diff --git a/charts/flyte-devbox/Chart.lock b/charts/flyte-devbox/Chart.lock index 1de7e11ef7..fd766af02a 100644 --- a/charts/flyte-devbox/Chart.lock +++ b/charts/flyte-devbox/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: knative-serving repository: https://deeploy-knative-serving-charts.storage.googleapis.com/ version: 1.18.3 -digest: sha256:6efe6bec03f8b60469f0a4d8c3a985d0c61a9a7ccdbf6a4c6608bd41b17ced8b -generated: "2026-04-23T12:14:59.242727-07:00" +- name: rustfs + repository: https://rustfs.github.io/helm + version: 0.0.94 +digest: sha256:7352f39ebf63c47326f8499ac0fa002e874094bccb74155b6d7adb460851936a +generated: "2026-04-28T23:16:06.37398-05:00" diff --git a/charts/flyte-devbox/Chart.yaml b/charts/flyte-devbox/Chart.yaml index 777885d74b..a6f88efbe8 100644 --- a/charts/flyte-devbox/Chart.yaml +++ b/charts/flyte-devbox/Chart.yaml @@ -36,3 +36,6 @@ dependencies: version: 1.18.3 repository: https://deeploy-knative-serving-charts.storage.googleapis.com/ condition: knative-serving.enabled + - name: rustfs + version: 0.0.94 + repository: https://rustfs.github.io/helm diff --git a/charts/flyte-devbox/templates/_helpers.tpl b/charts/flyte-devbox/templates/_helpers.tpl index 474307ef83..2a6e8866fa 100644 --- a/charts/flyte-devbox/templates/_helpers.tpl +++ b/charts/flyte-devbox/templates/_helpers.tpl @@ -82,12 +82,6 @@ Name of PersistentVolume and PersistentVolumeClaim for PostgreSQL database {{- printf "%s-db-storage" .Release.Name -}} {{- end }} -{{/* -Name of PersistentVolume and PersistentVolumeClaim for RustFS -*/}} -{{- define "flyte-devbox.persistence.rustfsVolumeName" -}} -{{- printf "%s-rustfs-storage" .Release.Name -}} -{{- end }} {{/* Name of PersistentVolume and PersistentVolumeClaim for Docker Registry diff --git a/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml b/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml deleted file mode 100644 index 058f41c815..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - initContainers: - - name: volume-permissions - image: busybox:latest - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - containers: - - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never - env: - - name: RUSTFS_ADDRESS - value: "0.0.0.0:9000" - - name: RUSTFS_VOLUMES - value: "/data" - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - name: rustfs - key: access-key - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - name: rustfs - key: secret-key - ports: - - containerPort: 9000 - name: rustfs-api - protocol: TCP - livenessProbe: - tcpSocket: - port: rustfs-api - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 5 - readinessProbe: - tcpSocket: - port: rustfs-api - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 5 - securityContext: - runAsUser: 10001 - runAsNonRoot: true - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 10001 - volumes: - - name: data - persistentVolumeClaim: - claimName: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/pv.yaml b/charts/flyte-devbox/templates/storage/rustfs/pv.yaml deleted file mode 100644 index 3eb5000768..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/pv.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: "/var/lib/flyte/storage/rustfs" -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml b/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml deleted file mode 100644 index 500bb73273..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - volumeName: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/secret.yaml b/charts/flyte-devbox/templates/storage/rustfs/secret.yaml deleted file mode 100644 index 3766e0236f..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -type: Opaque -data: - access-key: {{ .Values.rustfs.accessKey | b64enc | quote }} - secret-key: {{ .Values.rustfs.secretKey | b64enc | quote }} -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/service.yaml b/charts/flyte-devbox/templates/storage/rustfs/service.yaml deleted file mode 100644 index 2b4e80798c..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - type: NodePort - ports: - - name: rustfs-api - nodePort: 30002 - port: 9000 - targetPort: rustfs-api - selector: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index facceaa80c..3bcb63cc1f 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -33,7 +33,7 @@ flyte-binary: s3: disableSSL: true v2Signing: true - endpoint: http://rustfs.{{ .Release.Namespace }}:9000 + endpoint: http://rustfs-svc.{{ .Release.Namespace }}:9000 authType: accesskey accessKey: rustfs secretKey: rustfsstorage @@ -58,7 +58,7 @@ flyte-binary: plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs.{{ .Release.Namespace }}:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc.{{ .Release.Namespace }}:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: 'flyte-binary-http.{{ .Release.Namespace }}:8090' @@ -133,10 +133,26 @@ flyte-binary: - '*' verbs: - '*' +# RustFS chart configuration. rustfs: - enabled: true - accessKey: rustfs - secretKey: rustfsstorage + fullnameOverride: rustfs + mode: + standalone: + enabled: true + distributed: + enabled: false + image: + repository: rustfs/rustfs + tag: sandbox + service: + type: NodePort + endpoint: + nodePort: 30002 + secret: + rustfs: + access_key: rustfs + secret_key: rustfsstorage + postgresql: fullnameOverride: postgresql enabled: true diff --git a/docker/devbox-bundled/Makefile b/docker/devbox-bundled/Makefile index 342990438a..76289650d7 100644 --- a/docker/devbox-bundled/Makefile +++ b/docker/devbox-bundled/Makefile @@ -86,6 +86,7 @@ helm-repos: helm repo add docker-registry https://twuni.github.io/docker-registry.helm helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add knative-serving https://deeploy-knative-serving-charts.storage.googleapis.com/ + helm repo add rustfs https://rustfs.github.io/helm helm repo update .PHONY: dep_build diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index aaac232325..5850485a89 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -74,4 +74,39 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete - +- target: + kind: Pod + name: rustfs-test-connection + patch: | + $patch: delete + apiVersion: v1 + kind: Pod + metadata: + name: rustfs-test-connection +- patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: rustfs + namespace: flyte + spec: + template: + spec: + initContainers: + - name: create-default-buckets + image: busybox:stable + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - mkdir -p /data/flyte-data + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index 5c2743d848..048c222580 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -64,4 +64,39 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete - +- target: + kind: Pod + name: rustfs-test-connection + patch: | + $patch: delete + apiVersion: v1 + kind: Pod + metadata: + name: rustfs-test-connection +- patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: rustfs + namespace: flyte + spec: + template: + spec: + initContainers: + - name: create-default-buckets + image: busybox:stable + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - mkdir -p /data/flyte-data + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data diff --git a/docker/devbox-bundled/manifests/complete.yaml b/docker/devbox-bundled/manifests/complete.yaml index 843f2bbcaf..481adb8984 100644 --- a/docker/devbox-bundled/manifests/complete.yaml +++ b/docker/devbox-bundled/manifests/complete.yaml @@ -7068,6 +7068,19 @@ metadata: namespace: flyte --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +--- +apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7753,7 +7766,7 @@ data: region: us-east-1 disable_ssl: true v2_signing: true - endpoint: http://rustfs.flyte:9000 + endpoint: http://rustfs-svc.flyte:9000 auth_type: accesskey container: flyte-data 100-inline-config.yaml: | @@ -7772,7 +7785,7 @@ data: plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs.flyte:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc.flyte:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: flyte-binary-http.flyte:8090 @@ -7831,6 +7844,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: /data +kind: ConfigMap +metadata: + labels: {} + name: rustfs-config + namespace: flyte +--- +apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -8049,17 +8078,12 @@ type: Opaque --- apiVersion: v1 data: - access-key: cnVzdGZz - secret-key: cnVzdGZzc3RvcmFnZQ== + RUSTFS_ACCESS_KEY: cnVzdGZz + RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + labels: {} + name: rustfs-secret namespace: flyte type: Opaque --- @@ -8206,20 +8230,28 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs-svc namespace: flyte spec: ports: - - name: rustfs-api + - name: endpoint nodePort: 30002 port: 9000 - targetPort: rustfs-api + targetPort: 9000 + - name: console + nodePort: 32001 + port: 9001 + targetPort: 9001 selector: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 type: NodePort --- apiVersion: v1 @@ -8390,7 +8422,7 @@ spec: storageClassName: manual --- apiVersion: v1 -kind: PersistentVolume +kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: flyte-devbox @@ -8398,56 +8430,48 @@ metadata: app.kubernetes.io/name: flyte-devbox app.kubernetes.io/version: 1.16.1 helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-storage + name: flyte-devbox-registry-storage namespace: flyte spec: accessModes: - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/rustfs + resources: + requests: + storage: 20Gi storageClassName: manual + volumeName: flyte-devbox-registry-storage --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-registry-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-data namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 20Gi - storageClassName: manual - volumeName: flyte-devbox-registry-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-logs namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-devbox-rustfs-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: apps/v1 kind: Deployment @@ -8540,7 +8564,7 @@ spec: template: metadata: annotations: - checksum/configuration: b8535eb0e5a85227f8d1d1aba0a4339b9050cad039c112d7dda9055b93586bd8 + checksum/configuration: 06269249f6e0df4e5df3c3f62e2f5bd703a127730dbcd6a68627557d343227af checksum/configuration-secret: e70194084619f4a1d4017093aac6367047167107fd0222513a32a61734629cac labels: app.kubernetes.io/component: flyte-binary @@ -8668,18 +8692,22 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 name: rustfs namespace: flyte spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs strategy: - type: Recreate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: @@ -8687,68 +8715,104 @@ spec: app.kubernetes.io/name: rustfs spec: containers: - - env: - - name: RUSTFS_ADDRESS - value: 0.0.0.0:9000 - - name: RUSTFS_VOLUMES - value: /data - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access-key - name: rustfs - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - key: secret-key - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: rustfs-config + - secretRef: + name: rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent livenessProbe: - failureThreshold: 5 + failureThreshold: 3 + httpGet: + path: /health + port: endpoint initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: rustfs-api + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 name: rustfs ports: - containerPort: 9000 - name: rustfs-api - protocol: TCP + name: endpoint + - containerPort: 9001 + name: console readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 periodSeconds: 5 - tcpSocket: - port: rustfs-api + successThreshold: 1 + timeoutSeconds: 3 + resources: {} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 10001 volumeMounts: + - mountPath: /logs + name: logs + subPath: logs - mountPath: /data name: data + imagePullSecrets: [] initContainers: - command: - - /bin/sh - - -ec + - sh + - -c + - mkdir -p /data/flyte-data + image: busybox:stable + imagePullPolicy: IfNotPresent + name: create-default-buckets + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data + - command: + - sh + - -c - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - image: busybox:latest + mkdir -p /data /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + image: busybox:stable imagePullPolicy: IfNotPresent - name: volume-permissions + name: init-step securityContext: - runAsUser: 0 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - mountPath: /data name: data + - mountPath: /mnt/rustfs + name: logs securityContext: fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 volumes: + - name: logs + persistentVolumeClaim: + claimName: rustfs-logs - name: data persistentVolumeClaim: - claimName: flyte-devbox-rustfs-storage + claimName: rustfs-data --- apiVersion: apps/v1 kind: Deployment @@ -9403,6 +9467,38 @@ spec: path: /flyteidl2. pathType: Prefix --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +spec: + ingressClassName: nginx + rules: + - host: example.rustfs.com + http: + paths: + - backend: + service: + name: rustfs-svc + port: + name: console + path: / + pathType: Prefix +--- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index ea007ec86c..bec1ff54c5 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -7057,6 +7057,19 @@ spec: status: {} --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +--- +apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7547,6 +7560,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: /data +kind: ConfigMap +metadata: + labels: {} + name: rustfs-config + namespace: flyte +--- +apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -7742,17 +7771,12 @@ type: Opaque --- apiVersion: v1 data: - access-key: cnVzdGZz - secret-key: cnVzdGZzc3RvcmFnZQ== + RUSTFS_ACCESS_KEY: cnVzdGZz + RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + labels: {} + name: rustfs-secret namespace: flyte type: Opaque --- @@ -7899,20 +7923,28 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs-svc namespace: flyte spec: ports: - - name: rustfs-api + - name: endpoint nodePort: 30002 port: 9000 - targetPort: rustfs-api + targetPort: 9000 + - name: console + nodePort: 32001 + port: 9001 + targetPort: 9001 selector: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 type: NodePort --- apiVersion: v1 @@ -8083,7 +8115,7 @@ spec: storageClassName: manual --- apiVersion: v1 -kind: PersistentVolume +kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: flyte-devbox @@ -8091,56 +8123,48 @@ metadata: app.kubernetes.io/name: flyte-devbox app.kubernetes.io/version: 1.16.1 helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-storage + name: flyte-devbox-registry-storage namespace: flyte spec: accessModes: - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/rustfs + resources: + requests: + storage: 20Gi storageClassName: manual + volumeName: flyte-devbox-registry-storage --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-registry-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-data namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 20Gi - storageClassName: manual - volumeName: flyte-devbox-registry-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-logs namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-devbox-rustfs-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: apps/v1 kind: Deployment @@ -8263,18 +8287,22 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 name: rustfs namespace: flyte spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs strategy: - type: Recreate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: @@ -8282,68 +8310,104 @@ spec: app.kubernetes.io/name: rustfs spec: containers: - - env: - - name: RUSTFS_ADDRESS - value: 0.0.0.0:9000 - - name: RUSTFS_VOLUMES - value: /data - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access-key - name: rustfs - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - key: secret-key - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: rustfs-config + - secretRef: + name: rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent livenessProbe: - failureThreshold: 5 + failureThreshold: 3 + httpGet: + path: /health + port: endpoint initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: rustfs-api + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 name: rustfs ports: - containerPort: 9000 - name: rustfs-api - protocol: TCP + name: endpoint + - containerPort: 9001 + name: console readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 periodSeconds: 5 - tcpSocket: - port: rustfs-api + successThreshold: 1 + timeoutSeconds: 3 + resources: {} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 10001 volumeMounts: + - mountPath: /logs + name: logs + subPath: logs - mountPath: /data name: data + imagePullSecrets: [] initContainers: - command: - - /bin/sh - - -ec + - sh + - -c + - mkdir -p /data/flyte-data + image: busybox:stable + imagePullPolicy: IfNotPresent + name: create-default-buckets + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data + - command: + - sh + - -c - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - image: busybox:latest + mkdir -p /data /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + image: busybox:stable imagePullPolicy: IfNotPresent - name: volume-permissions + name: init-step securityContext: - runAsUser: 0 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - mountPath: /data name: data + - mountPath: /mnt/rustfs + name: logs securityContext: fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 volumes: + - name: logs + persistentVolumeClaim: + claimName: rustfs-logs - name: data persistentVolumeClaim: - claimName: flyte-devbox-rustfs-storage + claimName: rustfs-data --- apiVersion: apps/v1 kind: Deployment @@ -8998,6 +9062,38 @@ spec: path: /flyteidl2. pathType: Prefix --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +spec: + ingressClassName: nginx + rules: + - host: example.rustfs.com + http: + paths: + - backend: + service: + name: rustfs-svc + port: + name: console + path: / + pathType: Prefix +--- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: