From 47490179d1ee823fb5be35872a66fa6d8931c474 Mon Sep 17 00:00:00 2001 From: Michael Hotan Date: Wed, 11 Feb 2026 23:56:44 -0800 Subject: [PATCH 1/5] Consolidate namespace_mapping into single canonical Helm value The top-level `namespace_mapping` in values.yaml was dead config (no template referenced `.Values.namespace_mapping`). Wire it as the canonical source of truth that cascades to all dataplane services when explicitly set: - clusterresourcesync: falls back to `.Values.namespace_mapping` when `.Values.config.namespace_mapping` is not set - nodeexecutor: auto-injects root-level `namespace_mapping` from the top-level value when `executor.raw_config.namespace_mapping` is not set - propeller: falls back to top-level value when `config.namespace_config` is not set - operator: falls back to top-level value for `org.namespaceTemplate` when `config.operator.org` is not set Default remains empty (no template). Per-service overrides still take precedence for backward compatibility. towards RUN-102 Co-Authored-By: Claude Opus 4.6 --- .../dataplane/templates/clusterresourcesync/configmap.yaml | 3 ++- charts/dataplane/templates/nodeexecutor/configmap.yaml | 6 ++++++ charts/dataplane/templates/operator/configmap.yaml | 4 ++++ charts/dataplane/templates/propeller/configmap.yaml | 6 ++++++ charts/dataplane/values.yaml | 6 +++++- 5 files changed, 23 insertions(+), 2 deletions(-) diff --git a/charts/dataplane/templates/clusterresourcesync/configmap.yaml b/charts/dataplane/templates/clusterresourcesync/configmap.yaml index 256ecbd5..5b7e1408 100644 --- a/charts/dataplane/templates/clusterresourcesync/configmap.yaml +++ b/charts/dataplane/templates/clusterresourcesync/configmap.yaml @@ -35,7 +35,8 @@ data: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- with .Values.config.namespace_mapping }} + {{- $nsMapping := .Values.config.namespace_mapping | default .Values.namespace_mapping }} + {{- with $nsMapping }} namespace_mapping.yaml: | namespace_mapping: {{- tpl (toYaml .) $ | nindent 6 }} diff --git a/charts/dataplane/templates/nodeexecutor/configmap.yaml b/charts/dataplane/templates/nodeexecutor/configmap.yaml index 5beb806c..302cb44f 100644 --- a/charts/dataplane/templates/nodeexecutor/configmap.yaml +++ b/charts/dataplane/templates/nodeexecutor/configmap.yaml @@ -28,6 +28,12 @@ data: {{- with .Values.executor.raw_config }} {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} + {{- if not (dig "namespace_mapping" false .Values.executor.raw_config) }} + {{- with .Values.namespace_mapping }} + namespace_mapping: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- end }} union: {{- with .Values.config.union.connection }} connection: diff --git a/charts/dataplane/templates/operator/configmap.yaml b/charts/dataplane/templates/operator/configmap.yaml index 43d200d3..a3dabd39 100644 --- a/charts/dataplane/templates/operator/configmap.yaml +++ b/charts/dataplane/templates/operator/configmap.yaml @@ -73,6 +73,10 @@ data: org: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} + {{- if and (not .Values.config.operator.org) .Values.namespace_mapping }} + org: + namespaceTemplate: {{ tpl (.Values.namespace_mapping.template | quote) $ }} + {{- end }} {{- if .Values.imageBuilder.enabled }} imageBuilder: enabled: {{ .Values.imageBuilder.enabled }} diff --git a/charts/dataplane/templates/propeller/configmap.yaml b/charts/dataplane/templates/propeller/configmap.yaml index 3c54e19e..91b7d884 100644 --- a/charts/dataplane/templates/propeller/configmap.yaml +++ b/charts/dataplane/templates/propeller/configmap.yaml @@ -35,6 +35,12 @@ data: {{- with .Values.config.namespace_config }} namespace_config.yaml: | {{ tpl (toYaml .) $ | nindent 4 }} {{- end }} +{{- if and (not .Values.config.namespace_config) .Values.namespace_mapping }} + namespace_config.yaml: | + namespace_config: + namespace_mapping: + {{- tpl (toYaml .Values.namespace_mapping) $ | nindent 8 }} +{{- end }} {{- with .Values.config.resource_manager }} resource_manager.yaml: | {{ tpl (toYaml .) $ | nindent 4 }} {{- end }} diff --git a/charts/dataplane/values.yaml b/charts/dataplane/values.yaml index fbcc23c2..82fc0535 100644 --- a/charts/dataplane/values.yaml +++ b/charts/dataplane/values.yaml @@ -625,7 +625,11 @@ databricks: enabled: false plugin_config: { } -# -- Custom namespace mapping for mapping Union runs to Kubernetes namespaces. +# -- Namespace mapping template for mapping Union runs to Kubernetes namespaces. +# This is the canonical source of truth. All dataplane services (propeller, +# clusterresourcesync, operator, executor) will inherit this value unless +# explicitly overridden in their service-specific config sections +# (config.namespace_config, config.operator.org, executor.raw_config). namespace_mapping: {} # template: "{{`{{ project }}`}}-{{`{{ domain }}`}}" From 49216397cc7ed3e5844ce4e5b1031528cf5559de Mon Sep 17 00:00:00 2001 From: Michael Hotan Date: Thu, 12 Feb 2026 09:35:00 -0800 Subject: [PATCH 2/5] Add namespace_mapping to test values to verify cascading Add `namespace_mapping.template` to aws and fully-selfhosted test values to verify the canonical value cascades correctly to all service configmaps (clusterresourcesync, executor, propeller, operator). Azure test values already set per-service overrides (`config.namespace_config`, `config.operator.org`), which confirms backward compat (overrides take precedence over the top-level value). towards RUN-102 Co-Authored-By: Claude Opus 4.6 --- tests/generated/dataplane.aws.yaml | 129 ++++++------------ .../generated/dataplane.fully-selfhosted.yaml | 127 ++++++----------- tests/values/dataplane.aws.yaml | 5 + tests/values/dataplane.fully-selfhosted.yaml | 4 + 4 files changed, 88 insertions(+), 177 deletions(-) diff --git a/tests/generated/dataplane.aws.yaml b/tests/generated/dataplane.aws.yaml index 85c9074a..ba26ab97 100644 --- a/tests/generated/dataplane.aws.yaml +++ b/tests/generated/dataplane.aws.yaml @@ -183,17 +183,11 @@ automountServiceAccountToken: true apiVersion: v1 kind: ServiceAccount metadata: - name: union-clustersync-system + name: clustersync-system namespace: union annotations: eks.amazonaws.com/role-arn: 'test-backend-iam-role-arn' --- -# Source: dataplane/templates/imagebuilder/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: union-imagebuilder ---- # Source: dataplane/templates/nodeexecutor/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount @@ -1188,7 +1182,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: union-clusterresourcesync-config + name: flyte-clusterresourcesync-config namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -1274,12 +1268,15 @@ data: logger: level: 4 show-source: true + namespace_mapping.yaml: | + namespace_mapping: + template: '{{ project }}-{{ domain }}' --- # Source: dataplane/templates/clusterresourcesync/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: union-clusterresource-template + name: clusterresource-template namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -1418,47 +1415,6 @@ data: plugins: logs: cloudwatch-enabled: false - dynamic-log-links: - - vscode: - displayName: VS Code Debugger - linkType: ide - templateUris: - - /dataplane/pod/v1/generated_name/6060/task/{{.executionProject}}/{{.executionDomain}}/{{.executionName}}/{{.nodeID}}/{{.taskRetryAttempt}}/{{ .Values.global.CLUSTER_NAME }}/{{.namespace}}/{{.taskProject}}/{{.taskDomain}}/{{.taskID}}/{{.taskVersion}}/{{.generatedName}}/ - - wandb-execution-id: - displayName: Weights & Biases - linkType: dashboard - templateUris: - - '{{ .taskConfig.host }}/{{ .taskConfig.entity }}/{{ .taskConfig.project - }}/runs/{{ .podName }}' - - wandb-custom-id: - displayName: Weights & Biases - linkType: dashboard - templateUris: - - '{{ .taskConfig.host }}/{{ .taskConfig.entity }}/{{ .taskConfig.project - }}/runs/{{ .taskConfig.id }}' - - comet-ml-execution-id: - displayName: Comet - linkType: dashboard - templateUris: '{{ .taskConfig.host }}/{{ .taskConfig.workspace }}/{{ - .taskConfig.project_name }}/{{ .executionName }}{{ .nodeId }}{{ - .taskRetryAttempt }}{{ .taskConfig.link_suffix }}' - - comet-ml-custom-id: - displayName: Comet - linkType: dashboard - templateUris: '{{ .taskConfig.host }}/{{ .taskConfig.workspace }}/{{ - .taskConfig.project_name }}/{{ .taskConfig.experiment_key }}' - - neptune-scale-run: - displayName: Neptune Run - linkType: dashboard - templateUris: - - https://scale.neptune.ai/{{ .taskConfig.project }}/-/run/?customId={{ - .podName }} - - neptune-scale-custom-id: - displayName: Neptune Run - linkType: dashboard - templateUris: - - https://scale.neptune.ai/{{ .taskConfig.project }}/-/run/?customId={{ - .taskConfig.id }} kubernetes-enabled: true enabled_plugins.yaml: | tasks: @@ -1493,6 +1449,8 @@ data: cpu: 4096 gpu: 256 memory: 2Ti + namespace_mapping: + template: '{{ project }}-{{ domain }}' union: connection: host: dns:///test-controlplane-host @@ -1621,8 +1579,6 @@ data: userRoleKey: 'eks.amazonaws.com/role-arn' collectUsages: enabled: true - collectBillableResourceUsage: - enabled: false billableUsageCollector: enabled: true dependenciesHeartbeat: @@ -1632,6 +1588,8 @@ data: endpoint: 'http://flytepropeller:10254' proxy: endpoint: 'http://union-operator-proxy:10254' + org: + namespaceTemplate: "{{ project }}-{{ domain }}" imageBuilder: enabled: true executionNamespaceLabels: @@ -1795,6 +1753,10 @@ data: logger: level: 4 show-source: true + namespace_config.yaml: | + namespace_config: + namespace_mapping: + template: '{{ project }}-{{ domain }}' resource_manager.yaml: | propeller: resourcemanager: @@ -2259,7 +2221,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: union-clustersync-resource + name: clustersync-resource rules: - apiGroups: - "" @@ -2629,28 +2591,28 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: union-clustersync-resource + name: clustersync-resource roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: clustersync-resource subjects: - kind: ServiceAccount - name: union-clustersync-system + name: clustersync-system namespace: union --- # Source: dataplane/templates/clusterresourcesync/serviceaccount.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: union-clustersync-auth-delegator + name: clustersync-auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount - name: union-clustersync-system + name: clustersync-system namespace: union --- # Source: dataplane/templates/nodeexecutor/serviceaccount.yaml @@ -4396,7 +4358,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: union-syncresources + name: syncresources namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -4412,7 +4374,7 @@ spec: template: metadata: annotations: - configChecksum: "4c10925a32e76bd929981340593aa27527dc5f5827716a704f673db74981dc5" + configChecksum: "54c5ffbe8beb6b5ec25a855bacd87aa728829fbe90a6f304588683952f656e1" labels: @@ -4460,7 +4422,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: "IfNotPresent" name: sync-cluster-resources resources: @@ -4479,13 +4441,13 @@ spec: mountPath: /etc/flyte/config ports: - containerPort: 10254 - serviceAccountName: union-clustersync-system + serviceAccountName: clustersync-system volumes: - configMap: - name: union-clusterresource-template + name: clusterresource-template name: resource-templates - configMap: - name: union-clusterresourcesync-config + name: flyte-clusterresourcesync-config name: config-volume - name: auth secret: @@ -4511,16 +4473,13 @@ spec: app.kubernetes.io/instance: release-name template: metadata: - annotations: - container.apparmor.security.beta.kubernetes.io/buildkit: unconfined labels: app.kubernetes.io/name: imagebuilder-buildkit app.kubernetes.io/instance: release-name spec: - serviceAccountName: "union-imagebuilder" containers: - name: "buildkit" - image: "docker.io/moby/buildkit:buildx-stable-1-rootless" + image: "moby/buildkit:latest" imagePullPolicy: IfNotPresent env: - name: POD_NAME @@ -4555,18 +4514,15 @@ spec: - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal volumeMounts: - - mountPath: /home/user/.local/share/buildkit - name: buildkitd - mountPath: /etc/buildkit name: buildkit-config args: - --config - /etc/buildkit/buildkitd.toml - --addr - - unix:///run/user/1000/buildkit/buildkitd.sock + - unix:///run//buildkit/buildkitd.sock - --addr - tcp://0.0.0.0:1234 - - --oci-worker-no-process-sandbox ports: - name: tcp containerPort: 1234 @@ -4588,18 +4544,13 @@ spec: initialDelaySeconds: 5 periodSeconds: 30 securityContext: - seccompProfile: # Needs Kubernetes >= 1.19 - type: Unconfined - runAsUser: 1000 - runAsGroup: 1000 + privileged: true resources: requests: cpu: 1 ephemeral-storage: 20Gi memory: 1Gi volumes: - - name: buildkitd - emptyDir: {} - configMap: name: union-operator-buildkit name: buildkit-config @@ -4628,7 +4579,7 @@ spec: template: metadata: annotations: - configChecksum: "71f13cdc28f478300a3a90f5237a97936a1d96315c52911dff8b0756be1304f" + configChecksum: "035c3c8bb001fbf946b0477333131ecdcf9eae806a8c1ac0b44648e2b83425b" labels: app: executor @@ -4648,7 +4599,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: IfNotPresent command: - executor @@ -4729,7 +4680,7 @@ spec: template: metadata: annotations: - configChecksum: "aa0b3e931973af95466cb9c822de00987868ffab27ce820f7949f1b507fca88" + configChecksum: "b93252b99319bdfcb7c24edb234dfdd30e2a7cb24eab07320fedd42626722ff" labels: @@ -4756,7 +4707,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -4824,7 +4775,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: IfNotPresent args: - cloudflared @@ -4866,7 +4817,7 @@ spec: template: metadata: annotations: - configChecksum: "aa0b3e931973af95466cb9c822de00987868ffab27ce820f7949f1b507fca88" + configChecksum: "b93252b99319bdfcb7c24edb234dfdd30e2a7cb24eab07320fedd42626722ff" labels: @@ -4889,7 +4840,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -4983,7 +4934,7 @@ spec: platform.union.ai/service-group: release-name app.kubernetes.io/managed-by: Helm annotations: - configChecksum: "ed08f5a0ef5d77051b1af982bca6e255e12245db7f508442075567beabe1106" + configChecksum: "ce28c1ece19c982aaa77267a6d9f6b1818e9477097b789666fbe0d216d37060" spec: securityContext: @@ -4996,7 +4947,7 @@ spec: serviceAccountName: flytepropeller-webhook-system initContainers: - name: generate-secrets - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -5051,7 +5002,7 @@ spec: memory: 500Mi containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -5138,7 +5089,7 @@ spec: template: metadata: annotations: - configChecksum: "ed08f5a0ef5d77051b1af982bca6e255e12245db7f508442075567beabe1106" + configChecksum: "ce28c1ece19c982aaa77267a6d9f6b1818e9477097b789666fbe0d216d37060" labels: @@ -5188,7 +5139,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: "IfNotPresent" name: flytepropeller ports: diff --git a/tests/generated/dataplane.fully-selfhosted.yaml b/tests/generated/dataplane.fully-selfhosted.yaml index 820b5008..4ff3412d 100644 --- a/tests/generated/dataplane.fully-selfhosted.yaml +++ b/tests/generated/dataplane.fully-selfhosted.yaml @@ -124,15 +124,9 @@ automountServiceAccountToken: true apiVersion: v1 kind: ServiceAccount metadata: - name: union-clustersync-system + name: clustersync-system namespace: union --- -# Source: dataplane/templates/imagebuilder/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: union-imagebuilder ---- # Source: dataplane/templates/nodeexecutor/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount @@ -200,7 +194,7 @@ type: Opaque apiVersion: v1 kind: ConfigMap metadata: - name: union-clusterresourcesync-config + name: flyte-clusterresourcesync-config namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -287,12 +281,15 @@ data: logger: level: 4 show-source: true + namespace_mapping.yaml: | + namespace_mapping: + template: '{{ project }}-{{ domain }}' --- # Source: dataplane/templates/clusterresourcesync/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: union-clusterresource-template + name: clusterresource-template namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -431,47 +428,6 @@ data: plugins: logs: cloudwatch-enabled: false - dynamic-log-links: - - vscode: - displayName: VS Code Debugger - linkType: ide - templateUris: - - /dataplane/pod/v1/generated_name/6060/task/{{.executionProject}}/{{.executionDomain}}/{{.executionName}}/{{.nodeID}}/{{.taskRetryAttempt}}/{{ .Values.global.CLUSTER_NAME }}/{{.namespace}}/{{.taskProject}}/{{.taskDomain}}/{{.taskID}}/{{.taskVersion}}/{{.generatedName}}/ - - wandb-execution-id: - displayName: Weights & Biases - linkType: dashboard - templateUris: - - '{{ .taskConfig.host }}/{{ .taskConfig.entity }}/{{ .taskConfig.project - }}/runs/{{ .podName }}' - - wandb-custom-id: - displayName: Weights & Biases - linkType: dashboard - templateUris: - - '{{ .taskConfig.host }}/{{ .taskConfig.entity }}/{{ .taskConfig.project - }}/runs/{{ .taskConfig.id }}' - - comet-ml-execution-id: - displayName: Comet - linkType: dashboard - templateUris: '{{ .taskConfig.host }}/{{ .taskConfig.workspace }}/{{ - .taskConfig.project_name }}/{{ .executionName }}{{ .nodeId }}{{ - .taskRetryAttempt }}{{ .taskConfig.link_suffix }}' - - comet-ml-custom-id: - displayName: Comet - linkType: dashboard - templateUris: '{{ .taskConfig.host }}/{{ .taskConfig.workspace }}/{{ - .taskConfig.project_name }}/{{ .taskConfig.experiment_key }}' - - neptune-scale-run: - displayName: Neptune Run - linkType: dashboard - templateUris: - - https://scale.neptune.ai/{{ .taskConfig.project }}/-/run/?customId={{ - .podName }} - - neptune-scale-custom-id: - displayName: Neptune Run - linkType: dashboard - templateUris: - - https://scale.neptune.ai/{{ .taskConfig.project }}/-/run/?customId={{ - .taskConfig.id }} kubernetes-enabled: true enabled_plugins.yaml: | tasks: @@ -506,6 +462,8 @@ data: cpu: 4096 gpu: 256 memory: 2Ti + namespace_mapping: + template: '{{ project }}-{{ domain }}' union: connection: host: dns:/// @@ -642,8 +600,6 @@ data: userRoleKey: 'eks.amazonaws.com/role-arn' collectUsages: enabled: true - collectBillableResourceUsage: - enabled: false billableUsageCollector: enabled: false dependenciesHeartbeat: @@ -653,6 +609,8 @@ data: endpoint: 'http://flytepropeller:10254' proxy: endpoint: 'http://union-operator-proxy:10254' + org: + namespaceTemplate: "{{ project }}-{{ domain }}" imageBuilder: enabled: true executionNamespaceLabels: @@ -828,6 +786,10 @@ data: logger: level: 4 show-source: true + namespace_config.yaml: | + namespace_config: + namespace_mapping: + template: '{{ project }}-{{ domain }}' resource_manager.yaml: | propeller: resourcemanager: @@ -1283,7 +1245,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: union-clustersync-resource + name: clustersync-resource rules: - apiGroups: - "" @@ -1634,28 +1596,28 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: union-clustersync-resource + name: clustersync-resource roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: clustersync-resource subjects: - kind: ServiceAccount - name: union-clustersync-system + name: clustersync-system namespace: union --- # Source: dataplane/templates/clusterresourcesync/serviceaccount.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: union-clustersync-auth-delegator + name: clustersync-auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount - name: union-clustersync-system + name: clustersync-system namespace: union --- # Source: dataplane/templates/nodeexecutor/serviceaccount.yaml @@ -2615,7 +2577,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: union-syncresources + name: syncresources namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -2631,7 +2593,7 @@ spec: template: metadata: annotations: - configChecksum: "82cfe6bdee45aed1dd8245a73999608b8268148a8c7975ab0a20bb88bb4be19" + configChecksum: "1505cf93648f172b5c9aba95ca7eea2fd492c921b86a81215b51b7c989bc6bb" labels: @@ -2679,7 +2641,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: "IfNotPresent" name: sync-cluster-resources resources: @@ -2696,13 +2658,13 @@ spec: mountPath: /etc/flyte/config ports: - containerPort: 10254 - serviceAccountName: union-clustersync-system + serviceAccountName: clustersync-system volumes: - configMap: - name: union-clusterresource-template + name: clusterresource-template name: resource-templates - configMap: - name: union-clusterresourcesync-config + name: flyte-clusterresourcesync-config name: config-volume --- # Source: dataplane/templates/imagebuilder/deployment.yaml @@ -2725,16 +2687,13 @@ spec: app.kubernetes.io/instance: release-name template: metadata: - annotations: - container.apparmor.security.beta.kubernetes.io/buildkit: unconfined labels: app.kubernetes.io/name: imagebuilder-buildkit app.kubernetes.io/instance: release-name spec: - serviceAccountName: "union-imagebuilder" containers: - name: "buildkit" - image: "docker.io/moby/buildkit:buildx-stable-1-rootless" + image: "moby/buildkit:latest" imagePullPolicy: IfNotPresent env: - name: POD_NAME @@ -2769,18 +2728,15 @@ spec: - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal volumeMounts: - - mountPath: /home/user/.local/share/buildkit - name: buildkitd - mountPath: /etc/buildkit name: buildkit-config args: - --config - /etc/buildkit/buildkitd.toml - --addr - - unix:///run/user/1000/buildkit/buildkitd.sock + - unix:///run//buildkit/buildkitd.sock - --addr - tcp://0.0.0.0:1234 - - --oci-worker-no-process-sandbox ports: - name: tcp containerPort: 1234 @@ -2802,18 +2758,13 @@ spec: initialDelaySeconds: 5 periodSeconds: 30 securityContext: - seccompProfile: # Needs Kubernetes >= 1.19 - type: Unconfined - runAsUser: 1000 - runAsGroup: 1000 + privileged: true resources: requests: cpu: 1 ephemeral-storage: 20Gi memory: 1Gi volumes: - - name: buildkitd - emptyDir: {} - configMap: name: union-operator-buildkit name: buildkit-config @@ -2842,7 +2793,7 @@ spec: template: metadata: annotations: - configChecksum: "d714568b3dd8af97f1b334de6d7014002d6e6ea02e4a341fc49cdb593199381" + configChecksum: "2236e7e8bc2d8b00df3c7fab839fee49535062eb4481ba1dfbea0b758b4c88a" labels: app: executor @@ -2856,7 +2807,7 @@ spec: name: executor containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: IfNotPresent command: - executor @@ -2933,7 +2884,7 @@ spec: template: metadata: annotations: - configChecksum: "a1ad51467d053b9a340c1c604c1882e120eba8b3cce0f8eb5d0284c7e8ed54a" + configChecksum: "3aec08098dc16cd1131f136a333f194706fd1f08731eeceee9b4edc262133f5" labels: @@ -2957,7 +2908,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -3039,7 +2990,7 @@ spec: template: metadata: annotations: - configChecksum: "a1ad51467d053b9a340c1c604c1882e120eba8b3cce0f8eb5d0284c7e8ed54a" + configChecksum: "3aec08098dc16cd1131f136a333f194706fd1f08731eeceee9b4edc262133f5" labels: @@ -3059,7 +3010,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -3151,7 +3102,7 @@ spec: platform.union.ai/service-group: release-name app.kubernetes.io/managed-by: Helm annotations: - configChecksum: "915dd1c16576bf7f84b7293876a05f5b66993798003e1ce6a9fc2da8a861b26" + configChecksum: "dfe184061ce334f96f260b7a43383a53b8dd2604ce86eb1cc0adf0b42497119" spec: securityContext: @@ -3164,7 +3115,7 @@ spec: serviceAccountName: flytepropeller-webhook-system initContainers: - name: generate-secrets - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -3219,7 +3170,7 @@ spec: memory: 500Mi containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -3306,7 +3257,7 @@ spec: template: metadata: annotations: - configChecksum: "915dd1c16576bf7f84b7293876a05f5b66993798003e1ce6a9fc2da8a861b26" + configChecksum: "dfe184061ce334f96f260b7a43383a53b8dd2604ce86eb1cc0adf0b42497119" labels: @@ -3356,7 +3307,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" imagePullPolicy: "IfNotPresent" name: flytepropeller ports: diff --git a/tests/values/dataplane.aws.yaml b/tests/values/dataplane.aws.yaml index ad69d6eb..98a1e9ff 100644 --- a/tests/values/dataplane.aws.yaml +++ b/tests/values/dataplane.aws.yaml @@ -1,4 +1,9 @@ # Intended to match and test charts/dataplane/values.aws.yaml + +# Test namespace_mapping cascading to all services +namespace_mapping: + template: '{{`{{ project }}`}}-{{`{{ domain }}`}}' + global: UNION_CONTROL_PLANE_HOST: "test-controlplane-host" CLUSTER_NAME: "test-cluster-name" diff --git a/tests/values/dataplane.fully-selfhosted.yaml b/tests/values/dataplane.fully-selfhosted.yaml index e55ecdb0..778b162d 100644 --- a/tests/values/dataplane.fully-selfhosted.yaml +++ b/tests/values/dataplane.fully-selfhosted.yaml @@ -1,3 +1,7 @@ +# Test namespace_mapping cascading to all services +namespace_mapping: + template: '{{`{{ project }}`}}-{{`{{ domain }}`}}' + serving: auth: enabled: false From 07131c49855e11e58dc0ccecd782f88660fe013c Mon Sep 17 00:00:00 2001 From: Michael Hotan Date: Tue, 3 Mar 2026 23:05:12 -0800 Subject: [PATCH 3/5] Regenerate golden files for helm-test Co-Authored-By: Claude Opus 4.6 --- tests/generated/dataplane.aws.yaml | 71 ++++++++++++------- .../generated/dataplane.fully-selfhosted.yaml | 69 +++++++++++------- 2 files changed, 89 insertions(+), 51 deletions(-) diff --git a/tests/generated/dataplane.aws.yaml b/tests/generated/dataplane.aws.yaml index ba26ab97..19a92d33 100644 --- a/tests/generated/dataplane.aws.yaml +++ b/tests/generated/dataplane.aws.yaml @@ -183,11 +183,17 @@ automountServiceAccountToken: true apiVersion: v1 kind: ServiceAccount metadata: - name: clustersync-system + name: union-clustersync-system namespace: union annotations: eks.amazonaws.com/role-arn: 'test-backend-iam-role-arn' --- +# Source: dataplane/templates/imagebuilder/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: union-imagebuilder +--- # Source: dataplane/templates/nodeexecutor/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount @@ -1182,7 +1188,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: flyte-clusterresourcesync-config + name: union-clusterresourcesync-config namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -1276,7 +1282,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: clusterresource-template + name: union-clusterresource-template namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -1579,6 +1585,8 @@ data: userRoleKey: 'eks.amazonaws.com/role-arn' collectUsages: enabled: true + collectBillableResourceUsage: + enabled: false billableUsageCollector: enabled: true dependenciesHeartbeat: @@ -2221,7 +2229,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: clustersync-resource + name: union-clustersync-resource rules: - apiGroups: - "" @@ -2591,28 +2599,28 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: clustersync-resource + name: union-clustersync-resource roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: clustersync-resource subjects: - kind: ServiceAccount - name: clustersync-system + name: union-clustersync-system namespace: union --- # Source: dataplane/templates/clusterresourcesync/serviceaccount.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: clustersync-auth-delegator + name: union-clustersync-auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount - name: clustersync-system + name: union-clustersync-system namespace: union --- # Source: dataplane/templates/nodeexecutor/serviceaccount.yaml @@ -4358,7 +4366,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: union-syncresources namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -4374,7 +4382,7 @@ spec: template: metadata: annotations: - configChecksum: "54c5ffbe8beb6b5ec25a855bacd87aa728829fbe90a6f304588683952f656e1" + configChecksum: "96e08b4b50439ee97d49319af9b9c392cffe7461c4ffe74aeaa4860d09c0aa8" labels: @@ -4422,7 +4430,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: "IfNotPresent" name: sync-cluster-resources resources: @@ -4441,13 +4449,13 @@ spec: mountPath: /etc/flyte/config ports: - containerPort: 10254 - serviceAccountName: clustersync-system + serviceAccountName: union-clustersync-system volumes: - configMap: - name: clusterresource-template + name: union-clusterresource-template name: resource-templates - configMap: - name: flyte-clusterresourcesync-config + name: union-clusterresourcesync-config name: config-volume - name: auth secret: @@ -4473,13 +4481,16 @@ spec: app.kubernetes.io/instance: release-name template: metadata: + annotations: + container.apparmor.security.beta.kubernetes.io/buildkit: unconfined labels: app.kubernetes.io/name: imagebuilder-buildkit app.kubernetes.io/instance: release-name spec: + serviceAccountName: "union-imagebuilder" containers: - name: "buildkit" - image: "moby/buildkit:latest" + image: "docker.io/moby/buildkit:buildx-stable-1-rootless" imagePullPolicy: IfNotPresent env: - name: POD_NAME @@ -4514,15 +4525,18 @@ spec: - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal volumeMounts: + - mountPath: /home/user/.local/share/buildkit + name: buildkitd - mountPath: /etc/buildkit name: buildkit-config args: - --config - /etc/buildkit/buildkitd.toml - --addr - - unix:///run//buildkit/buildkitd.sock + - unix:///run/user/1000/buildkit/buildkitd.sock - --addr - tcp://0.0.0.0:1234 + - --oci-worker-no-process-sandbox ports: - name: tcp containerPort: 1234 @@ -4544,13 +4558,18 @@ spec: initialDelaySeconds: 5 periodSeconds: 30 securityContext: - privileged: true + seccompProfile: # Needs Kubernetes >= 1.19 + type: Unconfined + runAsUser: 1000 + runAsGroup: 1000 resources: requests: cpu: 1 ephemeral-storage: 20Gi memory: 1Gi volumes: + - name: buildkitd + emptyDir: {} - configMap: name: union-operator-buildkit name: buildkit-config @@ -4599,7 +4618,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: IfNotPresent command: - executor @@ -4680,7 +4699,7 @@ spec: template: metadata: annotations: - configChecksum: "b93252b99319bdfcb7c24edb234dfdd30e2a7cb24eab07320fedd42626722ff" + configChecksum: "071c066b54a8d9b15360f8d98529029af0e3c7748deb7436d95df1ef3ac4578" labels: @@ -4707,7 +4726,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -4775,7 +4794,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -4817,7 +4836,7 @@ spec: template: metadata: annotations: - configChecksum: "b93252b99319bdfcb7c24edb234dfdd30e2a7cb24eab07320fedd42626722ff" + configChecksum: "071c066b54a8d9b15360f8d98529029af0e3c7748deb7436d95df1ef3ac4578" labels: @@ -4840,7 +4859,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -4947,7 +4966,7 @@ spec: serviceAccountName: flytepropeller-webhook-system initContainers: - name: generate-secrets - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -5002,7 +5021,7 @@ spec: memory: 500Mi containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -5139,7 +5158,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: "IfNotPresent" name: flytepropeller ports: diff --git a/tests/generated/dataplane.fully-selfhosted.yaml b/tests/generated/dataplane.fully-selfhosted.yaml index 4ff3412d..014dce5c 100644 --- a/tests/generated/dataplane.fully-selfhosted.yaml +++ b/tests/generated/dataplane.fully-selfhosted.yaml @@ -124,9 +124,15 @@ automountServiceAccountToken: true apiVersion: v1 kind: ServiceAccount metadata: - name: clustersync-system + name: union-clustersync-system namespace: union --- +# Source: dataplane/templates/imagebuilder/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: union-imagebuilder +--- # Source: dataplane/templates/nodeexecutor/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount @@ -194,7 +200,7 @@ type: Opaque apiVersion: v1 kind: ConfigMap metadata: - name: flyte-clusterresourcesync-config + name: union-clusterresourcesync-config namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -289,7 +295,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: clusterresource-template + name: union-clusterresource-template namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -600,6 +606,8 @@ data: userRoleKey: 'eks.amazonaws.com/role-arn' collectUsages: enabled: true + collectBillableResourceUsage: + enabled: false billableUsageCollector: enabled: false dependenciesHeartbeat: @@ -1245,7 +1253,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: clustersync-resource + name: union-clustersync-resource rules: - apiGroups: - "" @@ -1596,28 +1604,28 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: clustersync-resource + name: union-clustersync-resource roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: clustersync-resource subjects: - kind: ServiceAccount - name: clustersync-system + name: union-clustersync-system namespace: union --- # Source: dataplane/templates/clusterresourcesync/serviceaccount.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: clustersync-auth-delegator + name: union-clustersync-auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount - name: clustersync-system + name: union-clustersync-system namespace: union --- # Source: dataplane/templates/nodeexecutor/serviceaccount.yaml @@ -2577,7 +2585,7 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: syncresources + name: union-syncresources namespace: union labels: app.kubernetes.io/name: clusterresourcesync @@ -2593,7 +2601,7 @@ spec: template: metadata: annotations: - configChecksum: "1505cf93648f172b5c9aba95ca7eea2fd492c921b86a81215b51b7c989bc6bb" + configChecksum: "e2d33d90f995ae85ac39eef81f2f5a880bbd04474e04814acee17db56f44eb9" labels: @@ -2641,7 +2649,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: "IfNotPresent" name: sync-cluster-resources resources: @@ -2658,13 +2666,13 @@ spec: mountPath: /etc/flyte/config ports: - containerPort: 10254 - serviceAccountName: clustersync-system + serviceAccountName: union-clustersync-system volumes: - configMap: - name: clusterresource-template + name: union-clusterresource-template name: resource-templates - configMap: - name: flyte-clusterresourcesync-config + name: union-clusterresourcesync-config name: config-volume --- # Source: dataplane/templates/imagebuilder/deployment.yaml @@ -2687,13 +2695,16 @@ spec: app.kubernetes.io/instance: release-name template: metadata: + annotations: + container.apparmor.security.beta.kubernetes.io/buildkit: unconfined labels: app.kubernetes.io/name: imagebuilder-buildkit app.kubernetes.io/instance: release-name spec: + serviceAccountName: "union-imagebuilder" containers: - name: "buildkit" - image: "moby/buildkit:latest" + image: "docker.io/moby/buildkit:buildx-stable-1-rootless" imagePullPolicy: IfNotPresent env: - name: POD_NAME @@ -2728,15 +2739,18 @@ spec: - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal volumeMounts: + - mountPath: /home/user/.local/share/buildkit + name: buildkitd - mountPath: /etc/buildkit name: buildkit-config args: - --config - /etc/buildkit/buildkitd.toml - --addr - - unix:///run//buildkit/buildkitd.sock + - unix:///run/user/1000/buildkit/buildkitd.sock - --addr - tcp://0.0.0.0:1234 + - --oci-worker-no-process-sandbox ports: - name: tcp containerPort: 1234 @@ -2758,13 +2772,18 @@ spec: initialDelaySeconds: 5 periodSeconds: 30 securityContext: - privileged: true + seccompProfile: # Needs Kubernetes >= 1.19 + type: Unconfined + runAsUser: 1000 + runAsGroup: 1000 resources: requests: cpu: 1 ephemeral-storage: 20Gi memory: 1Gi volumes: + - name: buildkitd + emptyDir: {} - configMap: name: union-operator-buildkit name: buildkit-config @@ -2807,7 +2826,7 @@ spec: name: executor containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: IfNotPresent command: - executor @@ -2884,7 +2903,7 @@ spec: template: metadata: annotations: - configChecksum: "3aec08098dc16cd1131f136a333f194706fd1f08731eeceee9b4edc262133f5" + configChecksum: "2c4a7051e59f1a44007742d413b7a3abe8b2fe4ac12c859a0bd4f3a27a84d96" labels: @@ -2908,7 +2927,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -2990,7 +3009,7 @@ spec: template: metadata: annotations: - configChecksum: "3aec08098dc16cd1131f136a333f194706fd1f08731eeceee9b4edc262133f5" + configChecksum: "2c4a7051e59f1a44007742d413b7a3abe8b2fe4ac12c859a0bd4f3a27a84d96" labels: @@ -3010,7 +3029,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -3115,7 +3134,7 @@ spec: serviceAccountName: flytepropeller-webhook-system initContainers: - name: generate-secrets - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -3170,7 +3189,7 @@ spec: memory: 500Mi containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -3307,7 +3326,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.2.3" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" imagePullPolicy: "IfNotPresent" name: flytepropeller ports: From c3b5c7dc33f2445ec3a760c70d2b490c0522fd11 Mon Sep 17 00:00:00 2001 From: Michael Hotan Date: Wed, 4 Mar 2026 08:30:05 -0800 Subject: [PATCH 4/5] Regenerate golden files after rebase onto main Co-Authored-By: Claude Opus 4.6 --- tests/generated/dataplane.aws.yaml | 59 ++++++++++++++++--- .../generated/dataplane.fully-selfhosted.yaml | 57 +++++++++++++++--- 2 files changed, 99 insertions(+), 17 deletions(-) diff --git a/tests/generated/dataplane.aws.yaml b/tests/generated/dataplane.aws.yaml index 19a92d33..b949c4e7 100644 --- a/tests/generated/dataplane.aws.yaml +++ b/tests/generated/dataplane.aws.yaml @@ -1421,6 +1421,47 @@ data: plugins: logs: cloudwatch-enabled: false + dynamic-log-links: + - vscode: + displayName: VS Code Debugger + linkType: ide + templateUris: + - /dataplane/pod/v1/generated_name/6060/task/{{.executionProject}}/{{.executionDomain}}/{{.executionName}}/{{.nodeID}}/{{.taskRetryAttempt}}/{{ .Values.global.CLUSTER_NAME }}/{{.namespace}}/{{.taskProject}}/{{.taskDomain}}/{{.taskID}}/{{.taskVersion}}/{{.generatedName}}/ + - wandb-execution-id: + displayName: Weights & Biases + linkType: dashboard + templateUris: + - '{{ .taskConfig.host }}/{{ .taskConfig.entity }}/{{ .taskConfig.project + }}/runs/{{ .podName }}' + - wandb-custom-id: + displayName: Weights & Biases + linkType: dashboard + templateUris: + - '{{ .taskConfig.host }}/{{ .taskConfig.entity }}/{{ .taskConfig.project + }}/runs/{{ .taskConfig.id }}' + - comet-ml-execution-id: + displayName: Comet + linkType: dashboard + templateUris: '{{ .taskConfig.host }}/{{ .taskConfig.workspace }}/{{ + .taskConfig.project_name }}/{{ .executionName }}{{ .nodeId }}{{ + .taskRetryAttempt }}{{ .taskConfig.link_suffix }}' + - comet-ml-custom-id: + displayName: Comet + linkType: dashboard + templateUris: '{{ .taskConfig.host }}/{{ .taskConfig.workspace }}/{{ + .taskConfig.project_name }}/{{ .taskConfig.experiment_key }}' + - neptune-scale-run: + displayName: Neptune Run + linkType: dashboard + templateUris: + - https://scale.neptune.ai/{{ .taskConfig.project }}/-/run/?customId={{ + .podName }} + - neptune-scale-custom-id: + displayName: Neptune Run + linkType: dashboard + templateUris: + - https://scale.neptune.ai/{{ .taskConfig.project }}/-/run/?customId={{ + .taskConfig.id }} kubernetes-enabled: true enabled_plugins.yaml: | tasks: @@ -4430,7 +4471,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: "IfNotPresent" name: sync-cluster-resources resources: @@ -4598,7 +4639,7 @@ spec: template: metadata: annotations: - configChecksum: "035c3c8bb001fbf946b0477333131ecdcf9eae806a8c1ac0b44648e2b83425b" + configChecksum: "abb00a305bfda2dcf825ac2267a95fe083054bb9ce97bb8bc3f2be362fd863e" labels: app: executor @@ -4618,7 +4659,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: IfNotPresent command: - executor @@ -4726,7 +4767,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -4794,7 +4835,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: IfNotPresent args: - cloudflared @@ -4859,7 +4900,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -4966,7 +5007,7 @@ spec: serviceAccountName: flytepropeller-webhook-system initContainers: - name: generate-secrets - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -5021,7 +5062,7 @@ spec: memory: 500Mi containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -5158,7 +5199,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: "IfNotPresent" name: flytepropeller ports: diff --git a/tests/generated/dataplane.fully-selfhosted.yaml b/tests/generated/dataplane.fully-selfhosted.yaml index 014dce5c..b773a307 100644 --- a/tests/generated/dataplane.fully-selfhosted.yaml +++ b/tests/generated/dataplane.fully-selfhosted.yaml @@ -434,6 +434,47 @@ data: plugins: logs: cloudwatch-enabled: false + dynamic-log-links: + - vscode: + displayName: VS Code Debugger + linkType: ide + templateUris: + - /dataplane/pod/v1/generated_name/6060/task/{{.executionProject}}/{{.executionDomain}}/{{.executionName}}/{{.nodeID}}/{{.taskRetryAttempt}}/{{ .Values.global.CLUSTER_NAME }}/{{.namespace}}/{{.taskProject}}/{{.taskDomain}}/{{.taskID}}/{{.taskVersion}}/{{.generatedName}}/ + - wandb-execution-id: + displayName: Weights & Biases + linkType: dashboard + templateUris: + - '{{ .taskConfig.host }}/{{ .taskConfig.entity }}/{{ .taskConfig.project + }}/runs/{{ .podName }}' + - wandb-custom-id: + displayName: Weights & Biases + linkType: dashboard + templateUris: + - '{{ .taskConfig.host }}/{{ .taskConfig.entity }}/{{ .taskConfig.project + }}/runs/{{ .taskConfig.id }}' + - comet-ml-execution-id: + displayName: Comet + linkType: dashboard + templateUris: '{{ .taskConfig.host }}/{{ .taskConfig.workspace }}/{{ + .taskConfig.project_name }}/{{ .executionName }}{{ .nodeId }}{{ + .taskRetryAttempt }}{{ .taskConfig.link_suffix }}' + - comet-ml-custom-id: + displayName: Comet + linkType: dashboard + templateUris: '{{ .taskConfig.host }}/{{ .taskConfig.workspace }}/{{ + .taskConfig.project_name }}/{{ .taskConfig.experiment_key }}' + - neptune-scale-run: + displayName: Neptune Run + linkType: dashboard + templateUris: + - https://scale.neptune.ai/{{ .taskConfig.project }}/-/run/?customId={{ + .podName }} + - neptune-scale-custom-id: + displayName: Neptune Run + linkType: dashboard + templateUris: + - https://scale.neptune.ai/{{ .taskConfig.project }}/-/run/?customId={{ + .taskConfig.id }} kubernetes-enabled: true enabled_plugins.yaml: | tasks: @@ -2649,7 +2690,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: "IfNotPresent" name: sync-cluster-resources resources: @@ -2812,7 +2853,7 @@ spec: template: metadata: annotations: - configChecksum: "2236e7e8bc2d8b00df3c7fab839fee49535062eb4481ba1dfbea0b758b4c88a" + configChecksum: "4857510c582cb1e2132b8e75575f26493e3b7d51c0e1638e7ee3dff738dda98" labels: app: executor @@ -2826,7 +2867,7 @@ spec: name: executor containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: IfNotPresent command: - executor @@ -2927,7 +2968,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -3029,7 +3070,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -3134,7 +3175,7 @@ spec: serviceAccountName: flytepropeller-webhook-system initContainers: - name: generate-secrets - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -3189,7 +3230,7 @@ spec: memory: 500Mi containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -3326,7 +3367,7 @@ spec: value: http://union-operator-prometheus:80 - name: KNATIVE_PROXY_SERVICE_URL value: http://kourier-internal - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.0" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.3.2" imagePullPolicy: "IfNotPresent" name: flytepropeller ports: From a8e18c3d96641858cf57970ab5b1871f73d5291f Mon Sep 17 00:00:00 2001 From: Michael Hotan Date: Wed, 4 Mar 2026 08:37:31 -0800 Subject: [PATCH 5/5] Add namespace_mapping docs to controlplane values.yaml Co-Authored-By: Claude Opus 4.6 --- charts/controlplane/values.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/charts/controlplane/values.yaml b/charts/controlplane/values.yaml index a2859401..02b9d5b8 100644 --- a/charts/controlplane/values.yaml +++ b/charts/controlplane/values.yaml @@ -1013,6 +1013,15 @@ flyte: maxOpenConnections: 20 connMaxLifeTime: 120s configmap: + # --- Namespace Mapping (flyteadmin) --- + # Controls how flyteadmin maps project-domain pairs to Kubernetes namespaces. + # MUST match the dataplane's namespace_mapping value. + # Default (if unset): "{{ project }}-{{ domain }}" + # + # namespace_config: + # namespace_mapping: + # template: "{{ project }}-{{ domain }}" + adminServer: admin: endpoint: 'dns:///{{ .Values.global.UNION_HOST }}'