Skip to content

Commit

Permalink
Merge branch 'flyteorg:master' into feature/add-separate-grpc-service…
Browse files Browse the repository at this point in the history
…-for-flyte-core
  • Loading branch information
Jeinhaus authored Apr 8, 2024
2 parents 44eaba8 + 6d58c73 commit efd9226
Show file tree
Hide file tree
Showing 70 changed files with 1,623 additions and 836 deletions.
2 changes: 0 additions & 2 deletions boilerplate/flyte/golang_support_tools/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -295,8 +295,6 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 h1:23T5iq8rbUYlhpt5DB4XJkc6BU31uODLD1o1gKvZmD0=
Expand Down
2 changes: 1 addition & 1 deletion charts/flyte-binary/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ Get the Flyte service GRPC paths.
- /flyteidl.service.AdminService
- /flyteidl.service.AdminService/*
- /flyteidl.service.AuthMetadataService
- /flyteidl.service.AuthMetadataService/
- /flyteidl.service.AuthMetadataService/*
- /flyteidl.service.DataProxyService
- /flyteidl.service.DataProxyService/*
- /flyteidl.service.IdentityService
Expand Down
9 changes: 5 additions & 4 deletions datacatalog/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ require (
github.com/gofrs/uuid v4.2.0+incompatible
github.com/golang/glog v1.2.0
github.com/golang/protobuf v1.5.3
github.com/jackc/pgconn v1.14.1
github.com/jackc/pgconn v1.14.3
github.com/mitchellh/mapstructure v1.5.0
github.com/spf13/cobra v1.7.0
github.com/spf13/pflag v1.0.5
Expand Down Expand Up @@ -69,9 +69,10 @@ require (
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
github.com/jackc/pgio v1.0.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgproto3/v2 v2.3.2 // indirect
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
github.com/jackc/pgx/v5 v5.4.3 // indirect
github.com/jackc/pgproto3/v2 v2.3.3 // indirect
github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 // indirect
github.com/jackc/pgx/v5 v5.5.5 // indirect
github.com/jackc/puddle/v2 v2.2.1 // indirect
github.com/jinzhu/inflection v1.0.0 // indirect
github.com/jinzhu/now v1.1.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
Expand Down
95 changes: 10 additions & 85 deletions datacatalog/go.sum

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions docs/community/contribute.rst
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ The resulting ``html`` files will be in ``docs/_build/html``. You can view them
* Run the following commands:
* ``make generate``
* ``make test_unit``
* ``make link``
* ``make lint``
* To compile, run ``make compile``

``flyteadmin``
Expand Down Expand Up @@ -262,7 +262,7 @@ The resulting ``html`` files will be in ``docs/_build/html``. You can view them
* Run the following commands:
* ``make generate``
* ``make test_unit``
* ``make link``
* ``make lint``

``flytestdlib``
***************
Expand Down
111 changes: 57 additions & 54 deletions docs/deployment/configuration/auth_setup.rst
Original file line number Diff line number Diff line change
Expand Up @@ -558,42 +558,43 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
.. code-block:: yaml
configmap:
auth:
appAuth:
adminServer:
auth:
appAuth:
authServerType: External
authServerType: External
# 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl.
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
# 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl.
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
metadataUrl: .well-known/openid-configuration
metadataUrl: .well-known/openid-configuration
thirdPartyConfig:
flyteClient:
# 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server.
clientId: flytectl
# This should not change
redirectUri: http://localhost:53593/callback
# 4. "all" is a required scope and must be configured in the custom authorization server.
scopes:
- offline
- all
thirdPartyConfig:
flyteClient:
# 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server.
clientId: flytectl
# This should not change
redirectUri: http://localhost:53593/callback
# 4. "all" is a required scope and must be configured in the custom authorization server.
scopes:
- offline
- all
userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
- openid
# - offline_access # Uncomment if OIdC supports issuing refresh tokens.
clientId: <client id>
userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
- openid
# - offline_access # Uncomment if OIdC supports issuing refresh tokens.
clientId: <client id>
secrets:
Expand All @@ -616,14 +617,14 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
.. code-block:: yaml
secrets:
adminOauthClientCredentials:
enabled: true
clientSecret: <client secret>
clientId: <client id>
adminOauthClientCredentials:
enabled: true
clientSecret: <client secret>
clientId: <client id>
---
configmap:
admin:
admin:
admin:
admin:
endpoint: <admin endpoint>
insecure: true
clientId: <client id>
Expand All @@ -632,28 +633,30 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
- api://<client id>/.default
useAudienceFromAdmin: true
---
auth:
appAuth:
authServerType: External
externalAuthServer:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0/
metadataUrl: .well-known/openid-configuration
AllowedAudience:
- api://<client id>
thirdPartyConfig:
flyteClient:
configmap:
adminServer:
auth:
appAuth:
authServerType: External
externalAuthServer:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0/
metadataUrl: .well-known/openid-configuration
AllowedAudience:
- api://<client id>
thirdPartyConfig:
flyteClient:
clientId: <client id>
redirectUri: http://localhost:53593/callback
scopes:
- api://<client id>/<custom-scope>
userAuth:
openId:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0
scopes:
- openid
- profile
clientId: <client id>
userAuth:
openId:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0
scopes:
- openid
- profile
clientId: <client id>
.. note::

Expand Down
24 changes: 4 additions & 20 deletions docs/deployment/plugins/k8s/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,10 @@ Select the integration you need and follow the steps to install the correspondin
To install the Kuberay operator, run the following command:

helm install kuberay-operator kuberay/kuberay-operator --version 1.0.0

.. code-block:: bash
helm install kuberay-operator kuberay/kuberay-operator --namespace ray-system --version 1.1.0 --create-namespace
.. group-tab:: Spark

To add the Spark Helm repository, run the following commands:
Expand Down Expand Up @@ -270,18 +272,6 @@ Specify plugin configuration
- container: container
- container_array: k8s-array
- ray: ray
rbac:
extraRules:
- apiGroups:
- "ray.io"
resources:
- rayjob
verbs:
- create
- get
- list
- patch
- update
.. group-tab:: Flyte core

Expand Down Expand Up @@ -1036,9 +1026,3 @@ Wait for the upgrade to complete. You can check the status of the deployment pod
kubectl get pods -n flyte
Once all the components are up and running, go to the `examples section <https://docs.flyte.org/en/latest/flytesnacks/integrations.html#native-backend-plugins>`__ to learn more about how to use Flyte backend plugins.






98 changes: 98 additions & 0 deletions docs/flyte_agents/deploying_agents_to_the_flyte_sandbox.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
---
jupytext:
formats: md:myst
text_representation:
extension: .md
format_name: myst
---

(deploying_agents_to_the_flyte_sandbox)=
# Deploying agents to the Flyte sandbox

After you have finished {ref}`testing an agent locally <testing_agents_locally>`, you can deploy your agent to the Flyte sandbox.

Here's a step by step guide to deploying your agent image to the Flyte sandbox.

1. Start the Flyte sandbox:
```bash
flytectl demo start
```

2. Build an agent image:
You can go to [here](https://github.com/flyteorg/flytekit/blob/master/Dockerfile.agent) to see the Dockerfile we use in flytekit python.
Take Databricks agent as an example:
```Dockerfile
FROM python:3.9-slim-bookworm

RUN apt-get update && apt-get install build-essential git -y
RUN pip install prometheus-client grpcio-health-checking
RUN pip install --no-cache-dir -U flytekit \
git+https://github.com/flyteorg/flytekit.git@<gitsha>#subdirectory=plugins/flytekit-spark \
&& apt-get clean autoclean \
&& apt-get autoremove --yes \
&& rm -rf /var/lib/{apt,dpkg,cache,log}/ \
&& :

CMD pyflyte serve agent --port 8000
```
```bash
docker buildx build -t localhost:30000/flyteagent:example -f Dockerfile.agent . --load
docker push localhost:30000/flyteagent:example
```

2. Deploy your agent image to the Kubernetes cluster:
```bash
kubectl edit deployment flyteagent -n flyte
```
Search for the `image` key and change its value to your agent image:
```yaml
image: localhost:30000/flyteagent:example
```
3. Set up your secrets:
Let's take Databricks agent as an example:
```bash
kubectl edit secret flyteagent -n flyte
```
Get your `BASE64_ENCODED_DATABRICKS_TOKEN`:
```bash
echo -n "<DATABRICKS_TOKEN>" | base64
```
Add your token to the `data` field:
```yaml
apiVersion: v1
data:
flyte_databricks_access_token: <BASE64_ENCODED_DATABRICKS_TOKEN>
kind: Secret
metadata:
annotations:
meta.helm.sh/release-name: flyteagent
meta.helm.sh/release-namespace: flyte
creationTimestamp: "2023-10-04T04:09:03Z"
labels:
app.kubernetes.io/managed-by: Helm
name: flyteagent
namespace: flyte
resourceVersion: "753"
uid: 5ac1e1b6-2a4c-4e26-9001-d4ba72c39e54
type: Opaque
```
:::{note}
Please ensure two things:
1. The secret name consists only of lowercase English letters.
2. The secret value is encoded in Base64.
:::
4. Restart development:
```bash
kubectl rollout restart deployment flyte-sandbox -n flyte
```

5. Test your agent remotely in the Flyte sandbox:
```bash
pyflyte run --remote agent_workflow.py agent_task
```

:::{note}
You must build an image that includes the plugin for the task and specify its config with the [`--image` flag](https://docs.flyte.org/en/latest/api/flytekit/pyflyte.html#cmdoption-pyflyte-run-i) when running `pyflyte run` or in an {ref}`ImageSpec <imagespec>` definition in your workflow file.
:::
13 changes: 8 additions & 5 deletions docs/flyte_agents/developing_agents.md
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,9 @@ class FileSensor(BaseSensor):
```


### 2. Test the agent locally
### 2. Test the agent

See {doc}`"Testing agents locally" <testing_agents_locally>` to test your agent locally.
You can test your agent in a {ref}`local Python environment <testing_agents_locally>` or in a {ref}<local development cluster `testing_agents_in_a_local_development_cluster`>.

### 3. Build a new Docker image

Expand Down Expand Up @@ -166,7 +166,7 @@ For flytekit versions `>v1.10.2`, use `pyflyte serve agent`.
kubectl set image deployment/flyteagent flyteagent=ghcr.io/flyteorg/flyteagent:latest
```

2. Update the FlytePropeller configmap.
2. Update the FlytePropeller configmap:

```YAML
tasks:
Expand All @@ -178,22 +178,25 @@ kubectl set image deployment/flyteagent flyteagent=ghcr.io/flyteorg/flyteagent:l
- custom_task: agent-service
```
3. Restart FlytePropeller.
3. Restart FlytePropeller:
```
kubectl rollout restart deployment flytepropeller -n flyte
```

### 5.


### Canary deployment

Agents can be deployed independently in separate environments. Decoupling agents from the
production environment ensures that if any specific agent encounters an error or issue, it will not impact the overall production system.

By running agents independently, you can thoroughly test and validate your agents in a
controlled environment before deploying them to the production cluster.

By default, all agent requests will be sent to the default agent service. However,
you can route particular task requests to designated agent services by adjusting the flytepropeller configuration.
you can route particular task requests to designated agent services by adjusting the FlytePropeller configuration.

```yaml
plugins:
Expand Down
Loading

0 comments on commit efd9226

Please sign in to comment.