage-secrets.yaml: |
+    storage:
+      stow:
+        config:
+          access_key_id: "minio"
+          secret_key: "miniostorage"
+type: Opaque
+---
+apiVersion: v1
+data:
+  haSharedSecret: aFNrWVg3UVRQQ1QwWk8wZg==
+  proxyPassword: ""
+  proxyUsername: ""
+kind: Secret
+metadata:
+  labels:
+    app: docker-registry
+    chart: docker-registry-2.2.2
+    heritage: Helm
+    release: flyte-sandbox
+  name: flyte-sandbox-docker-registry-secret
+  namespace: flyte
+type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: flyte-sandbox-kubernetes-dashboard-certs
+  namespace: flyte
+type: Opaque
+---
+apiVersion: v1
+data:
+  root-password: bWluaW9zdG9yYWdl
+  root-user: bWluaW8=
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: minio
+    helm.sh/chart: minio-12.6.7
+  name: flyte-sandbox-minio
+  namespace: flyte
+type: Opaque
+---
+apiVersion: v1
+data:
+  postgres-password: cG9zdGdyZXM=
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-12.8.1
+  name: flyte-sandbox-postgresql
+  namespace: flyte
+type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: kubernetes-dashboard-csrf
+  namespace: flyte
+type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: kubernetes-dashboard-key-holder
+  namespace: flyte
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: docker-registry
+    chart: docker-registry-2.2.2
+    heritage: Helm
+    release: flyte-sandbox
+  name: flyte-sandbox-docker-registry
+  namespace: flyte
+spec:
+  ports:
+  - name: http-5000
+    nodePort: 30000
+    port: 5000
+    protocol: TCP
+    targetPort: 5000
+  selector:
+    app: docker-registry
+    release: flyte-sandbox
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox-grpc
+  namespace: flyte
+spec:
+  ports:
+  - name: grpc
+    nodePort: null
+    port: 8089
+    targetPort: grpc
+  selector:
+    app.kubernetes.io/component: flyte-binary
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/name: flyte-sandbox
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox-http
+  namespace: flyte
+spec:
+  ports:
+  - name: http
+    nodePort: null
+    port: 8088
+    targetPort: http
+  selector:
+    app.kubernetes.io/component: flyte-binary
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/name: flyte-sandbox
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: kubernetes-dashboard
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+    kubernetes.io/cluster-service: "true"
+  name: flyte-sandbox-kubernetes-dashboard
+  namespace: flyte
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+  selector:
+    app.kubernetes.io/component: kubernetes-dashboard
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/name: kubernetes-dashboard
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: minio
+    helm.sh/chart: minio-12.6.7
+  name: flyte-sandbox-minio
+  namespace: flyte
+spec:
+  externalTrafficPolicy: Cluster
+  ports:
+  - name: minio-api
+    nodePort: 30002
+    port: 9000
+    targetPort: minio-api
+  - name: minio-console
+    port: 9001
+    targetPort: minio-console
+  selector:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/name: minio
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-12.8.1
+  name: flyte-sandbox-postgresql
+  namespace: flyte
+spec:
+  externalTrafficPolicy: Cluster
+  ports:
+  - name: tcp-postgresql
+    nodePort: 30001
+    port: 5432
+    targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/name: postgresql
+  sessionAffinity: None
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-12.8.1
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+  name: flyte-sandbox-postgresql-hl
+  namespace: flyte
+spec:
+  clusterIP: None
+  ports:
+  - name: tcp-postgresql
+    port: 5432
+    targetPort: tcp-postgresql
+  publishNotReadyAddresses: true
+  selector:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/name: postgresql
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.1
+    helm.sh/chart: flyte-sandbox-0.1.0
+  name: flyte-sandbox-proxy
+  namespace: flyte
+spec:
+  ports:
+  - name: http
+    nodePort: 30080
+    port: 8000
+    protocol: TCP
+  selector:
+    app.kubernetes.io/component: proxy
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/name: flyte-sandbox
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox-webhook
+  namespace: flyte
+spec:
+  ports:
+  - name: webhook
+    port: 443
+    targetPort: webhook
+  selector:
+    app.kubernetes.io/component: flyte-binary
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/name: flyte-sandbox
+  type: ClusterIP
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.1
+    helm.sh/chart: flyte-sandbox-0.1.0
+  name: flyte-sandbox-db-storage
+  namespace: flyte
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  hostPath:
+    path: /var/lib/flyte/storage/db
+  storageClassName: manual
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.1
+    helm.sh/chart: flyte-sandbox-0.1.0
+  name: flyte-sandbox-minio-storage
+  namespace: flyte
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  hostPath:
+    path: /var/lib/flyte/storage/minio
+  storageClassName: manual
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.1
+    helm.sh/chart: flyte-sandbox-0.1.0
+  name: flyte-sandbox-db-storage
+  namespace: flyte
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: manual
+  volumeName: flyte-sandbox-db-storage
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.1
+    helm.sh/chart: flyte-sandbox-0.1.0
+  name: flyte-sandbox-minio-storage
+  namespace: flyte
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: manual
+  volumeName: flyte-sandbox-minio-storage
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.0
+    helm.sh/chart: flyte-binary-v0.1.10
+  name: flyte-sandbox
+  namespace: flyte
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: flyte-binary
+      app.kubernetes.io/instance: flyte-sandbox
+      app.kubernetes.io/name: flyte-sandbox
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        checksum/cluster-resource-templates: 6fd9b172465e3089fcc59f738b92b8dc4d8939360c19de8ee65f68b0e7422035
+        checksum/configuration: cd9caceec9bd91bdf1eedb10aee289a53786fc70df8c3f4951881abb9f937c49
+        checksum/configuration-secret: 09216ffaa3d29e14f88b1f30af580d02a2a5e014de4d750b7f275cc07ed4e914
+      labels:
+        app.kubernetes.io/component: flyte-binary
+        app.kubernetes.io/instance: flyte-sandbox
+        app.kubernetes.io/name: flyte-sandbox
+    spec:
+      containers:
+      - args:
+        - start
+        - --config
+        - /etc/flyte/config.d/*.yaml
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: flyte-binary:sandbox
+        imagePullPolicy: Never
+        livenessProbe:
+          httpGet:
+            path: /healthcheck
+            port: http
+          initialDelaySeconds: 30
+        name: flyte
+        ports:
+        - containerPort: 8088
+          name: http
+        - containerPort: 8089
+          name: grpc
+        - containerPort: 9443
+          name: webhook
+        readinessProbe:
+          httpGet:
+            path: /healthcheck
+            port: http
+          initialDelaySeconds: 30
+        volumeMounts:
+        - mountPath: /etc/flyte/cluster-resource-templates
+          name: cluster-resource-templates
+        - mountPath: /etc/flyte/config.d
+          name: config
+        - mountPath: /var/run/flyte
+          name: state
+      initContainers:
+      - args:
+        - |
+          until pg_isready \
+            -h flyte-sandbox-postgresql \
+            -p 5432 \
+            -U postgres
+          do
+            echo waiting for database
+            sleep 0.1
+          done
+        command:
+        - sh
+        - -ec
+        image: bitnami/postgresql:sandbox
+        imagePullPolicy: Never
+        name: wait-for-db
+      serviceAccountName: flyte-sandbox
+      volumes:
+      - name: cluster-resource-templates
+        projected:
+          sources:
+          - configMap:
+              name: flyte-sandbox-cluster-resource-templates
+          - configMap:
+              name: flyte-sandbox-extra-cluster-resource-templates
+      - name: config
+        projected:
+          sources:
+          - configMap:
+              name: flyte-sandbox-config
+          - secret:
+              name: flyte-sandbox-config-secret
+          - configMap:
+              name: flyte-sandbox-extra-config
+      - emptyDir: {}
+        name: state
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.1
+    helm.sh/chart: flyte-sandbox-0.1.0
+  name: flyte-sandbox-buildkit
+  namespace: flyte
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: buildkit
+      app.kubernetes.io/instance: flyte-sandbox
+      app.kubernetes.io/name: flyte-sandbox
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: buildkit
+        app.kubernetes.io/instance: flyte-sandbox
+        app.kubernetes.io/name: flyte-sandbox
+    spec:
+      containers:
+      - args:
+        - --addr
+        - unix:///run/buildkit/buildkitd.sock
+        - --addr
+        - tcp://0.0.0.0:30003
+        image: moby/buildkit:sandbox
+        imagePullPolicy: Never
+        livenessProbe:
+          exec:
+            command:
+            - buildctl
+            - debug
+            - workers
+          initialDelaySeconds: 5
+          periodSeconds: 30
+        name: buildkit
+        ports:
+        - containerPort: 30003
+          name: tcp
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - buildctl
+            - debug
+            - workers
+          initialDelaySeconds: 5
+          periodSeconds: 30
+        securityContext:
+          privileged: true
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: docker-registry
+    chart: docker-registry-2.2.2
+    heritage: Helm
+    release: flyte-sandbox
+  name: flyte-sandbox-docker-registry
+  namespace: flyte
+spec:
+  minReadySeconds: 5
+  replicas: 1
+  selector:
+    matchLabels:
+      app: docker-registry
+      release: flyte-sandbox
+  template:
+    metadata:
+      annotations:
+        checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
+        checksum/secret: c5a1150d783cdbf08b5809a4aa4e8edb1350dbe194919353ac464df3a2ad9cf9
+      labels:
+        app: docker-registry
+        release: flyte-sandbox
+    spec:
+      containers:
+      - command:
+        - /bin/registry
+        - serve
+        - /etc/docker/registry/config.yml
+        env:
+        - name: REGISTRY_HTTP_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: haSharedSecret
+              name: flyte-sandbox-docker-registry-secret
+        - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
+          value: /var/lib/registry
+        image: registry:sandbox
+        imagePullPolicy: Never
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 5000
+        name: docker-registry
+        ports:
+        - containerPort: 5000
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 5000
+        resources: {}
+        volumeMounts:
+        - mountPath: /etc/docker/registry
+          name: flyte-sandbox-docker-registry-config
+        - mountPath: /var/lib/registry/
+          name: data
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+      volumes:
+      - configMap:
+          name: flyte-sandbox-docker-registry-config
+        name: flyte-sandbox-docker-registry-config
+      - emptyDir: {}
+        name: data
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: kubernetes-dashboard
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
+  name: flyte-sandbox-kubernetes-dashboard
+  namespace: flyte
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: kubernetes-dashboard
+      app.kubernetes.io/instance: flyte-sandbox
+      app.kubernetes.io/name: kubernetes-dashboard
+  strategy:
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations: null
+      labels:
+        app.kubernetes.io/component: kubernetes-dashboard
+        app.kubernetes.io/instance: flyte-sandbox
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kubernetes-dashboard
+        app.kubernetes.io/version: 2.7.0
+        helm.sh/chart: kubernetes-dashboard-6.0.0
+    spec:
+      containers:
+      - args:
+        - --namespace=flyte
+        - --metrics-provider=none
+        - --enable-insecure-login
+        - --enable-skip-login
+        image: kubernetesui/dashboard:sandbox
+        imagePullPolicy: Never
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 9090
+            scheme: HTTP
+          initialDelaySeconds: 30
+          timeoutSeconds: 30
+        name: kubernetes-dashboard
+        ports:
+        - containerPort: 9090
+          name: http
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 2
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          runAsGroup: 2001
+          runAsUser: 1001
+        volumeMounts:
+        - mountPath: /certs
+          name: kubernetes-dashboard-certs
+        - mountPath: /tmp
+          name: tmp-volume
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: flyte-sandbox-kubernetes-dashboard
+      volumes:
+      - name: kubernetes-dashboard-certs
+        secret:
+          secretName: flyte-sandbox-kubernetes-dashboard-certs
+      - emptyDir: {}
+        name: tmp-volume
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: minio
+    helm.sh/chart: minio-12.6.7
+  name: flyte-sandbox-minio
+  namespace: flyte
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: flyte-sandbox
+      app.kubernetes.io/name: minio
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        checksum/credentials-secret: ecce809e3af19025d134846a9a81e163dd41df7e26abf2c6657895d9d13607a9
+      labels:
+        app.kubernetes.io/instance: flyte-sandbox
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: minio
+        helm.sh/chart: minio-12.6.7
+    spec:
+      affinity:
+        nodeAffinity: null
+        podAffinity: null
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchLabels:
+                  app.kubernetes.io/instance: flyte-sandbox
+                  app.kubernetes.io/name: minio
+              topologyKey: kubernetes.io/hostname
+            weight: 1
+      containers:
+      - env:
+        - name: BITNAMI_DEBUG
+          value: "false"
+        - name: MINIO_SCHEME
+          value: http
+        - name: MINIO_FORCE_NEW_KEYS
+          value: "no"
+        - name: MINIO_ROOT_USER
+          valueFrom:
+            secretKeyRef:
+              key: root-user
+              name: flyte-sandbox-minio
+        - name: MINIO_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: root-password
+              name: flyte-sandbox-minio
+        - name: MINIO_DEFAULT_BUCKETS
+          value: my-s3-bucket
+        - name: MINIO_BROWSER
+          value: "on"
+        - name: MINIO_PROMETHEUS_AUTH_TYPE
+          value: public
+        - name: MINIO_CONSOLE_PORT_NUMBER
+          value: "9001"
+        - name: MINIO_BROWSER_REDIRECT_URL
+          value: http://localhost:30080/minio
+        envFrom: null
+        image: docker.io/bitnami/minio:sandbox
+        imagePullPolicy: Never
+        livenessProbe:
+          failureThreshold: 5
+          httpGet:
+            path: /minio/health/live
+            port: minio-api
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 1
+          timeoutSeconds: 5
+        name: minio
+        ports:
+        - containerPort: 9000
+          name: minio-api
+          protocol: TCP
+        - containerPort: 9001
+          name: minio-console
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 5
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 1
+          tcpSocket:
+            port: minio-api
+          timeoutSeconds: 1
+        resources:
+          limits: {}
+          requests: {}
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1001
+        volumeMounts:
+        - mountPath: /data
+          name: data
+      initContainers:
+      - command:
+        - /bin/bash
+        - -ec
+        - |
+          chown -R 1001:1001 /data
+        image: docker.io/bitnami/os-shell:sandbox
+        imagePullPolicy: Never
+        name: volume-permissions
+        resources:
+          limits: {}
+          requests: {}
+        securityContext:
+          runAsUser: 0
+        volumeMounts:
+        - mountPath: /data
+          name: data
+      securityContext:
+        fsGroup: 1001
+      serviceAccountName: flyte-sandbox-minio
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: flyte-sandbox-minio-storage
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: flyte-sandbox
+    app.kubernetes.io/version: 1.16.1
+    helm.sh/chart: flyte-sandbox-0.1.0
+  name: flyte-sandbox-proxy
+  namespace: flyte
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: proxy
+      app.kubernetes.io/instance: flyte-sandbox
+      app.kubernetes.io/name: flyte-sandbox
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: proxy
+        app.kubernetes.io/instance: flyte-sandbox
+        app.kubernetes.io/name: flyte-sandbox
+    spec:
+      containers:
+      - image: envoyproxy/envoy:sandbox
+        imagePullPolicy: Never
+        livenessProbe:
+          initialDelaySeconds: 30
+          tcpSocket:
+            port: http
+        name: proxy
+        ports:
+        - containerPort: 8000
+          name: http
+        readinessProbe:
+          tcpSocket:
+            port: http
+        volumeMounts:
+        - mountPath: /etc/envoy
+          name: config
+      volumes:
+      - configMap:
+          name: flyte-sandbox-proxy-config
+        name: config
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: flyte-sandbox
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-12.8.1
+  name: flyte-sandbox-postgresql
+  namespace: flyte
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: primary
+      app.kubernetes.io/instance: flyte-sandbox
+      app.kubernetes.io/name: postgresql
+  serviceName: flyte-sandbox-postgresql-hl
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: primary
+        app.kubernetes.io/instance: flyte-sandbox
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: postgresql
+        helm.sh/chart: postgresql-12.8.1
+      name: flyte-sandbox-postgresql
+    spec:
+      affinity:
+        nodeAffinity: null
+        podAffinity: null
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchLabels:
+                  app.kubernetes.io/component: primary
+                  app.kubernetes.io/instance: flyte-sandbox
+                  app.kubernetes.io/name: postgresql
+              topologyKey: kubernetes.io/hostname
+            weight: 1
+      containers:
+      - env:
+        - name: BITNAMI_DEBUG
+          value: "false"
+        - name: POSTGRESQL_PORT_NUMBER
+          value: "5432"
+        - name: POSTGRESQL_VOLUME_DIR
+          value: /bitnami/postgresql
+        - name: PGDATA
+          value: /bitnami/postgresql/data
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: postgres-password
+              name: flyte-sandbox-postgresql
+        - name: POSTGRESQL_ENABLE_LDAP
+          value: "no"
+        - name: POSTGRESQL_ENABLE_TLS
+          value: "no"
+        - name: POSTGRESQL_LOG_HOSTNAME
+          value: "false"
+        - name: POSTGRESQL_LOG_CONNECTIONS
+          value: "false"
+        - name: POSTGRESQL_LOG_DISCONNECTIONS
+          value: "false"
+        - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
+          value: "off"
+        - name: POSTGRESQL_CLIENT_MIN_MESSAGES
+          value: error
+        - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
+          value: pgaudit
+        image: docker.io/bitnami/postgresql:sandbox
+        imagePullPolicy: Never
+        livenessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
+          failureThreshold: 6
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        name: postgresql
+        ports:
+        - containerPort: 5432
+          name: tcp-postgresql
+        readinessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - -e
+            - |
+              exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
+              [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
+          failureThreshold: 6
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        resources:
+          limits: {}
+          requests:
+            cpu: 250m
+            memory: 256Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsGroup: 0
+          runAsNonRoot: true
+          runAsUser: 1001
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /bitnami/postgresql
+          name: data
+      hostIPC: false
+      hostNetwork: false
+      initContainers:
+      - command:
+        - /bin/sh
+        - -ec
+        - |
+          chown 1001:1001 /bitnami/postgresql
+          mkdir -p /bitnami/postgresql/data
+          chmod 700 /bitnami/postgresql/data
+          find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \
+            xargs -r chown -R 1001:1001
+        image: docker.io/bitnami/os-shell:sandbox
+        imagePullPolicy: Never
+        name: init-chmod-data
+        resources:
+          limits: {}
+          requests: {}
+        securityContext:
+          runAsGroup: 0
+          runAsNonRoot: false
+          runAsUser: 0
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /bitnami/postgresql
+          name: data
+      securityContext:
+        fsGroup: 1001
+      serviceAccountName: default
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: flyte-sandbox-db-storage
+  updateStrategy:
+    rollingUpdate: {}
+    type: RollingUpdate
diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml
index 10ddf16bbf..8df1fc635e 100644
--- a/docker/sandbox-bundled/manifests/dev.yaml
+++ b/docker/sandbox-bundled/manifests/dev.yaml
@@ -499,7 +499,7 @@ metadata:
 ---
 apiVersion: v1
 data:
-  haSharedSecret: RXV5Y25YMloxdnhxOHhkRg==
+  haSharedSecret: QkRKSmNZU1M4MjhycFcwSA==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -934,7 +934,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: d950e08274c6c5752cbe3ec4acd93372e7ab1ef4e745f94ee13c9b617bc4d04c
+        checksum/secret: 96dcc672fc5ca4b9964df1dc5392d25be3cc5fd6727d2f6e645325210618b2a6
       labels:
         app: docker-registry
         release: flyte-sandbox

From d220e62f9af2b4d9eb92d13afd188b98f66005a8 Mon Sep 17 00:00:00 2001
From: davidmirror-ops <david espejo@union.ai>
Date: Thu, 21 Mar 2024 16:01:00 -0500
Subject: [PATCH 4/5] Make Helm

Signed-off-by: davidmirror-ops <david espejo@union.ai>
---
 deployment/eks/flyte_aws_scheduler_helm_generated.yaml | 4 ++--
 deployment/eks/flyte_helm_dataplane_generated.yaml     | 4 ++--
 deployment/eks/flyte_helm_generated.yaml               | 4 ++--
 deployment/gcp/flyte_helm_dataplane_generated.yaml     | 4 ++--
 deployment/gcp/flyte_helm_generated.yaml               | 4 ++--
 docker/sandbox-bundled/manifests/complete-agent.yaml   | 4 ++--
 docker/sandbox-bundled/manifests/complete.yaml         | 4 ++--
 docker/sandbox-bundled/manifests/dev.yaml              | 4 ++--
 8 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
index 9a604c8218..cea2577428 100644
--- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
+++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
@@ -1268,7 +1268,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "6b3ace0186a0b36f4d87ebd8ef0b7114608b9ad0b63d9c1af3bb84d4d2da857"
+        configChecksum: "b052795cb8ef026899766e121c71512ec06085fe15dadce8b93c94b01814851"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1350,7 +1350,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b0
       annotations:
-        configChecksum: "6b3ace0186a0b36f4d87ebd8ef0b7114608b9ad0b63d9c1af3bb84d4d2da857"
+        configChecksum: "b052795cb8ef026899766e121c71512ec06085fe15dadce8b93c94b01814851"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/eks/flyte_helm_dataplane_generated.yaml b/deployment/eks/flyte_helm_dataplane_generated.yaml
index fd00075f48..5e4d95a6b5 100644
--- a/deployment/eks/flyte_helm_dataplane_generated.yaml
+++ b/deployment/eks/flyte_helm_dataplane_generated.yaml
@@ -428,7 +428,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "6b3ace0186a0b36f4d87ebd8ef0b7114608b9ad0b63d9c1af3bb84d4d2da857"
+        configChecksum: "b052795cb8ef026899766e121c71512ec06085fe15dadce8b93c94b01814851"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -510,7 +510,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b0
       annotations:
-        configChecksum: "6b3ace0186a0b36f4d87ebd8ef0b7114608b9ad0b63d9c1af3bb84d4d2da857"
+        configChecksum: "b052795cb8ef026899766e121c71512ec06085fe15dadce8b93c94b01814851"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml
index 7dbffda91d..26348baeaf 100644
--- a/deployment/eks/flyte_helm_generated.yaml
+++ b/deployment/eks/flyte_helm_generated.yaml
@@ -1398,7 +1398,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "6b3ace0186a0b36f4d87ebd8ef0b7114608b9ad0b63d9c1af3bb84d4d2da857"
+        configChecksum: "b052795cb8ef026899766e121c71512ec06085fe15dadce8b93c94b01814851"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1480,7 +1480,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b0
       annotations:
-        configChecksum: "6b3ace0186a0b36f4d87ebd8ef0b7114608b9ad0b63d9c1af3bb84d4d2da857"
+        configChecksum: "b052795cb8ef026899766e121c71512ec06085fe15dadce8b93c94b01814851"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/gcp/flyte_helm_dataplane_generated.yaml b/deployment/gcp/flyte_helm_dataplane_generated.yaml
index 71f7baf868..546a42a850 100644
--- a/deployment/gcp/flyte_helm_dataplane_generated.yaml
+++ b/deployment/gcp/flyte_helm_dataplane_generated.yaml
@@ -436,7 +436,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "264352d1a15b63cdaca7bb2eb3a63e415d89e01d75a81be6afba718c241a441"
+        configChecksum: "0ab4a84507dfcfc17a93467885dd99f26bd108a912ace0f07edc932e0b9741f"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -517,7 +517,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b0
       annotations:
-        configChecksum: "264352d1a15b63cdaca7bb2eb3a63e415d89e01d75a81be6afba718c241a441"
+        configChecksum: "0ab4a84507dfcfc17a93467885dd99f26bd108a912ace0f07edc932e0b9741f"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml
index 8632a94d2f..2200bd6775 100644
--- a/deployment/gcp/flyte_helm_generated.yaml
+++ b/deployment/gcp/flyte_helm_generated.yaml
@@ -1421,7 +1421,7 @@ spec:
   template:
     metadata:
       annotations:
-        configChecksum: "264352d1a15b63cdaca7bb2eb3a63e415d89e01d75a81be6afba718c241a441"
+        configChecksum: "0ab4a84507dfcfc17a93467885dd99f26bd108a912ace0f07edc932e0b9741f"
       labels: 
         app.kubernetes.io/name: flytepropeller
         app.kubernetes.io/instance: flyte
@@ -1502,7 +1502,7 @@ spec:
         app.kubernetes.io/name: flyte-pod-webhook
         app.kubernetes.io/version: v1.11.0-b0
       annotations:
-        configChecksum: "264352d1a15b63cdaca7bb2eb3a63e415d89e01d75a81be6afba718c241a441"
+        configChecksum: "0ab4a84507dfcfc17a93467885dd99f26bd108a912ace0f07edc932e0b9741f"
     spec:
       securityContext: 
         fsGroup: 65534
diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml
index 1779389183..fee93ba777 100644
--- a/docker/sandbox-bundled/manifests/complete-agent.yaml
+++ b/docker/sandbox-bundled/manifests/complete-agent.yaml
@@ -816,7 +816,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: allvNmJ4bUxTcVo2Z0lObw==
+  haSharedSecret: aVAwMllSanVOQ09CMGZxOQ==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1412,7 +1412,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 7e2eea3d2c604971389c67f39e7d553b6329ea37af5254119febf0a125e55e64
+        checksum/secret: 3c3944d7f7e67694bc265ae5a5453a9d64aab005b39d3dceeeaae8f4e8675c60
       labels:
         app: docker-registry
         release: flyte-sandbox
diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml
index 05e557ad96..e776c2af8f 100644
--- a/docker/sandbox-bundled/manifests/complete.yaml
+++ b/docker/sandbox-bundled/manifests/complete.yaml
@@ -796,7 +796,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: d2Fqb3NpcVh5a1JUaGR4Vg==
+  haSharedSecret: R2ZMVVJuTVE1ZXVuNDlmbQ==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1360,7 +1360,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 087a8de1fb03ba21b367df5aa3a47d77ec2acbdeb9b6d2fa66c0caa04c304246
+        checksum/secret: 4c942e06bb5894cf111126d4c133c0d2afcc61aa9d0a55aac288e5f0705ed09b
       labels:
         app: docker-registry
         release: flyte-sandbox
diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml
index 71a34f8bed..a0a6ae2a8f 100644
--- a/docker/sandbox-bundled/manifests/dev.yaml
+++ b/docker/sandbox-bundled/manifests/dev.yaml
@@ -499,7 +499,7 @@ metadata:
 ---
 apiVersion: v1
 data:
-  haSharedSecret: WGtoeXNQV2FrV0lGeWJMeg==
+  haSharedSecret: V0tZdlFYQ3hhb1FaR1E3Ug==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -934,7 +934,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 63c7525d8f4e16616715d985d9581611a83fe095e65b51cc25c61f9009f595da
+        checksum/secret: f936b8554e82f093e8127fe4bf503061bc6f9ebd42be86a2aa82b8f36ce2063a
       labels:
         app: docker-registry
         release: flyte-sandbox

From 1cfbd356b7673beee5f708988cdc0f2b2f5d9311 Mon Sep 17 00:00:00 2001
From: davidmirror-ops <david espejo@union.ai>
Date: Mon, 1 Apr 2024 15:12:18 -0500
Subject: [PATCH 5/5] Make Helm

Signed-off-by: davidmirror-ops <david espejo@union.ai>
---
 docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++--
 docker/sandbox-bundled/manifests/complete.yaml       | 4 ++--
 docker/sandbox-bundled/manifests/dev.yaml            | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml
index 3d40c5a8f8..2830ee7252 100644
--- a/docker/sandbox-bundled/manifests/complete-agent.yaml
+++ b/docker/sandbox-bundled/manifests/complete-agent.yaml
@@ -816,7 +816,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: QWVsREJpZnlIR2N1UXJSMg==
+  haSharedSecret: cExVN1ZxdEtEYlQ1eEtXeQ==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1412,7 +1412,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 6eadd3a29b61a78cf3a7712f3370a10fc0ec1a61c40753a48c7fa8bea69a6ec6
+        checksum/secret: 2538c361218e5854be4c95f5319a099bc82f0bb1c53d7f2d96293bad034583c3
       labels:
         app: docker-registry
         release: flyte-sandbox
diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml
index 69739d52d7..73927b52b9 100644
--- a/docker/sandbox-bundled/manifests/complete.yaml
+++ b/docker/sandbox-bundled/manifests/complete.yaml
@@ -796,7 +796,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: NmtkWjAwUWhadWlzb0xNcA==
+  haSharedSecret: TDNOOTJuWHQxdzZPUlB6Mw==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1360,7 +1360,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 98727a2bd78c4e88ef413663ebff406f78c8fdbda001f7ba7b6b784934cd4d4a
+        checksum/secret: f11db958c1e12b5fc771b0e1e4c26d8d596b3da629b95b394a9c89cc7c2e66c4
       labels:
         app: docker-registry
         release: flyte-sandbox
diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml
index fd77ad44e0..a82d369818 100644
--- a/docker/sandbox-bundled/manifests/dev.yaml
+++ b/docker/sandbox-bundled/manifests/dev.yaml
@@ -499,7 +499,7 @@ metadata:
 ---
 apiVersion: v1
 data:
-  haSharedSecret: WG01UkdoN2dNTzBMRjJDVA==
+  haSharedSecret: ejhsa3ZqanB6UlZEQzU4YQ==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -934,7 +934,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 5400c48803b4ae9d08115e0f52f00245498c0b06d11d318a36590b01f91e2753
+        checksum/secret: b2b5fc801ad115b6ba6eb811907d614a7ca544ef3194e956a78a300abf7ed45b
       labels:
         app: docker-registry
         release: flyte-sandbox