From 3603353bcd6933659f23001815c83e4bcc5a3bd7 Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Mon, 29 Jul 2024 11:43:41 -0500 Subject: [PATCH 1/6] Introduce more generous resource requests and remove duplicate file Signed-off-by: davidmirror-ops --- charts/flyte-binary/eks-production.yaml | 123 ------------------------ charts/flyte-binary/values.yaml | 10 +- 2 files changed, 4 insertions(+), 129 deletions(-) delete mode 100644 charts/flyte-binary/eks-production.yaml diff --git a/charts/flyte-binary/eks-production.yaml b/charts/flyte-binary/eks-production.yaml deleted file mode 100644 index 987269a5aa..0000000000 --- a/charts/flyte-binary/eks-production.yaml +++ /dev/null @@ -1,123 +0,0 @@ -configuration: - database: - username: postgres - password: - host: - dbname: flyte - storage: - #Learn more about how Flyte handles data: https://docs.flyte.org/en/latest/concepts/data_management.html - metadataContainer: - userDataContainer: - provider: s3 - providerConfig: - s3: - region: "" - authType: "iam" - #For logging to work, you need to setup an agent. - # Learn more: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-EKS-logs.html - logging: - level: 5 - plugins: - cloudwatch: - enabled: true - templateUri: |- - https://console.aws.amazon.com/cloudwatch/home?region=#logEventViewer:group=/aws/eks//cluster;stream=var.log.containers.{{ .podName }}_{{ .namespace }}_{{ .containerName }}-{{ .containerId }}.log - # To configure auth, refer to https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html - auth: - enabled: false - oidc: - baseUrl: - clientId: - clientSecret: - internal: - clientSecret: - clientSecretHash: - authorizedUris: - - https://flyte.company.com #change to your authorized URI - inline: - #This section automates the IAM Role annotation for the default KSA on each project namespace to enable IRSA - #Learn more: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html - cluster_resources: - customData: - - production: - - defaultIamRole: - value: - - staging: - - defaultIamRole: - value: - - development: - - defaultIamRole: - value: - flyteadmin: - roleNameKey: "iam.amazonaws.com/role" - plugins: - k8s: - inject-finalizer: true - default-env-vars: - - AWS_METADATA_SERVICE_TIMEOUT: 5 - - AWS_METADATA_SERVICE_NUM_ATTEMPTS: 20 - # Configuration for the Datacatalog engine, used when caching is enabled - # Learn more: https://docs.flyte.org/en/latest/deployment/configuration/generated/datacatalog_config.html - storage: - cache: - max_size_mbs: 10 - target_gc_percent: 100 - tasks: - task-plugins: - enabled-plugins: - - container - - sidecar - - K8S-ARRAY #used for MapTasks - - agent-service - default-for-task-types: - - container: container - - container_array: K8S-ARRAY -clusterResourceTemplates: - inline: - #This section automates the creation of the project-domain namespaces - 001_namespace.yaml: | - apiVersion: v1 - kind: Namespace - metadata: - name: '{{ namespace }}' - # This block performs the automated annotation of KSAs across all project-domain namespaces - 002_serviceaccount.yaml: | - apiVersion: v1 - kind: ServiceAccount - metadata: - name: default - namespace: '{{ namespace }}' - annotations: - eks.amazonaws.com/role-arn: '{{ defaultIamRole }}' -ingress: - create: true - ##-- Uncomment the following section if you plan to use NGINX Ingress Controller - #ingressClassName: nginx - #commonAnnotations: - # ingress.kubernetes.io/rewrite-target: / - # nginx.ingress.kubernetes.io/ssl-redirect: "true" - #httpAnnotations: - # nginx.ingress.kubernetes.io/app-root: /console - #grpcAnnotations: - # nginx.ingress.kubernetes.io/backend-protocol: GRPC - #host: # change for the URL you'll use to connect to Flyte - ## --- - - #This section assumes you are using the ALB Ingress controller. - ingressClassName: alb - commonAnnotations: - alb.ingress.kubernetes.io/certificate-arn: 'arn:aws:acm:::certificate/' - alb.ingress.kubernetes.io/group.name: flyte - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/ssl-redirect: '443' - alb.ingress.kubernetes.io/target-type: ip - httpAnnotations: - alb.ingress.kubernetes.io/actions.app-root: '{"Type": "redirect", "RedirectConfig": {"Path": "/console", "StatusCode": "HTTP_302"}}' - grpcAnnotations: - alb.ingress.kubernetes.io/backend-protocol-version: GRPC - host: flyte.mydomain.com #replace with your fully-qualified domain name -serviceAccount: - create: true - annotations: - eks.amazonaws.com/role-arn: "" \ No newline at end of file diff --git a/charts/flyte-binary/values.yaml b/charts/flyte-binary/values.yaml index 66d1e1feae..068b8886b3 100644 --- a/charts/flyte-binary/values.yaml +++ b/charts/flyte-binary/values.yaml @@ -234,12 +234,10 @@ deployment: # lifecycleHooks Specify hooks to run in Flyte container before or after startup lifecycleHooks: {} # resources Resource limits and requests for Flyte container - # Uncomment and update to specify resources for deployment - # resources: - # limits: - # memory: 1Gi - # requests: - # cpu: 1 + resources: + requests: + cpu: "4" + memory: "4G" # podSecurityContext Specify security context for Flyte pod # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ podSecurityContext: From 510ab804a468bb687beae7764f9f3bc232b925c6 Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Mon, 5 Aug 2024 16:42:07 -0500 Subject: [PATCH 2/6] Use binary unit Signed-off-by: davidmirror-ops --- charts/flyte-binary/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/flyte-binary/values.yaml b/charts/flyte-binary/values.yaml index 068b8886b3..dde00fd678 100644 --- a/charts/flyte-binary/values.yaml +++ b/charts/flyte-binary/values.yaml @@ -237,7 +237,7 @@ deployment: resources: requests: cpu: "4" - memory: "4G" + memory: "4Gi" # podSecurityContext Specify security context for Flyte pod # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ podSecurityContext: From 8d3ce1dce60250991c9743b5c0f82f32255185fb Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Fri, 9 Aug 2024 11:53:40 -0500 Subject: [PATCH 3/6] Remove stale reference to eks-production Signed-off-by: davidmirror-ops --- docs/deployment/configuration/index.md | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/docs/deployment/configuration/index.md b/docs/deployment/configuration/index.md index b5758679d7..a090f735d2 100644 --- a/docs/deployment/configuration/index.md +++ b/docs/deployment/configuration/index.md @@ -5,22 +5,7 @@ This section will cover how to configure your Flyte cluster for features like authentication, monitoring, and notifications. -````{important} -The configuration instructions in this section are for the `flyte` and `flyte-core` Helm charts, which is for -the {ref}`multi-cluster setup `. -If you're using the `flyte-binary` chart for the {ref}`single cluster setup `, -instead of specifying configuration under a yaml file like `cloud_events.yaml` in {ref}`deployment-configuration-cloud-event`, -you'll need to add the configuration settings under the `inline` section in the `eks-production.yaml` file: - -```{eval-rst} -.. literalinclude:: ../../../charts/flyte-binary/eks-production.yaml - :language: yaml - :lines: 30-41 - :caption: charts/flyte-binary/eks-production.yaml -``` - -```` ```{list-table} From aebea7f560090182a8a446088a85f065431fca60 Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Fri, 9 Aug 2024 13:09:45 -0500 Subject: [PATCH 4/6] Output of make helm Signed-off-by: davidmirror-ops --- charts/flyte-binary/README.md | 2 ++ .../flyte_sandbox_binary_helm_generated.yaml | 8 ++++++++ docker/sandbox-bundled/manifests/complete-agent.yaml | 12 ++++++++++-- docker/sandbox-bundled/manifests/complete.yaml | 12 ++++++++++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/charts/flyte-binary/README.md b/charts/flyte-binary/README.md index 63a351d0f5..b0234919dc 100644 --- a/charts/flyte-binary/README.md +++ b/charts/flyte-binary/README.md @@ -104,6 +104,8 @@ Chart for basic single Flyte executable deployment | deployment.podSecurityContext.runAsGroup | int | `65534` | | | deployment.podSecurityContext.runAsUser | int | `65534` | | | deployment.readinessProbe | object | `{}` | | +| deployment.resources.requests.cpu | string | `"4"` | | +| deployment.resources.requests.memory | string | `"4Gi"` | | | deployment.sidecars | list | `[]` | | | deployment.startupProbe | object | `{}` | | | deployment.waitForDB.args | list | `[]` | | diff --git a/deployment/sandbox-binary/flyte_sandbox_binary_helm_generated.yaml b/deployment/sandbox-binary/flyte_sandbox_binary_helm_generated.yaml index 08599c13f7..3ddeec8644 100644 --- a/deployment/sandbox-binary/flyte_sandbox_binary_helm_generated.yaml +++ b/deployment/sandbox-binary/flyte_sandbox_binary_helm_generated.yaml @@ -381,6 +381,10 @@ spec: echo waiting for database sleep 0.1 done + resources: + requests: + cpu: "4" + memory: 4Gi containers: - name: flyte image: "cr.flyte.org/flyteorg/flyte-binary:latest" @@ -415,6 +419,10 @@ spec: path: /healthcheck port: http initialDelaySeconds: 30 + resources: + requests: + cpu: "4" + memory: 4Gi volumeMounts: - name: cluster-resource-templates mountPath: /etc/flyte/cluster-resource-templates diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index 4b0dc5c172..fbdb18cdfc 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -817,7 +817,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: RVJtRHVFeUtzZHdDMjRTQQ== + haSharedSecret: VmRJUXp6OFNiV0wxbzV2Rg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1289,6 +1289,10 @@ spec: path: /healthcheck port: http initialDelaySeconds: 30 + resources: + requests: + cpu: "4" + memory: 4Gi volumeMounts: - mountPath: /etc/flyte/cluster-resource-templates name: cluster-resource-templates @@ -1313,6 +1317,10 @@ spec: image: bitnami/postgresql:sandbox imagePullPolicy: Never name: wait-for-db + resources: + requests: + cpu: "4" + memory: 4Gi serviceAccountName: flyte-sandbox volumes: - name: cluster-resource-templates @@ -1414,7 +1422,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: b56109123fc8874c06e091766f6e86bd5ffdc4cdc86ea7861092332870babf0e + checksum/secret: 315296812cb84adee909278d0bc0ecd717cde88d9fa0fcf142538a2d31ef93b0 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index db86678c70..0e43763b4c 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -797,7 +797,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: dGZGeUR3THl1ODFKV2ROdA== + haSharedSecret: YkcxNHl6NjFhRVN5ZElDcA== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1236,6 +1236,10 @@ spec: path: /healthcheck port: http initialDelaySeconds: 30 + resources: + requests: + cpu: "4" + memory: 4Gi volumeMounts: - mountPath: /etc/flyte/cluster-resource-templates name: cluster-resource-templates @@ -1260,6 +1264,10 @@ spec: image: bitnami/postgresql:sandbox imagePullPolicy: Never name: wait-for-db + resources: + requests: + cpu: "4" + memory: 4Gi serviceAccountName: flyte-sandbox volumes: - name: cluster-resource-templates @@ -1361,7 +1369,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 953e371a21c81445990201881e1603b35558441bea4c3702cc1f3dbdbc66c6b7 + checksum/secret: ae74398383d4c1d718901ffe6d2b0946a88428712bb02cb1b4d226534a8ad559 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index bdd5143bb3..ca311f75c2 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: clA0NmJsaW9TUHNJYjRYTA== + haSharedSecret: cXJMOE55UFVTODRqMkQ5OA== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 51051b8a95112e2aa1aed0e472540340697cf3481a144444d65dfaa220ae471d + checksum/secret: 472d0eaf323cf3fedd09364326c9efd8343f2102f790ae09f90fdda949613a6c labels: app: docker-registry release: flyte-sandbox From 72c2da2ead1a1ae2b58f79ad6df8917f80901995 Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Tue, 27 Aug 2024 15:33:04 -0500 Subject: [PATCH 5/6] Output of make helm Signed-off-by: davidmirror-ops --- docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index fbdb18cdfc..df683ae6c4 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -817,7 +817,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: VmRJUXp6OFNiV0wxbzV2Rg== + haSharedSecret: bWVtazByVFFYUzZ6RVJFdQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1422,7 +1422,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 315296812cb84adee909278d0bc0ecd717cde88d9fa0fcf142538a2d31ef93b0 + checksum/secret: c986e477adb905cb7134c215d49f7744dd8990aa22c169b21b83a6f6da8d4a0f labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 0e43763b4c..3e661ae5eb 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -797,7 +797,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: YkcxNHl6NjFhRVN5ZElDcA== + haSharedSecret: OE5HMVNER08wcEptbkV2ZQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1369,7 +1369,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: ae74398383d4c1d718901ffe6d2b0946a88428712bb02cb1b4d226534a8ad559 + checksum/secret: ce433b5519d8f5a8d5cd778411a9d39a7529e4f14f5027e7c8fa90d4bbc38655 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index ca311f75c2..7f32ccf2a0 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: cXJMOE55UFVTODRqMkQ5OA== + haSharedSecret: OXIyQWFUdFVUbnFNcGxhVQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 472d0eaf323cf3fedd09364326c9efd8343f2102f790ae09f90fdda949613a6c + checksum/secret: f679a7019b3cc82e940097488ba4dbfea6759625d424346125407c420ec9a316 labels: app: docker-registry release: flyte-sandbox From 1950af508e41bcb32a745b39dcc53dde4797d87b Mon Sep 17 00:00:00 2001 From: davidmirror-ops Date: Wed, 4 Sep 2024 12:25:34 -0500 Subject: [PATCH 6/6] make helm output v2 Signed-off-by: davidmirror-ops --- docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index df683ae6c4..c3c41f4c39 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -817,7 +817,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: bWVtazByVFFYUzZ6RVJFdQ== + haSharedSecret: Nmszb2dnV0lvdDV4cTFKRw== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1422,7 +1422,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: c986e477adb905cb7134c215d49f7744dd8990aa22c169b21b83a6f6da8d4a0f + checksum/secret: e61f7c68a179663c34a4ed4be490c02741a0ee38ef152e5651859418cb4b36bd labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 3e661ae5eb..7e75525b3d 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -797,7 +797,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: OE5HMVNER08wcEptbkV2ZQ== + haSharedSecret: aEp3U2hKVXdzUmtNQXZzYw== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1369,7 +1369,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: ce433b5519d8f5a8d5cd778411a9d39a7529e4f14f5027e7c8fa90d4bbc38655 + checksum/secret: 6a1c2ce15560b5de6ff90d8437ed712de1c3ef32be3420e327d77d3cd0bcfbe2 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index 7f32ccf2a0..4e63cbb066 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: OXIyQWFUdFVUbnFNcGxhVQ== + haSharedSecret: ZlpjYUVxZ3FYMVljSGlCNA== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: f679a7019b3cc82e940097488ba4dbfea6759625d424346125407c420ec9a316 + checksum/secret: 23e3effcf66f6c4c67c3b40f34b919e52d7bb808206286c9412673a5b248d44d labels: app: docker-registry release: flyte-sandbox