From 46deb0483ea484f441f4a874544b83442a447fe2 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Sat, 18 Apr 2026 00:08:24 -0500 Subject: [PATCH 01/12] use Helm to init rustfs in sandbox Signed-off-by: Barry Wu --- charts/flyte-devbox/Chart.lock | 5 + charts/flyte-devbox/Chart.yaml | 5 + charts/flyte-devbox/templates/_helpers.tpl | 6 - .../storage/rustfs-bucket-init-job.yaml | 39 +++++ charts/flyte-devbox/values.yaml | 37 ++++- docker/devbox-bundled/Makefile | 1 + docker/devbox-bundled/images/manifest.txt | 1 + docker/devbox-bundled/manifests/dev.yaml | 155 +++++++++++++----- 8 files changed, 199 insertions(+), 50 deletions(-) create mode 100644 charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml diff --git a/charts/flyte-devbox/Chart.lock b/charts/flyte-devbox/Chart.lock index 1de7e11ef7..24818088a6 100644 --- a/charts/flyte-devbox/Chart.lock +++ b/charts/flyte-devbox/Chart.lock @@ -10,3 +10,8 @@ dependencies: version: 1.18.3 digest: sha256:6efe6bec03f8b60469f0a4d8c3a985d0c61a9a7ccdbf6a4c6608bd41b17ced8b generated: "2026-04-23T12:14:59.242727-07:00" +- name: rustfs + repository: https://rustfs.github.io/helm + version: 0.0.94 +digest: sha256:6d04f6eb6b492af372a3a935f4586a53a261035783be2683338e009be04a12cd +generated: "2026-04-17T23:08:41.627655-05:00" diff --git a/charts/flyte-devbox/Chart.yaml b/charts/flyte-devbox/Chart.yaml index 777885d74b..eb1c0df829 100644 --- a/charts/flyte-devbox/Chart.yaml +++ b/charts/flyte-devbox/Chart.yaml @@ -36,3 +36,8 @@ dependencies: version: 1.18.3 repository: https://deeploy-knative-serving-charts.storage.googleapis.com/ condition: knative-serving.enabled + - name: rustfs + alias: rustfsUpstream + version: 0.0.94 + repository: https://rustfs.github.io/helm + condition: rustfs.enabled diff --git a/charts/flyte-devbox/templates/_helpers.tpl b/charts/flyte-devbox/templates/_helpers.tpl index 474307ef83..2a6e8866fa 100644 --- a/charts/flyte-devbox/templates/_helpers.tpl +++ b/charts/flyte-devbox/templates/_helpers.tpl @@ -82,12 +82,6 @@ Name of PersistentVolume and PersistentVolumeClaim for PostgreSQL database {{- printf "%s-db-storage" .Release.Name -}} {{- end }} -{{/* -Name of PersistentVolume and PersistentVolumeClaim for RustFS -*/}} -{{- define "flyte-devbox.persistence.rustfsVolumeName" -}} -{{- printf "%s-rustfs-storage" .Release.Name -}} -{{- end }} {{/* Name of PersistentVolume and PersistentVolumeClaim for Docker Registry diff --git a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml new file mode 100644 index 0000000000..3c9727cab0 --- /dev/null +++ b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.rustfs.enabled .Values.rustfs.bucketInit.enabled }} +{{- $accessKey := .Values.rustfsUpstream.secret.rustfs.access_key }} +{{- $secretKey := .Values.rustfsUpstream.secret.rustfs.secret_key }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-rustfs-bucket-init" .Release.Name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "flyte-demo.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "10" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 6 + template: + metadata: + labels: + {{- include "flyte-demo.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: rustfs-bucket-init + spec: + restartPolicy: OnFailure + containers: + - name: bucket-init + image: "{{ .Values.rustfs.bucketInit.image.repository }}:{{ .Values.rustfs.bucketInit.image.tag }}" + imagePullPolicy: {{ .Values.rustfs.bucketInit.image.pullPolicy }} + command: + - /bin/sh + - -ec + - | + until mc alias set local '{{ .Values.rustfs.bucketInit.endpoint }}' '{{ $accessKey }}' '{{ $secretKey }}'; do + echo "waiting for rustfs endpoint..." + sleep 2 + done + {{- range $bucket := .Values.rustfs.defaultBuckets }} + mc mb --ignore-existing local/{{ $bucket }} + {{- end }} +{{- end }} diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index facceaa80c..67c6b375d7 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -33,7 +33,7 @@ flyte-binary: s3: disableSSL: true v2Signing: true - endpoint: http://rustfs.{{ .Release.Namespace }}:9000 + endpoint: http://rustfs-svc:9000 authType: accesskey accessKey: rustfs secretKey: rustfsstorage @@ -54,11 +54,11 @@ flyte-binary: storage: signedURL: stowConfigOverride: - endpoint: http://localhost:30002 + endpoint: http://localhost:32000 plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs.{{ .Release.Namespace }}:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: 'flyte-binary-http.{{ .Release.Namespace }}:8090' @@ -135,8 +135,35 @@ flyte-binary: - '*' rustfs: enabled: true - accessKey: rustfs - secretKey: rustfsstorage + bucketInit: + enabled: true + endpoint: http://rustfs-svc:9000 + image: + repository: minio/mc + tag: latest + pullPolicy: IfNotPresent + defaultBuckets: + - flyte-data + +# Upstream RustFS chart configuration. +rustfsupstream: + fullnameOverride: rustfs + mode: + standalone: + enabled: true + distributed: + enabled: false + image: + repository: rustfs/rustfs + tag: sandbox + service: + type: NodePort + nodePort: 30002 + secret: + rustfs: + access_key: rustfs + secret_key: rustfsstorage + postgresql: fullnameOverride: postgresql enabled: true diff --git a/docker/devbox-bundled/Makefile b/docker/devbox-bundled/Makefile index 342990438a..76289650d7 100644 --- a/docker/devbox-bundled/Makefile +++ b/docker/devbox-bundled/Makefile @@ -86,6 +86,7 @@ helm-repos: helm repo add docker-registry https://twuni.github.io/docker-registry.helm helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add knative-serving https://deeploy-knative-serving-charts.storage.googleapis.com/ + helm repo add rustfs https://rustfs.github.io/helm helm repo update .PHONY: dep_build diff --git a/docker/devbox-bundled/images/manifest.txt b/docker/devbox-bundled/images/manifest.txt index e472a21c60..857eb4ac67 100644 --- a/docker/devbox-bundled/images/manifest.txt +++ b/docker/devbox-bundled/images/manifest.txt @@ -4,5 +4,6 @@ docker.io/rancher/local-path-provisioner:v0.0.21 docker.io/rancher/mirrored-coredns-coredns:1.9.1 docker.io/rancher/mirrored-library-busybox:1.34.1 docker.io/rancher/mirrored-pause:3.6 +docker.io/minio/mc:latest docker.io/rustfs/rustfs:sandbox=rustfs/rustfs:latest docker.io/unionai-oss/flyteconsole-v2:sandbox=ghcr.io/unionai-oss/flyteconsole-v2:latest diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index 2e66f5c7dd..1db20c6feb 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -7744,8 +7744,8 @@ type: Opaque --- apiVersion: v1 data: - access-key: cnVzdGZz - secret-key: cnVzdGZzc3RvcmFnZQ== + RUSTFS_ACCESS_KEY: cnVzdGZz + RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: labels: @@ -7908,10 +7908,14 @@ metadata: namespace: flyte spec: ports: - - name: rustfs-api - nodePort: 30002 + - name: endpoint + nodePort: 32000 port: 9000 - targetPort: rustfs-api + targetPort: 9000 + - name: console + nodePort: 32001 + port: 9001 + targetPort: 9001 selector: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs @@ -8271,68 +8275,141 @@ metadata: name: rustfs namespace: flyte spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs strategy: - type: Recreate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs spec: + affinity: null containers: - - env: - - name: RUSTFS_ADDRESS - value: 0.0.0.0:9000 - - name: RUSTFS_VOLUMES - value: /data - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access-key - name: rustfs - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - key: secret-key - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: rustfs-config + - secretRef: + name: rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent livenessProbe: - failureThreshold: 5 + failureThreshold: 3 + httpGet: + path: /health + port: endpoint initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: rustfs-api - name: rustfs + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + name: rustfsUpstream ports: - containerPort: 9000 - name: rustfs-api - protocol: TCP + name: endpoint + - containerPort: 9001 + name: console readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 periodSeconds: 5 - tcpSocket: - port: rustfs-api + successThreshold: 1 + timeoutSeconds: 3 + resources: {} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 10001 volumeMounts: + - mountPath: /logs + name: logs + subPath: logs - mountPath: /data name: data + imagePullSecrets: [] initContainers: + - command: + - sh + - -c + - | + mkdir -p /data /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + image: busybox:stable + imagePullPolicy: IfNotPresent + name: init-step + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /mnt/rustfs + name: logs + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 + volumes: + - name: logs + persistentVolumeClaim: + claimName: rustfs-logs + - name: data + persistentVolumeClaim: + claimName: rustfs-data +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "10" + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-demo + app.kubernetes.io/version: 1.16.1 + helm.sh/chart: flyte-demo-0.1.0 + name: flyte-demo-rustfs-bucket-init + namespace: flyte +spec: + backoffLimit: 6 + template: + metadata: + labels: + app.kubernetes.io/component: rustfs-bucket-init + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/name: flyte-demo + spec: + containers: - command: - /bin/sh - -ec - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - image: busybox:latest + until mc alias set local 'http://rustfs-svc:9000' 'rustfs' 'rustfsstorage'; do + echo "waiting for rustfs endpoint..." + sleep 2 + done + mc mb --ignore-existing local/flyte-data + image: minio/mc:latest imagePullPolicy: IfNotPresent name: volume-permissions securityContext: From f43a29300f8ecc03e5dc1193e9f6a6ac5214ad73 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Sat, 18 Apr 2026 19:30:38 -0500 Subject: [PATCH 02/12] Fix naming typo Signed-off-by: Barry Wu --- charts/flyte-devbox/Chart.lock | 4 ++-- charts/flyte-devbox/Chart.yaml | 2 +- .../templates/storage/rustfs-bucket-init-job.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/flyte-devbox/Chart.lock b/charts/flyte-devbox/Chart.lock index 24818088a6..5e736e487a 100644 --- a/charts/flyte-devbox/Chart.lock +++ b/charts/flyte-devbox/Chart.lock @@ -13,5 +13,5 @@ generated: "2026-04-23T12:14:59.242727-07:00" - name: rustfs repository: https://rustfs.github.io/helm version: 0.0.94 -digest: sha256:6d04f6eb6b492af372a3a935f4586a53a261035783be2683338e009be04a12cd -generated: "2026-04-17T23:08:41.627655-05:00" +digest: sha256:9bdbd39953aa90c13d03384b1273125aa8e944fc1f1fccb7070f581d078a7db1 +generated: "2026-04-18T19:21:38.284835-05:00" diff --git a/charts/flyte-devbox/Chart.yaml b/charts/flyte-devbox/Chart.yaml index eb1c0df829..44b09cc589 100644 --- a/charts/flyte-devbox/Chart.yaml +++ b/charts/flyte-devbox/Chart.yaml @@ -37,7 +37,7 @@ dependencies: repository: https://deeploy-knative-serving-charts.storage.googleapis.com/ condition: knative-serving.enabled - name: rustfs - alias: rustfsUpstream + alias: rustfsupstream version: 0.0.94 repository: https://rustfs.github.io/helm condition: rustfs.enabled diff --git a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml index 3c9727cab0..472f4647ed 100644 --- a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml +++ b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml @@ -1,6 +1,6 @@ {{- if and .Values.rustfs.enabled .Values.rustfs.bucketInit.enabled }} -{{- $accessKey := .Values.rustfsUpstream.secret.rustfs.access_key }} -{{- $secretKey := .Values.rustfsUpstream.secret.rustfs.secret_key }} +{{- $accessKey := .Values.rustfsupstream.secret.rustfs.access_key }} +{{- $secretKey := .Values.rustfsupstream.secret.rustfs.secret_key }} apiVersion: batch/v1 kind: Job metadata: From 71ab37fd37e2a883a10151e75679076411354dcb Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Sat, 18 Apr 2026 20:08:26 -0500 Subject: [PATCH 03/12] Fix port num Signed-off-by: Barry Wu --- charts/flyte-devbox/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index 67c6b375d7..14415c2fd7 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -54,7 +54,7 @@ flyte-binary: storage: signedURL: stowConfigOverride: - endpoint: http://localhost:32000 + endpoint: http://localhost:30002 plugins: k8s: default-env-vars: From c8ab96424aec6edb872bb3fc94a0aa6293867a46 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Sun, 19 Apr 2026 02:10:07 -0500 Subject: [PATCH 04/12] Update complete/dev yaml Signed-off-by: Barry Wu --- charts/flyte-devbox/values.yaml | 3 ++- docker/devbox-bundled/manifests/dev.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index 14415c2fd7..93404457a9 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -158,7 +158,8 @@ rustfsupstream: tag: sandbox service: type: NodePort - nodePort: 30002 + endpoint: + nodePort: 30002 secret: rustfs: access_key: rustfs diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index 1db20c6feb..d7496e5b89 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -7909,7 +7909,7 @@ metadata: spec: ports: - name: endpoint - nodePort: 32000 + nodePort: 30002 port: 9000 targetPort: 9000 - name: console From 5829d1fc4d2e8d3766c29977dfdd11a05aa24261 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Tue, 21 Apr 2026 21:10:20 -0500 Subject: [PATCH 05/12] Fix rustfs endpoint Signed-off-by: Barry Wu --- .../templates/storage/rustfs-bucket-init-job.yaml | 3 ++- charts/flyte-devbox/values.yaml | 6 +++--- docker/devbox-bundled/manifests/dev.yaml | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml index 472f4647ed..44f13b5c61 100644 --- a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml +++ b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml @@ -1,6 +1,7 @@ {{- if and .Values.rustfs.enabled .Values.rustfs.bucketInit.enabled }} {{- $accessKey := .Values.rustfsupstream.secret.rustfs.access_key }} {{- $secretKey := .Values.rustfsupstream.secret.rustfs.secret_key }} +{{- $endpoint := tpl .Values.rustfs.bucketInit.endpoint . }} apiVersion: batch/v1 kind: Job metadata: @@ -29,7 +30,7 @@ spec: - /bin/sh - -ec - | - until mc alias set local '{{ .Values.rustfs.bucketInit.endpoint }}' '{{ $accessKey }}' '{{ $secretKey }}'; do + until mc alias set local '{{ $endpoint }}' '{{ $accessKey }}' '{{ $secretKey }}'; do echo "waiting for rustfs endpoint..." sleep 2 done diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index 93404457a9..a9e1a1823a 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -33,7 +33,7 @@ flyte-binary: s3: disableSSL: true v2Signing: true - endpoint: http://rustfs-svc:9000 + endpoint: http://rustfs-svc.{{ .Release.Namespace }}:9000 authType: accesskey accessKey: rustfs secretKey: rustfsstorage @@ -58,7 +58,7 @@ flyte-binary: plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs-svc:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc.{{ .Release.Namespace }}:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: 'flyte-binary-http.{{ .Release.Namespace }}:8090' @@ -137,7 +137,7 @@ rustfs: enabled: true bucketInit: enabled: true - endpoint: http://rustfs-svc:9000 + endpoint: http://rustfs-svc.{{ .Release.Namespace }}:9000 image: repository: minio/mc tag: latest diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index d7496e5b89..776af596c2 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -8404,7 +8404,7 @@ spec: - /bin/sh - -ec - | - until mc alias set local 'http://rustfs-svc:9000' 'rustfs' 'rustfsstorage'; do + until mc alias set local 'http://rustfs-svc.flyte:9000' 'rustfs' 'rustfsstorage'; do echo "waiting for rustfs endpoint..." sleep 2 done From d5324677aaf7ceca21b3fe93049e0b5358aa1869 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Thu, 23 Apr 2026 02:11:03 -0500 Subject: [PATCH 06/12] Fix popojk's comment Signed-off-by: Barry Wu --- charts/flyte-devbox/Chart.lock | 4 +- .../storage/rustfs-bucket-init-job.yaml | 9 +- .../templates/storage/rustfs/deployment.yaml | 85 ------------------- .../templates/storage/rustfs/pv.yaml | 17 ---- .../templates/storage/rustfs/pvc.yaml | 17 ---- .../templates/storage/rustfs/secret.yaml | 13 --- .../templates/storage/rustfs/service.yaml | 19 ----- charts/flyte-devbox/values.yaml | 2 + .../kustomize/complete/kustomization.yaml | 15 ++++ .../kustomize/dev/kustomization.yaml | 15 ++++ docker/devbox-bundled/manifests/dev.yaml | 17 ++-- 11 files changed, 43 insertions(+), 170 deletions(-) delete mode 100644 charts/flyte-devbox/templates/storage/rustfs/deployment.yaml delete mode 100644 charts/flyte-devbox/templates/storage/rustfs/pv.yaml delete mode 100644 charts/flyte-devbox/templates/storage/rustfs/pvc.yaml delete mode 100644 charts/flyte-devbox/templates/storage/rustfs/secret.yaml delete mode 100644 charts/flyte-devbox/templates/storage/rustfs/service.yaml diff --git a/charts/flyte-devbox/Chart.lock b/charts/flyte-devbox/Chart.lock index 5e736e487a..24818088a6 100644 --- a/charts/flyte-devbox/Chart.lock +++ b/charts/flyte-devbox/Chart.lock @@ -13,5 +13,5 @@ generated: "2026-04-23T12:14:59.242727-07:00" - name: rustfs repository: https://rustfs.github.io/helm version: 0.0.94 -digest: sha256:9bdbd39953aa90c13d03384b1273125aa8e944fc1f1fccb7070f581d078a7db1 -generated: "2026-04-18T19:21:38.284835-05:00" +digest: sha256:6d04f6eb6b492af372a3a935f4586a53a261035783be2683338e009be04a12cd +generated: "2026-04-17T23:08:41.627655-05:00" diff --git a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml index 44f13b5c61..01dca5c5ff 100644 --- a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml +++ b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml @@ -8,18 +8,15 @@ metadata: name: {{ printf "%s-rustfs-bucket-init" .Release.Name | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} labels: - {{- include "flyte-demo.labels" . | nindent 4 }} + {{- include "flyte-devbox.labels" . | nindent 4 }} annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation,hook- spec: backoffLimit: 6 + ttlSecondsAfterFinished: 60 template: - metadata: - labels: - {{- include "flyte-demo.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: rustfs-bucket-init spec: restartPolicy: OnFailure containers: diff --git a/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml b/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml deleted file mode 100644 index 058f41c815..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - initContainers: - - name: volume-permissions - image: busybox:latest - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - containers: - - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never - env: - - name: RUSTFS_ADDRESS - value: "0.0.0.0:9000" - - name: RUSTFS_VOLUMES - value: "/data" - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - name: rustfs - key: access-key - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - name: rustfs - key: secret-key - ports: - - containerPort: 9000 - name: rustfs-api - protocol: TCP - livenessProbe: - tcpSocket: - port: rustfs-api - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 5 - readinessProbe: - tcpSocket: - port: rustfs-api - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 5 - securityContext: - runAsUser: 10001 - runAsNonRoot: true - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 10001 - volumes: - - name: data - persistentVolumeClaim: - claimName: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/pv.yaml b/charts/flyte-devbox/templates/storage/rustfs/pv.yaml deleted file mode 100644 index 3eb5000768..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/pv.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: "/var/lib/flyte/storage/rustfs" -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml b/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml deleted file mode 100644 index 500bb73273..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - volumeName: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/secret.yaml b/charts/flyte-devbox/templates/storage/rustfs/secret.yaml deleted file mode 100644 index 3766e0236f..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -type: Opaque -data: - access-key: {{ .Values.rustfs.accessKey | b64enc | quote }} - secret-key: {{ .Values.rustfs.secretKey | b64enc | quote }} -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/service.yaml b/charts/flyte-devbox/templates/storage/rustfs/service.yaml deleted file mode 100644 index 2b4e80798c..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - type: NodePort - ports: - - name: rustfs-api - nodePort: 30002 - port: 9000 - targetPort: rustfs-api - selector: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index a9e1a1823a..12a55e0fd4 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -164,6 +164,8 @@ rustfsupstream: rustfs: access_key: rustfs secret_key: rustfsstorage + test: + enabled: false postgresql: fullnameOverride: postgresql diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index f6ec725238..408f39f366 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -27,6 +27,7 @@ helmCharts: resources: - ../namespace.yaml - ../embedded-postgres-service.yaml +<<<<<<< HEAD - ../../../../charts/flyte-devbox/charts/knative-serving/crds/serving-crds.yaml patches: @@ -84,3 +85,17 @@ patches: namespace: knative-serving $patch: delete +======= +patches: + # Drop the helm test Pod shipped by the rustfs subchart; it is only meant + # for `helm test` and has no purpose in the plain-manifest deployment flow. +- target: + kind: Pod + name: rustfs-test-connection + patch: | + $patch: delete + apiVersion: v1 + kind: Pod + metadata: + name: rustfs-test-connection +>>>>>>> ab2ebce1a (Fix popojk's comment) diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index d705e2ba71..7150de7fec 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -17,6 +17,7 @@ resources: - ../namespace.yaml - ../../../../charts/flyte-binary/templates/crds/flyte.org_taskactions.yaml - ../embedded-postgres-service.yaml +<<<<<<< HEAD - ../../../../charts/flyte-devbox/charts/knative-serving/crds/serving-crds.yaml patches: @@ -74,3 +75,17 @@ patches: namespace: knative-serving $patch: delete +======= +patches: + # Drop the helm test Pod shipped by the rustfs subchart; it is only meant + # for `helm test` and has no purpose in the plain-manifest deployment flow. +- target: + kind: Pod + name: rustfs-test-connection + patch: | + $patch: delete + apiVersion: v1 + kind: Pod + metadata: + name: rustfs-test-connection +>>>>>>> ab2ebce1a (Fix popojk's comment) diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index 776af596c2..156aa0fe72 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -8311,7 +8311,7 @@ spec: periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 - name: rustfsUpstream + name: rustfsupstream ports: - containerPort: 9000 name: endpoint @@ -8380,24 +8380,19 @@ kind: Job metadata: annotations: helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-delete-policy: before-hook-creation,hook- helm.sh/hook-weight: "10" labels: - app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo + app.kubernetes.io/name: flyte-devbox app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: flyte-demo-rustfs-bucket-init + helm.sh/chart: flyte-devbox-0.1.0 + name: flyte-devbox-rustfs-bucket-init namespace: flyte spec: backoffLimit: 6 template: - metadata: - labels: - app.kubernetes.io/component: rustfs-bucket-init - app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/name: flyte-demo spec: containers: - command: From 00c63dcb4343c1cd65a156bf461f3e7093e93450 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Thu, 23 Apr 2026 02:14:02 -0500 Subject: [PATCH 07/12] Delete test para in rustfsupstream config Signed-off-by: Barry Wu --- charts/flyte-devbox/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index 12a55e0fd4..a9e1a1823a 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -164,8 +164,6 @@ rustfsupstream: rustfs: access_key: rustfs secret_key: rustfsstorage - test: - enabled: false postgresql: fullnameOverride: postgresql From faaa5d77bad103331fb3b4ef21d85076cac813de Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Sun, 26 Apr 2026 01:36:41 -0500 Subject: [PATCH 08/12] Fix conflit Signed-off-by: Barry Wu --- charts/flyte-devbox/Chart.lock | 6 ++---- docker/devbox-bundled/kustomize/complete/kustomization.yaml | 3 --- docker/devbox-bundled/kustomize/dev/kustomization.yaml | 3 --- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/charts/flyte-devbox/Chart.lock b/charts/flyte-devbox/Chart.lock index 24818088a6..d519f88dc8 100644 --- a/charts/flyte-devbox/Chart.lock +++ b/charts/flyte-devbox/Chart.lock @@ -8,10 +8,8 @@ dependencies: - name: knative-serving repository: https://deeploy-knative-serving-charts.storage.googleapis.com/ version: 1.18.3 -digest: sha256:6efe6bec03f8b60469f0a4d8c3a985d0c61a9a7ccdbf6a4c6608bd41b17ced8b -generated: "2026-04-23T12:14:59.242727-07:00" - name: rustfs repository: https://rustfs.github.io/helm version: 0.0.94 -digest: sha256:6d04f6eb6b492af372a3a935f4586a53a261035783be2683338e009be04a12cd -generated: "2026-04-17T23:08:41.627655-05:00" +digest: sha256:c689a250047985626abbd72aff025e8d766ba9ef067b4d448c3a555844096bf0 +generated: "2026-04-26T01:24:57.780995-05:00" diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index 408f39f366..1f55a19f78 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -27,7 +27,6 @@ helmCharts: resources: - ../namespace.yaml - ../embedded-postgres-service.yaml -<<<<<<< HEAD - ../../../../charts/flyte-devbox/charts/knative-serving/crds/serving-crds.yaml patches: @@ -85,7 +84,6 @@ patches: namespace: knative-serving $patch: delete -======= patches: # Drop the helm test Pod shipped by the rustfs subchart; it is only meant # for `helm test` and has no purpose in the plain-manifest deployment flow. @@ -98,4 +96,3 @@ patches: kind: Pod metadata: name: rustfs-test-connection ->>>>>>> ab2ebce1a (Fix popojk's comment) diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index 7150de7fec..ad93ebda6a 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -17,7 +17,6 @@ resources: - ../namespace.yaml - ../../../../charts/flyte-binary/templates/crds/flyte.org_taskactions.yaml - ../embedded-postgres-service.yaml -<<<<<<< HEAD - ../../../../charts/flyte-devbox/charts/knative-serving/crds/serving-crds.yaml patches: @@ -75,7 +74,6 @@ patches: namespace: knative-serving $patch: delete -======= patches: # Drop the helm test Pod shipped by the rustfs subchart; it is only meant # for `helm test` and has no purpose in the plain-manifest deployment flow. @@ -88,4 +86,3 @@ patches: kind: Pod metadata: name: rustfs-test-connection ->>>>>>> ab2ebce1a (Fix popojk's comment) From f4e9e34cc890cd8436823cf619bd450f169a6699 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Tue, 28 Apr 2026 23:55:25 -0500 Subject: [PATCH 09/12] Fix init pod method by adding an init container to the rustfs deployment in kustomization yaml Signed-off-by: Barry Wu --- charts/flyte-devbox/Chart.lock | 4 +- charts/flyte-devbox/Chart.yaml | 2 - .../storage/rustfs-bucket-init-job.yaml | 37 --- charts/flyte-devbox/values.yaml | 14 +- docker/devbox-bundled/images/manifest.txt | 1 - .../kustomize/complete/kustomization.yaml | 31 +- .../kustomize/dev/kustomization.yaml | 31 +- docker/devbox-bundled/manifests/complete.yaml | 266 ++++++++++++------ docker/devbox-bundled/manifests/dev.yaml | 196 +++++++------ 9 files changed, 348 insertions(+), 234 deletions(-) delete mode 100644 charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml diff --git a/charts/flyte-devbox/Chart.lock b/charts/flyte-devbox/Chart.lock index d519f88dc8..fd766af02a 100644 --- a/charts/flyte-devbox/Chart.lock +++ b/charts/flyte-devbox/Chart.lock @@ -11,5 +11,5 @@ dependencies: - name: rustfs repository: https://rustfs.github.io/helm version: 0.0.94 -digest: sha256:c689a250047985626abbd72aff025e8d766ba9ef067b4d448c3a555844096bf0 -generated: "2026-04-26T01:24:57.780995-05:00" +digest: sha256:7352f39ebf63c47326f8499ac0fa002e874094bccb74155b6d7adb460851936a +generated: "2026-04-28T23:16:06.37398-05:00" diff --git a/charts/flyte-devbox/Chart.yaml b/charts/flyte-devbox/Chart.yaml index 44b09cc589..a6f88efbe8 100644 --- a/charts/flyte-devbox/Chart.yaml +++ b/charts/flyte-devbox/Chart.yaml @@ -37,7 +37,5 @@ dependencies: repository: https://deeploy-knative-serving-charts.storage.googleapis.com/ condition: knative-serving.enabled - name: rustfs - alias: rustfsupstream version: 0.0.94 repository: https://rustfs.github.io/helm - condition: rustfs.enabled diff --git a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml b/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml deleted file mode 100644 index 01dca5c5ff..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs-bucket-init-job.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if and .Values.rustfs.enabled .Values.rustfs.bucketInit.enabled }} -{{- $accessKey := .Values.rustfsupstream.secret.rustfs.access_key }} -{{- $secretKey := .Values.rustfsupstream.secret.rustfs.secret_key }} -{{- $endpoint := tpl .Values.rustfs.bucketInit.endpoint . }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ printf "%s-rustfs-bucket-init" .Release.Name | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation,hook- -spec: - backoffLimit: 6 - ttlSecondsAfterFinished: 60 - template: - spec: - restartPolicy: OnFailure - containers: - - name: bucket-init - image: "{{ .Values.rustfs.bucketInit.image.repository }}:{{ .Values.rustfs.bucketInit.image.tag }}" - imagePullPolicy: {{ .Values.rustfs.bucketInit.image.pullPolicy }} - command: - - /bin/sh - - -ec - - | - until mc alias set local '{{ $endpoint }}' '{{ $accessKey }}' '{{ $secretKey }}'; do - echo "waiting for rustfs endpoint..." - sleep 2 - done - {{- range $bucket := .Values.rustfs.defaultBuckets }} - mc mb --ignore-existing local/{{ $bucket }} - {{- end }} -{{- end }} diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index a9e1a1823a..3bcb63cc1f 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -133,20 +133,8 @@ flyte-binary: - '*' verbs: - '*' +# RustFS chart configuration. rustfs: - enabled: true - bucketInit: - enabled: true - endpoint: http://rustfs-svc.{{ .Release.Namespace }}:9000 - image: - repository: minio/mc - tag: latest - pullPolicy: IfNotPresent - defaultBuckets: - - flyte-data - -# Upstream RustFS chart configuration. -rustfsupstream: fullnameOverride: rustfs mode: standalone: diff --git a/docker/devbox-bundled/images/manifest.txt b/docker/devbox-bundled/images/manifest.txt index 857eb4ac67..e472a21c60 100644 --- a/docker/devbox-bundled/images/manifest.txt +++ b/docker/devbox-bundled/images/manifest.txt @@ -4,6 +4,5 @@ docker.io/rancher/local-path-provisioner:v0.0.21 docker.io/rancher/mirrored-coredns-coredns:1.9.1 docker.io/rancher/mirrored-library-busybox:1.34.1 docker.io/rancher/mirrored-pause:3.6 -docker.io/minio/mc:latest docker.io/rustfs/rustfs:sandbox=rustfs/rustfs:latest docker.io/unionai-oss/flyteconsole-v2:sandbox=ghcr.io/unionai-oss/flyteconsole-v2:latest diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index 1f55a19f78..187c78a480 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -83,10 +83,6 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete - -patches: - # Drop the helm test Pod shipped by the rustfs subchart; it is only meant - # for `helm test` and has no purpose in the plain-manifest deployment flow. - target: kind: Pod name: rustfs-test-connection @@ -96,3 +92,30 @@ patches: kind: Pod metadata: name: rustfs-test-connection +- patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: rustfs + namespace: flyte + spec: + template: + spec: + initContainers: + - name: create-default-buckets + image: busybox:stable + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - mkdir -p /data/flyte-data + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index ad93ebda6a..e032ebda21 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -73,10 +73,6 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete - -patches: - # Drop the helm test Pod shipped by the rustfs subchart; it is only meant - # for `helm test` and has no purpose in the plain-manifest deployment flow. - target: kind: Pod name: rustfs-test-connection @@ -86,3 +82,30 @@ patches: kind: Pod metadata: name: rustfs-test-connection +- patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: rustfs + namespace: flyte + spec: + template: + spec: + initContainers: + - name: create-default-buckets + image: busybox:stable + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - mkdir -p /data/flyte-data + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data diff --git a/docker/devbox-bundled/manifests/complete.yaml b/docker/devbox-bundled/manifests/complete.yaml index b592d22f82..ff6013695b 100644 --- a/docker/devbox-bundled/manifests/complete.yaml +++ b/docker/devbox-bundled/manifests/complete.yaml @@ -7068,6 +7068,19 @@ metadata: namespace: flyte --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +--- +apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7753,7 +7766,7 @@ data: region: us-east-1 disable_ssl: true v2_signing: true - endpoint: http://rustfs.flyte:9000 + endpoint: http://rustfs-svc.flyte:9000 auth_type: accesskey container: flyte-data 100-inline-config.yaml: | @@ -7772,7 +7785,7 @@ data: plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs.flyte:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc.flyte:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: flyte-binary-http.flyte:8090 @@ -7831,6 +7844,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: /data +kind: ConfigMap +metadata: + labels: {} + name: rustfs-config + namespace: flyte +--- +apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -8051,17 +8080,12 @@ type: Opaque --- apiVersion: v1 data: - access-key: cnVzdGZz - secret-key: cnVzdGZzc3RvcmFnZQ== + RUSTFS_ACCESS_KEY: cnVzdGZz + RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + labels: {} + name: rustfs-secret namespace: flyte type: Opaque --- @@ -8208,20 +8232,28 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs-svc namespace: flyte spec: ports: - - name: rustfs-api + - name: endpoint nodePort: 30002 port: 9000 - targetPort: rustfs-api + targetPort: 9000 + - name: console + nodePort: 32001 + port: 9001 + targetPort: 9001 selector: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 type: NodePort --- apiVersion: v1 @@ -8392,7 +8424,7 @@ spec: storageClassName: manual --- apiVersion: v1 -kind: PersistentVolume +kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: flyte-devbox @@ -8400,56 +8432,48 @@ metadata: app.kubernetes.io/name: flyte-devbox app.kubernetes.io/version: 1.16.1 helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-storage + name: flyte-devbox-registry-storage namespace: flyte spec: accessModes: - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/rustfs + resources: + requests: + storage: 20Gi storageClassName: manual + volumeName: flyte-devbox-registry-storage --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-registry-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-data namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 20Gi - storageClassName: manual - volumeName: flyte-devbox-registry-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-logs namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-devbox-rustfs-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: apps/v1 kind: Deployment @@ -8542,7 +8566,7 @@ spec: template: metadata: annotations: - checksum/configuration: b8535eb0e5a85227f8d1d1aba0a4339b9050cad039c112d7dda9055b93586bd8 + checksum/configuration: 06269249f6e0df4e5df3c3f62e2f5bd703a127730dbcd6a68627557d343227af checksum/configuration-secret: e70194084619f4a1d4017093aac6367047167107fd0222513a32a61734629cac labels: app.kubernetes.io/component: flyte-binary @@ -8670,18 +8694,22 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 name: rustfs namespace: flyte spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs strategy: - type: Recreate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: @@ -8689,68 +8717,104 @@ spec: app.kubernetes.io/name: rustfs spec: containers: - - env: - - name: RUSTFS_ADDRESS - value: 0.0.0.0:9000 - - name: RUSTFS_VOLUMES - value: /data - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access-key - name: rustfs - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - key: secret-key - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: rustfs-config + - secretRef: + name: rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent livenessProbe: - failureThreshold: 5 + failureThreshold: 3 + httpGet: + path: /health + port: endpoint initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: rustfs-api + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 name: rustfs ports: - containerPort: 9000 - name: rustfs-api - protocol: TCP + name: endpoint + - containerPort: 9001 + name: console readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 periodSeconds: 5 - tcpSocket: - port: rustfs-api + successThreshold: 1 + timeoutSeconds: 3 + resources: {} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 10001 volumeMounts: + - mountPath: /logs + name: logs + subPath: logs - mountPath: /data name: data + imagePullSecrets: [] initContainers: - command: - - /bin/sh - - -ec + - sh + - -c + - mkdir -p /data/flyte-data + image: busybox:stable + imagePullPolicy: IfNotPresent + name: create-default-buckets + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data + - command: + - sh + - -c - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - image: busybox:latest + mkdir -p /data /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + image: busybox:stable imagePullPolicy: IfNotPresent - name: volume-permissions + name: init-step securityContext: - runAsUser: 0 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - mountPath: /data name: data + - mountPath: /mnt/rustfs + name: logs securityContext: fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 volumes: + - name: logs + persistentVolumeClaim: + claimName: rustfs-logs - name: data persistentVolumeClaim: - claimName: flyte-devbox-rustfs-storage + claimName: rustfs-data --- apiVersion: apps/v1 kind: Deployment @@ -9405,6 +9469,38 @@ spec: path: /flyteidl2. pathType: Prefix --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +spec: + ingressClassName: nginx + rules: + - host: example.rustfs.com + http: + paths: + - backend: + service: + name: rustfs-svc + port: + name: console + path: / + pathType: Prefix +--- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index 156aa0fe72..ad5b001907 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -7057,6 +7057,19 @@ spec: status: {} --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +--- +apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7547,6 +7560,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: /data +kind: ConfigMap +metadata: + labels: {} + name: rustfs-config + namespace: flyte +--- +apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -7748,13 +7777,8 @@ data: RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + labels: {} + name: rustfs-secret namespace: flyte type: Opaque --- @@ -7901,10 +7925,10 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs-svc namespace: flyte spec: ports: @@ -7919,6 +7943,10 @@ spec: selector: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 type: NodePort --- apiVersion: v1 @@ -8089,7 +8117,7 @@ spec: storageClassName: manual --- apiVersion: v1 -kind: PersistentVolume +kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: flyte-devbox @@ -8097,56 +8125,48 @@ metadata: app.kubernetes.io/name: flyte-devbox app.kubernetes.io/version: 1.16.1 helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-storage + name: flyte-devbox-registry-storage namespace: flyte spec: accessModes: - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/rustfs + resources: + requests: + storage: 20Gi storageClassName: manual + volumeName: flyte-devbox-registry-storage --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-registry-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-data namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 20Gi - storageClassName: manual - volumeName: flyte-devbox-registry-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-logs namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-devbox-rustfs-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: apps/v1 kind: Deployment @@ -8269,9 +8289,9 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 name: rustfs namespace: flyte spec: @@ -8291,7 +8311,6 @@ spec: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs spec: - affinity: null containers: - command: - /usr/bin/rustfs @@ -8311,7 +8330,7 @@ spec: periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 - name: rustfsupstream + name: rustfs ports: - containerPort: 9000 name: endpoint @@ -8342,6 +8361,23 @@ spec: name: data imagePullSecrets: [] initContainers: + - command: + - sh + - -c + - mkdir -p /data/flyte-data + image: busybox:stable + imagePullPolicy: IfNotPresent + name: create-default-buckets + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data - command: - sh - -c @@ -8375,50 +8411,6 @@ spec: persistentVolumeClaim: claimName: rustfs-data --- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook- - helm.sh/hook-weight: "10" - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: flyte-devbox-rustfs-bucket-init - namespace: flyte -spec: - backoffLimit: 6 - template: - spec: - containers: - - command: - - /bin/sh - - -ec - - | - until mc alias set local 'http://rustfs-svc.flyte:9000' 'rustfs' 'rustfsstorage'; do - echo "waiting for rustfs endpoint..." - sleep 2 - done - mc mb --ignore-existing local/flyte-data - image: minio/mc:latest - imagePullPolicy: IfNotPresent - name: volume-permissions - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 10001 - volumes: - - name: data - persistentVolumeClaim: - claimName: flyte-devbox-rustfs-storage ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -9072,6 +9064,38 @@ spec: path: /flyteidl2. pathType: Prefix --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +spec: + ingressClassName: nginx + rules: + - host: example.rustfs.com + http: + paths: + - backend: + service: + name: rustfs-svc + port: + name: console + path: / + pathType: Prefix +--- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: From b1657e97cc3d3030aad2d8bb5fd24ec612f08b75 Mon Sep 17 00:00:00 2001 From: Kevin Su Date: Thu, 30 Apr 2026 19:33:50 -0700 Subject: [PATCH 10/12] test Signed-off-by: Kevin Su --- charts/flyte-devbox/values.yaml | 2 ++ docker/devbox-bundled/manifests/complete.yaml | 32 ------------------- docker/devbox-bundled/manifests/dev.yaml | 32 ------------------- 3 files changed, 2 insertions(+), 64 deletions(-) diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index 3bcb63cc1f..b70c79492d 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -141,6 +141,8 @@ rustfs: enabled: true distributed: enabled: false + ingress: + enabled: false image: repository: rustfs/rustfs tag: sandbox diff --git a/docker/devbox-bundled/manifests/complete.yaml b/docker/devbox-bundled/manifests/complete.yaml index ff6013695b..61accefe26 100644 --- a/docker/devbox-bundled/manifests/complete.yaml +++ b/docker/devbox-bundled/manifests/complete.yaml @@ -9469,38 +9469,6 @@ spec: path: /flyteidl2. pathType: Prefix --- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/affinity: cookie - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/session-cookie-expires: "3600" - nginx.ingress.kubernetes.io/session-cookie-hash: sha1 - nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" - nginx.ingress.kubernetes.io/session-cookie-name: rustfs - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: rustfs - namespace: flyte -spec: - ingressClassName: nginx - rules: - - host: example.rustfs.com - http: - paths: - - backend: - service: - name: rustfs-svc - port: - name: console - path: / - pathType: Prefix ---- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index ad5b001907..0c70d32fdc 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -9064,38 +9064,6 @@ spec: path: /flyteidl2. pathType: Prefix --- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/affinity: cookie - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/session-cookie-expires: "3600" - nginx.ingress.kubernetes.io/session-cookie-hash: sha1 - nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" - nginx.ingress.kubernetes.io/session-cookie-name: rustfs - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: rustfs - namespace: flyte -spec: - ingressClassName: nginx - rules: - - host: example.rustfs.com - http: - paths: - - backend: - service: - name: rustfs-svc - port: - name: console - path: / - pathType: Prefix ---- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: From 7c749aea886358b4b1ee90b822a8e38f353ff729 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Thu, 30 Apr 2026 13:34:54 -0500 Subject: [PATCH 11/12] Delete nginx in devbox Signed-off-by: Barry Wu --- .../devbox-bundled/kustomize/complete/kustomization.yaml | 9 +++++++++ docker/devbox-bundled/kustomize/dev/kustomization.yaml | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index 187c78a480..dd6d811aef 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -119,3 +119,12 @@ patches: volumeMounts: - mountPath: /data name: data +- target: + kind: Ingress + name: rustfs + patch: | + $patch: delete + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: rustfs \ No newline at end of file diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index e032ebda21..892c49fa85 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -109,3 +109,12 @@ patches: volumeMounts: - mountPath: /data name: data +- target: + kind: Ingress + name: rustfs + patch: | + $patch: delete + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: rustfs \ No newline at end of file From 3c48cd31027cc61128359503458671662bf54078 Mon Sep 17 00:00:00 2001 From: Barry Wu Date: Sat, 2 May 2026 00:35:40 -0500 Subject: [PATCH 12/12] Add PersistentVolume for rustfs Signed-off-by: Barry Wu --- charts/flyte-devbox/templates/_helpers.tpl | 6 +++ .../templates/storage/rustfs/pv.yaml | 17 +++++++ .../templates/storage/rustfs/pvc.yaml | 17 +++++++ charts/flyte-devbox/values.yaml | 2 + .../kustomize/complete/kustomization.yaml | 11 +++-- .../kustomize/dev/kustomization.yaml | 11 +++-- docker/devbox-bundled/manifests/complete.yaml | 49 ++++++++++++++----- docker/devbox-bundled/manifests/dev.yaml | 49 ++++++++++++++----- 8 files changed, 128 insertions(+), 34 deletions(-) create mode 100644 charts/flyte-devbox/templates/storage/rustfs/pv.yaml create mode 100644 charts/flyte-devbox/templates/storage/rustfs/pvc.yaml diff --git a/charts/flyte-devbox/templates/_helpers.tpl b/charts/flyte-devbox/templates/_helpers.tpl index 2a6e8866fa..474307ef83 100644 --- a/charts/flyte-devbox/templates/_helpers.tpl +++ b/charts/flyte-devbox/templates/_helpers.tpl @@ -82,6 +82,12 @@ Name of PersistentVolume and PersistentVolumeClaim for PostgreSQL database {{- printf "%s-db-storage" .Release.Name -}} {{- end }} +{{/* +Name of PersistentVolume and PersistentVolumeClaim for RustFS +*/}} +{{- define "flyte-devbox.persistence.rustfsVolumeName" -}} +{{- printf "%s-rustfs-storage" .Release.Name -}} +{{- end }} {{/* Name of PersistentVolume and PersistentVolumeClaim for Docker Registry diff --git a/charts/flyte-devbox/templates/storage/rustfs/pv.yaml b/charts/flyte-devbox/templates/storage/rustfs/pv.yaml new file mode 100644 index 0000000000..fc873d2e63 --- /dev/null +++ b/charts/flyte-devbox/templates/storage/rustfs/pv.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rustfs }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "flyte-devbox.labels" . | nindent 4 }} +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi + hostPath: + path: "/var/lib/flyte/storage/rustfs" +{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml b/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml new file mode 100644 index 0000000000..9ec912c308 --- /dev/null +++ b/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rustfs }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "flyte-devbox.labels" . | nindent 4 }} +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeName: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} +{{- end }} diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index b70c79492d..efc0e97817 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -139,6 +139,8 @@ rustfs: mode: standalone: enabled: true + existingClaim: + dataClaim: flyte-devbox-rustfs-storage distributed: enabled: false ingress: diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index dd6d811aef..d77e611c4e 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -108,14 +108,15 @@ patches: command: - sh - -c - - mkdir -p /data/flyte-data + - | + chown -R 10001:10001 /data + mkdir -p /data/flyte-data + chown 10001:10001 /data/flyte-data securityContext: + runAsUser: 0 + runAsNonRoot: false allowPrivilegeEscalation: false - capabilities: - drop: - - ALL readOnlyRootFilesystem: true - runAsNonRoot: true volumeMounts: - mountPath: /data name: data diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index 892c49fa85..f0dee5a36c 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -98,14 +98,15 @@ patches: command: - sh - -c - - mkdir -p /data/flyte-data + - | + chown -R 10001:10001 /data + mkdir -p /data/flyte-data + chown 10001:10001 /data/flyte-data securityContext: + runAsUser: 0 + runAsNonRoot: false allowPrivilegeEscalation: false - capabilities: - drop: - - ALL readOnlyRootFilesystem: true - runAsNonRoot: true volumeMounts: - mountPath: /data name: data diff --git a/docker/devbox-bundled/manifests/complete.yaml b/docker/devbox-bundled/manifests/complete.yaml index 61accefe26..5bec3e5e8c 100644 --- a/docker/devbox-bundled/manifests/complete.yaml +++ b/docker/devbox-bundled/manifests/complete.yaml @@ -8424,6 +8424,26 @@ spec: storageClassName: manual --- apiVersion: v1 +kind: PersistentVolume +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-devbox + app.kubernetes.io/version: 1.16.1 + helm.sh/chart: flyte-devbox-0.1.0 + name: flyte-devbox-rustfs-storage + namespace: flyte +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi + hostPath: + path: /var/lib/flyte/storage/rustfs + storageClassName: manual +--- +apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: @@ -8446,18 +8466,22 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - annotations: - helm.sh/resource-policy: keep - labels: {} - name: rustfs-data + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-devbox + app.kubernetes.io/version: 1.16.1 + helm.sh/chart: flyte-devbox-0.1.0 + name: flyte-devbox-rustfs-storage namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 256Mi - storageClassName: local-path + storage: 1Gi + storageClassName: manual + volumeName: flyte-devbox-rustfs-storage --- apiVersion: v1 kind: PersistentVolumeClaim @@ -8769,17 +8793,18 @@ spec: - command: - sh - -c - - mkdir -p /data/flyte-data + - | + chown -R 10001:10001 /data + mkdir -p /data/flyte-data + chown 10001:10001 /data/flyte-data image: busybox:stable imagePullPolicy: IfNotPresent name: create-default-buckets securityContext: allowPrivilegeEscalation: false - capabilities: - drop: - - ALL readOnlyRootFilesystem: true - runAsNonRoot: true + runAsNonRoot: false + runAsUser: 0 volumeMounts: - mountPath: /data name: data @@ -8814,7 +8839,7 @@ spec: claimName: rustfs-logs - name: data persistentVolumeClaim: - claimName: rustfs-data + claimName: flyte-devbox-rustfs-storage --- apiVersion: apps/v1 kind: Deployment diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index 0c70d32fdc..ca52c29695 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -8117,6 +8117,26 @@ spec: storageClassName: manual --- apiVersion: v1 +kind: PersistentVolume +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-devbox + app.kubernetes.io/version: 1.16.1 + helm.sh/chart: flyte-devbox-0.1.0 + name: flyte-devbox-rustfs-storage + namespace: flyte +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi + hostPath: + path: /var/lib/flyte/storage/rustfs + storageClassName: manual +--- +apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: @@ -8139,18 +8159,22 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - annotations: - helm.sh/resource-policy: keep - labels: {} - name: rustfs-data + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-devbox + app.kubernetes.io/version: 1.16.1 + helm.sh/chart: flyte-devbox-0.1.0 + name: flyte-devbox-rustfs-storage namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 256Mi - storageClassName: local-path + storage: 1Gi + storageClassName: manual + volumeName: flyte-devbox-rustfs-storage --- apiVersion: v1 kind: PersistentVolumeClaim @@ -8364,17 +8388,18 @@ spec: - command: - sh - -c - - mkdir -p /data/flyte-data + - | + chown -R 10001:10001 /data + mkdir -p /data/flyte-data + chown 10001:10001 /data/flyte-data image: busybox:stable imagePullPolicy: IfNotPresent name: create-default-buckets securityContext: allowPrivilegeEscalation: false - capabilities: - drop: - - ALL readOnlyRootFilesystem: true - runAsNonRoot: true + runAsNonRoot: false + runAsUser: 0 volumeMounts: - mountPath: /data name: data @@ -8409,7 +8434,7 @@ spec: claimName: rustfs-logs - name: data persistentVolumeClaim: - claimName: rustfs-data + claimName: flyte-devbox-rustfs-storage --- apiVersion: apps/v1 kind: Deployment