diff --git a/charts/controlplane/templates/_helpers.tpl b/charts/controlplane/templates/_helpers.tpl index ed440fcc..9b1ad90f 100644 --- a/charts/controlplane/templates/_helpers.tpl +++ b/charts/controlplane/templates/_helpers.tpl @@ -290,9 +290,9 @@ default {{- define "unionai.sharedService" -}} {{- if and (hasKey .config "sharedService") }} -{{ .config.sharedService }} +{{ toYaml .config.sharedService }} {{- else if and (hasKey .Values "sharedService") }} -{{ .Values.sharedService }} +{{ toYaml .Values.sharedService }} {{- else }} {} {{- end }} @@ -300,9 +300,9 @@ default {{- define "unionai.sync" -}} {{- if and (hasKey .config "sync") }} -{{ .config.sync }} +{{ toYaml .config.sync }} {{- else if and (hasKey .Values "sync") }} -{{ .Values.sync }} +{{ toYaml .Values.sync }} {{- else }} {} {{- end }} diff --git a/charts/controlplane/templates/cacheservice/deployment.yaml b/charts/controlplane/templates/cacheservice/deployment.yaml index dde0f4fa..351140fd 100644 --- a/charts/controlplane/templates/cacheservice/deployment.yaml +++ b/charts/controlplane/templates/cacheservice/deployment.yaml @@ -66,9 +66,12 @@ spec: imagePullPolicy: "{{ .Values.flyte.cacheservice.image.pullPolicy }}" name: cacheservice ports: - - containerPort: 8088 - - containerPort: 8089 - - containerPort: {{ index .Values.flyte.configmap.cacheserviceServer.cacheservice "profiler-port" }} + - name: http + containerPort: 8088 + - name: grpc + containerPort: 8089 + - name: http-metrics + containerPort: {{ index .Values.flyte.configmap.cacheserviceServer.cacheservice "profiler-port" }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/charts/controlplane/templates/cacheservice/service.yaml b/charts/controlplane/templates/cacheservice/service.yaml index 145d8fe4..54186b4c 100644 --- a/charts/controlplane/templates/cacheservice/service.yaml +++ b/charts/controlplane/templates/cacheservice/service.yaml @@ -16,11 +16,11 @@ spec: - name: http port: 88 protocol: TCP - targetPort: 8088 + targetPort: http - name: grpc port: 89 protocol: TCP - targetPort: 8089 + targetPort: grpc - name: http-metrics protocol: TCP port: 10254 diff --git a/charts/controlplane/templates/common/_dataproxy-ingress.yaml b/charts/controlplane/templates/common/_dataproxy-ingress.yaml index 7fb68dc6..800ed47c 100644 --- a/charts/controlplane/templates/common/_dataproxy-ingress.yaml +++ b/charts/controlplane/templates/common/_dataproxy-ingress.yaml @@ -39,12 +39,12 @@ spec: service: name: dataproxy port: - number: 80 + name: grpc - path: /data pathType: Prefix backend: service: name: dataproxy port: - number: 80 + name: grpc {{- end }} diff --git a/charts/controlplane/templates/common/_ingress-protected-console.yaml b/charts/controlplane/templates/common/_ingress-protected-console.yaml index 4ad131d4..4be76d79 100644 --- a/charts/controlplane/templates/common/_ingress-protected-console.yaml +++ b/charts/controlplane/templates/common/_ingress-protected-console.yaml @@ -3,7 +3,7 @@ defaultBackend: service: name: flyteconsole port: - number: 80 + name: http {{- end}} {{- define "protectedConsoleHttpRoutes" -}} @@ -13,7 +13,7 @@ defaultBackend: service: name: flyteconsole port: - number: 80 + name: http # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - path: /console pathType: ImplementationSpecific @@ -21,84 +21,84 @@ defaultBackend: service: name: flyteconsole port: - number: 80 + name: http - path: /console/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /dashboard pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /dashboard/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /resources pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /resources/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /cost pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /cost/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /loading pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /loading/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /v2 pathType: ImplementationSpecific backend: service: name: {{ include "console.fullname" . }} port: - number: 80 + name: http - path: /v2/* pathType: ImplementationSpecific backend: service: name: {{ include "console.fullname" . }} port: - number: 80 + name: http {{- end }} diff --git a/charts/controlplane/templates/common/_ingress-protected.yaml b/charts/controlplane/templates/common/_ingress-protected.yaml index 34ab05b5..8ab47332 100644 --- a/charts/controlplane/templates/common/_ingress-protected.yaml +++ b/charts/controlplane/templates/common/_ingress-protected.yaml @@ -9,42 +9,42 @@ service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.project.ProjectService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.project.ProjectService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.WatchService pathType: ImplementationSpecific @@ -52,7 +52,7 @@ service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.WatchService/* pathType: ImplementationSpecific @@ -60,147 +60,147 @@ service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.cloudadmin.CloudAdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.cloudadmin.CloudAdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.echo.EchoService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.echo.EchoService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService/Stream* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.execution.ExecutionService/GetExecutionOperation pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/Record* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/Update* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.LeaseService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService/Watch* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.LeaseService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunLogsService/TailLogs pathType: ImplementationSpecific @@ -208,56 +208,56 @@ service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService/Watch* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService/TailTaskExecutionLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService/WatchWorkspaceInstances pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc {{- end }} {{- define "appsProtectedStreamingRoutes" -}} @@ -267,56 +267,56 @@ service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppService/Lease pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.app.ReplicaService/WatchReplicas pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/Watch pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/Lease pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.ReplicaService/WatchReplicas pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc {{- end -}} {{- define "appsProtectedConnectRoutes" -}} @@ -326,42 +326,42 @@ service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppLogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.app.ReplicaService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppLogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.ReplicaService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc {{- end -}} {{- define "protectedGrpcRoutes" -}} @@ -371,322 +371,322 @@ service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.execution.ExecutionService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.cluster.ClusterService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterNodepoolService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterNodepoolService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.apikey.APIKeyService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.apikey.APIKeyService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.AppsService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.AppsService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.org.OrgService/* pathType: ImplementationSpecific backend: service: name: organizations port: - number: 80 + name: grpc - path: /cloudidl.org.OrgService pathType: ImplementationSpecific backend: service: name: organizations port: - number: 80 + name: grpc - path: /cloudidl.cloudaccounts.CloudAccountsService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 80 + name: grpc - path: /cloudidl.cloudaccounts.CloudAccountsService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 80 + name: grpc - path: /cloudidl.cluster.ManagedClusterService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ManagedClusterService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.identity.UserService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.UserService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.MemberService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.MemberService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.RoleService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.RoleService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.PolicyService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.PolicyService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.SelfServe/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.SelfServe pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.IdentityService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.IdentityService pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.clusterpool.ClusterPoolService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterpool.ClusterPoolService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterconfig.ClusterConfigService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterconfig.ClusterConfigService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.authorizer.AuthorizerService/* pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 83 + name: connect - path: /cloudidl.authorizer.AuthorizerService pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 83 + name: connect - path: /cloudidl.usage.UsageService/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 83 + name: connect - path: /cloudidl.usage.UsageService pathType: ImplementationSpecific backend: service: name: usage port: - number: 83 + name: connect - path: /datacatalog.DataCatalog/* pathType: ImplementationSpecific backend: service: name: datacatalog port: - number: 89 + name: grpc - path: /datacatalog.DataCatalog pathType: ImplementationSpecific backend: service: name: datacatalog port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.CacheService/* pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.CacheService pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.v2.CacheService/* pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.v2.CacheService pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.agent.AgentService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.agent.AgentService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc {{- if .Values.ingress.secretService }} - path: /cloudidl.secret.SecretService pathType: ImplementationSpecific @@ -694,28 +694,28 @@ service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.secret.SecretService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.secret.SecretService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.secret.SecretService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc {{- end }} - path: /cloudidl.support.SupportService pathType: ImplementationSpecific @@ -723,189 +723,189 @@ service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.clouddataproxy.CloudDataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.clouddataproxy.CloudDataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.dataproxy.DataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.dataproxy.DataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceRegistryService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceRegistryService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TranslatorService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TriggerService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TriggerService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService pathType: ImplementationSpecific @@ -913,84 +913,84 @@ service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.TranslatorService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.trigger.TriggerService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.trigger.TriggerService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc {{- if .Values.objectstore.controlPlane.enabled }} - path: /cloudidl.objectstore.v1.ObjectStoreService pathType: ImplementationSpecific @@ -998,14 +998,14 @@ service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.objectstore.v1.ObjectStoreService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc {{- end }} - path: /cloudidl.imagebuilder.ImageService pathType: ImplementationSpecific @@ -1013,28 +1013,28 @@ service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.imagebuilder.ImageService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.imagebuilder.ImageService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.imagebuilder.ImageService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc {{- if .Values.artifacts.enabled }} - path: /flyteidl.artifact.ArtifactRegistry pathType: ImplementationSpecific @@ -1042,14 +1042,14 @@ service: name: artifacts port: - number: 80 + name: grpc - path: /flyteidl.artifact.ArtifactRegistry/* pathType: ImplementationSpecific backend: service: name: artifacts port: - number: 80 + name: grpc {{- end}} {{- end }} @@ -1060,91 +1060,91 @@ service: name: flyteadmin port: - number: 80 + name: http - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /cloudadmin pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /cloudadmin/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /actor pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /actor/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /agent pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /agent/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /dataplane pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /dataplane/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /spark-history-server pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /spark-history-server/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http {{- if .Values.dataproxy.prometheus.enabled }} - path: /prometheus pathType: ImplementationSpecific @@ -1152,14 +1152,14 @@ service: name: dataproxy port: - number: 81 + name: http - path: /prometheus/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http {{- end }} - path: /api/v1/dataproxy pathType: ImplementationSpecific @@ -1167,280 +1167,280 @@ service: name: dataproxy port: - number: 81 + name: http - path: /api/v1/dataproxy/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /app pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /app/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /apps pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /apps/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /cluster pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /cluster/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterpool pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterpool/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterconfig pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterconfig/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /org pathType: ImplementationSpecific backend: service: name: organizations port: - number: 81 + name: http - path: /org/* pathType: ImplementationSpecific backend: service: name: organizations port: - number: 81 + name: http - path: /managed_cluster pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /managed_cluster/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /authorizer pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 81 + name: http - path: /authorizer/* pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 81 + name: http - path: /oauth_app pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /oauth_app/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /users pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /users/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /members pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /members/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /roles pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /roles/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /policies pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /policies/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /identities pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /identities/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /echo pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /echo/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /execution pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /execution/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_registry pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_registry/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_instance pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_instance/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /usage pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /usage/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http {{- if .Values.artifacts.enabled }} - path: /artifacts pathType: ImplementationSpecific @@ -1448,14 +1448,14 @@ service: name: artifacts port: - number: 81 + name: http - path: /artifacts/* pathType: ImplementationSpecific backend: service: name: artifacts port: - number: 81 + name: http {{- end }} {{- end }} diff --git a/charts/controlplane/templates/common/_ingress-unprotected.yaml b/charts/controlplane/templates/common/_ingress-unprotected.yaml index 77733f21..4a221fc7 100644 --- a/charts/controlplane/templates/common/_ingress-unprotected.yaml +++ b/charts/controlplane/templates/common/_ingress-unprotected.yaml @@ -11,7 +11,7 @@ service: name: flyteadmin port: - number: 81 + name: grpc {{- end }} {{- define "grpcRoutes" -}} @@ -22,42 +22,42 @@ service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.HealthService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc {{- end }} {{- define "httpRoutes" -}} @@ -68,28 +68,28 @@ service: name: flyteadmin port: - number: 87 + name: redoc - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /healthz pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http # Port 87 in FlyteAdmin maps to the redoc container. - path: /openapi/* pathType: ImplementationSpecific @@ -97,133 +97,133 @@ service: name: flyteadmin port: - number: 87 + name: redoc - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /auth pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /auth/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /enqueue_metronome_request/v1 pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_metronome_request/v1/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_stripe_request/v1 pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_stripe_request/v1/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http {{- end }} {{- define "control-plane-library.unprotected-ingress" }} diff --git a/charts/controlplane/templates/common/_usage-ingress.yaml b/charts/controlplane/templates/common/_usage-ingress.yaml index 395f84fc..fb56531c 100644 --- a/charts/controlplane/templates/common/_usage-ingress.yaml +++ b/charts/controlplane/templates/common/_usage-ingress.yaml @@ -6,14 +6,14 @@ service: name: usage port: - number: 83 + name: connect - path: /cloudidl.usage.UsageService pathType: ImplementationSpecific backend: service: name: usage port: - number: 83 + name: connect {{- else -}} - path: /cloudidl.usage.UsageService(/(?!GetCustomMeasuresNames|GetMeasureGroup|GetMeasureGroups|GetBillableMeasures|GetBillingInfo|ReportBillableUsage|ReportServerlessBillableUsage|CreateCustomer|AttachBillingPlanToCustomer|GetCustomerCredits|EnqueueMetronomeRequest|EnqueueStripeRequest|GetOrgCheckoutSession).*|$) pathType: ImplementationSpecific @@ -21,7 +21,7 @@ service: name: usage port: - number: 83 + name: connect {{- end }} {{- end }} @@ -33,14 +33,14 @@ service: name: usage port: - number: 81 + name: http - path: /usage pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http {{- else -}} - path: /usage/api/v1(/(?!custom_measures_names|measure_group|measure_groups|billable_measures|billing_info|report_billable_usage|customer_credits|checkout_session).*|$) pathType: ImplementationSpecific @@ -48,7 +48,7 @@ service: name: usage port: - number: 81 + name: http {{- end }} {{- end }} diff --git a/charts/controlplane/templates/service.yaml b/charts/controlplane/templates/service.yaml index 87cabf1b..443450cc 100644 --- a/charts/controlplane/templates/service.yaml +++ b/charts/controlplane/templates/service.yaml @@ -11,26 +11,27 @@ metadata: {{- include "unionai.labels" $service | nindent 4 }} spec: {{- $svc := include "unionai.service" $service | fromYaml }} + {{- $shared := include "unionai.sharedService" $service | fromYaml }} type: {{ $svc.type | default "ClusterIP" }} ports: - name: grpc port: {{ $svc.grpcport | default 8080 }} protocol: TCP - targetPort: 8080 + targetPort: {{ if $shared.connectPort }}connect{{ else }}grpc{{ end }} {{- if $svc.connectport }} - name: connect port: {{ $svc.connectport }} protocol: TCP - targetPort: 8081 + targetPort: connect {{- end }} - name: http port: {{ $svc.httpport | default 8089 }} protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: {{ $svc.debugport | default 10254 }} protocol: TCP - targetPort: 10254 + targetPort: debug selector: {{- include "unionai.selectorLabels" $service | nindent 4 }} diff --git a/charts/controlplane/values.aws.selfhosted-intracluster.yaml b/charts/controlplane/values.aws.selfhosted-intracluster.yaml index 2c221371..5bc18aaf 100644 --- a/charts/controlplane/values.aws.selfhosted-intracluster.yaml +++ b/charts/controlplane/values.aws.selfhosted-intracluster.yaml @@ -95,6 +95,26 @@ global: # Find service with: kubectl get svc -n union | grep nginx-controller DATAPLANE_ENDPOINT: "" + # --- Authentication Configuration --- + # Set all values below to enable OIDC authentication. + # Supports any OAuth2/OIDC provider (Okta, Azure AD, Auth0, Keycloak, etc.) + # + # OIDC issuer URL + # Example: "https://dev-123456.okta.com/oauth2/default" + OIDC_BASE_URL: "" + # Flyteadmin OIDC client ID for browser login flow + # Example: "0oa1abc2def3ghi4j5k6" + OIDC_CLIENT_ID: "" + # CLI client ID for flytectl / uctl (public OAuth app, PKCE flow) + # Example: "0oa7mno8pqr9stu0v1w2" + CLI_CLIENT_ID: "" + # Service-to-service OAuth client ID (confidential app, client_credentials flow) + # Example: "0oa3xyz4abc5def6g7h8" + INTERNAL_CLIENT_ID: "" + # OAuth2 token endpoint + # Example: "https://dev-123456.okta.com/oauth2/default/v1/token" + AUTH_TOKEN_URL: "" + # ---------------------------------------------------------------------------- # SECTION 2: Image Tag Overrides # ---------------------------------------------------------------------------- @@ -139,6 +159,18 @@ configMap: # Skip SSL verification if using self-signed certificates insecureSkipVerify: true + # --- Service-to-service OAuth2 (disabled by default) --- + # When enabled, services acquire OAuth2 tokens via client_credentials flow + # and send them on outgoing calls through nginx, which validates via /me. + auth: + enable: false + type: "ClientSecret" + clientId: '{{ .Values.global.INTERNAL_CLIENT_ID }}' + clientSecretLocation: "/etc/secrets/union/client_secret" + tokenUrl: '{{ .Values.global.AUTH_TOKEN_URL }}' + authorizationMetadataKey: "flyte-authorization" + scopes: ["all"] + # ---------------------------------------------------------------------------- # SECTION 4: Console Configuration # ---------------------------------------------------------------------------- @@ -236,6 +268,38 @@ flyte: # Subject to removal in the future singleTenantOrgID: '{{ .Values.global.UNION_ORG }}' + # --- OIDC Authentication (disabled by default) --- + # To enable authentication, set server.security.useAuth: true + # and configure the auth globals in Section 1 above. + # server: + # security: + # useAuth: true + auth: + disableForGrpc: true + httpAuthorizationHeader: "flyte-authorization" + grpcAuthorizationHeader: "flyte-authorization" + authorizedUris: + - "http://flyteadmin:80" + - 'http://flyteadmin.{{ .Release.Namespace }}.svc.cluster.local:80' + appAuth: + authServerType: "External" + externalAuthServer: + baseUrl: '{{ .Values.global.OIDC_BASE_URL }}' + thirdPartyConfig: + flyteClient: + clientId: '{{ .Values.global.CLI_CLIENT_ID }}' + redirectUri: "http://localhost:53593/callback" + scopes: ["all"] + userAuth: + openId: + baseUrl: '{{ .Values.global.OIDC_BASE_URL }}' + clientId: '{{ .Values.global.OIDC_CLIENT_ID }}' + scopes: ["profile", "openid", "offline_access"] + cookieSetting: + sameSitePolicy: "LaxMode" + domain: "" + idpQueryParameter: "idp" + flyteadmin: image: # flyte-core subchart doesn't render templates, must use hardcoded repository @@ -299,6 +363,35 @@ ingress: - "{{ .Values.global.CONTROLPLANE_INTRA_CLUSTER_HOST }}" secretName: "{{ .Values.global.TLS_SECRET_NAME }}" + # --- Protected Ingress Auth Annotations --- + # These configure nginx to validate requests via flyteadmin's /me endpoint + # and redirect unauthenticated users to /login for the OIDC flow. + # Active when OIDC authentication is enabled (server.security.useAuth: true). + protectedIngressAnnotations: + nginx.ingress.kubernetes.io/auth-url: "https://$host/me" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/login?redirect_url=$escaped_request_uri" + nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie" + nginx.ingress.kubernetes.io/auth-cache-key: "$http_flyte_authorization$http_cookie" + nginx.org/websocket-services: "dataproxy-service" + + protectedConsoleIngressAnnotations: + nginx.ingress.kubernetes.io/auth-url: "https://$host/me" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/login?redirect_url=$escaped_request_uri" + nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie" + nginx.ingress.kubernetes.io/auth-cache-key: "$http_flyte_authorization$http_cookie" + nginx.org/websocket-services: "dataproxy-service" + + protectedIngressAnnotationsGrpc: + nginx.ingress.kubernetes.io/auth-url: "https://$host/me" + nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie" + nginx.ingress.kubernetes.io/auth-cache-key: "$http_authorization$http_flyte_authorization$http_cookie" + + protectedIngressAnnotationsWithoutSignin: + nginx.ingress.kubernetes.io/auth-url: "https://$host/me" + nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie" + nginx.ingress.kubernetes.io/auth-cache-key: "$http_flyte_authorization$http_cookie" + nginx.org/websocket-services: "dataproxy-service" + # ---------------------------------------------------------------------------- # SECTION 8: NGINX Ingress Controller # ---------------------------------------------------------------------------- @@ -373,3 +466,9 @@ services: # Flyteadmin endpoint for executions service endpoint: '{{ .Values.global.FLYTEADMIN_ENDPOINT }}' insecure: true + # --- Auth fields (active when OIDC is enabled) --- + authorizationHeader: "flyte-authorization" + clientId: '{{ .Values.global.INTERNAL_CLIENT_ID }}' + clientSecretLocation: "/etc/secrets/union/client_secret" + tokenUrl: '{{ .Values.global.AUTH_TOKEN_URL }}' + scopes: ["all"] diff --git a/charts/controlplane/values.yaml b/charts/controlplane/values.yaml index c69eb9fa..4c162170 100644 --- a/charts/controlplane/values.yaml +++ b/charts/controlplane/values.yaml @@ -315,6 +315,8 @@ services: triggerProcessorsWait: 10 authorizer: fullnameOverride: "authorizer" + sharedService: + connectPort: 8081 args: - authorizer - serve @@ -327,6 +329,8 @@ services: scope: "authorizer:" cluster: fullnameOverride: "cluster" + sharedService: + connectPort: 8081 initContainers: - name: migrate args: @@ -341,6 +345,7 @@ services: - /etc/config/*.yaml configMap: sharedService: + connectPort: 8081 metrics: scope: "cluster:" cloudProvider: @@ -436,6 +441,8 @@ services: enrichIdentities: false usage: fullnameOverride: "usage" + sharedService: + connectPort: 8081 args: - usage - serve @@ -443,6 +450,7 @@ services: - /etc/config/*.yaml configMap: sharedService: + connectPort: 8081 metrics: scope: "usage:" cloudProvider: diff --git a/charts/dataplane/values.aws.eks-automode.yaml b/charts/dataplane/values.aws.eks-automode.yaml index 7e138ad0..ed565502 100644 --- a/charts/dataplane/values.aws.eks-automode.yaml +++ b/charts/dataplane/values.aws.eks-automode.yaml @@ -299,6 +299,18 @@ dcgm-exporter: operator: Exists effect: NoSchedule +# ---------------------------------------------------------------------------- +# Image Builder (BuildKit) Configuration +# ---------------------------------------------------------------------------- +# Rootless buildkit requires the kernel sysctl user.max_user_namespaces > 0. +# EKS Auto Mode nodes do not expose this sysctl and do not support custom +# launch templates or AMIs, so rootless buildkit fails with "no space left +# on device" (ENOSPC from the kernel when user namespace creation is denied). +# Use privileged mode instead. +imageBuilder: + buildkit: + rootless: false + # ---------------------------------------------------------------------------- # SECTION 8: Union/Flyte Kubernetes specific Configuration # ---------------------------------------------------------------------------- diff --git a/charts/dataplane/values.aws.selfhosted-intracluster.yaml b/charts/dataplane/values.aws.selfhosted-intracluster.yaml index 595d40b3..70e8e479 100644 --- a/charts/dataplane/values.aws.selfhosted-intracluster.yaml +++ b/charts/dataplane/values.aws.selfhosted-intracluster.yaml @@ -99,6 +99,15 @@ global: # the endpoint here to skip nginx as grpc through nginx must use TLS. CACHESERVICE_ENDPOINT: "" + # --- Authentication Configuration --- + # Set all values below to enable OAuth2 authentication. + # Required when the control plane has OIDC enabled. + # Supports any OAuth2/OIDC provider (Okta, Azure AD, Auth0, Keycloak, etc.) + # + # Service-to-service OAuth client ID (client_credentials flow) + # Example: "0oa3xyz4abc5def6g7h8" + AUTH_CLIENT_ID: "" + # ---------------------------------------------------------------------------- # SECTION 2: Core Identity Configuration (REQUIRED) # ---------------------------------------------------------------------------- @@ -164,9 +173,16 @@ clusterresourcesync: # Set to true for self-signed certificates, false for trusted CA certs insecureSkipVerify: true - # Disable authentication for direct intra-cluster service-to-service calls + # --- Service-to-service OAuth2 (disabled by default) --- + # When enabled, clusterresourcesync acquires OAuth2 tokens via client_credentials + # flow and sends them on outgoing calls to the control plane. auth: enable: false + type: "ClientSecret" + clientId: '{{ .Values.global.AUTH_CLIENT_ID }}' + clientSecretLocation: "/etc/union/secret/client_secret" + authorizationMetadataKey: "flyte-authorization" + tokenRefreshWindow: "5m" # ---------------------------------------------------------------------------- # Core Service Configuration @@ -231,9 +247,16 @@ config: # Skip SSL verification for self-signed certificates insecureSkipVerify: true + # --- Service-to-service OAuth2 (disabled by default) --- + # When enabled, operator acquires OAuth2 tokens via client_credentials + # flow and sends them on outgoing calls to the control plane. auth: - # Disable OAuth authentication for intra-cluster communication enable: false + type: "ClientSecret" + clientId: '{{ .Values.global.AUTH_CLIENT_ID }}' + clientSecretLocation: "/etc/union/secret/client_secret" + authorizationMetadataKey: "flyte-authorization" + tokenRefreshWindow: "5m" operator: # Disable Cloudflare tunnel (not needed for intra-cluster) @@ -251,8 +274,11 @@ config: executor: config: unionAuth: - # Disable API key injection (not needed for intra-cluster communication) + # --- API key injection (disabled by default) --- + # When enabled, injects the EAGER_API_KEY secret into task pods + # for authenticated eager-mode execution. injectSecret: false + secretName: "EAGER_API_KEY" # ---------------------------------------------------------------------------- # Ingress Configuration @@ -336,9 +362,14 @@ prometheus: secrets: admin: - # Disable admin secret creation (OAuth not used for intra-cluster) + # --- OAuth secret configuration (disabled by default) --- + # When enabled, the chart creates a union-secret-auth K8s Secret + # for mounting the client_secret into dataplane pods. + # Set create: false if using ExternalSecrets to provision the secret. enable: false create: false + clientId: '{{ .Values.global.AUTH_CLIENT_ID }}' + clientSecret: "placeholder" # ---------------------------------------------------------------------------- # App Serving Configuration (Work in Progress) @@ -515,6 +546,17 @@ dcgm-exporter: # tolerations: [] +# ---------------------------------------------------------------------------- +# Image Builder (BuildKit) Configuration +# ---------------------------------------------------------------------------- +# Rootless buildkit requires the kernel sysctl user.max_user_namespaces > 0. +# EKS managed node groups and Auto Mode nodes do not set this by default, +# so rootless buildkit fails with "no space left on device" (ENOSPC from the +# kernel when user namespace creation is denied). Use privileged mode instead. +imageBuilder: + buildkit: + rootless: false + flytepropeller: {} flytepropellerwebhook: {} diff --git a/charts/dataplane/values.aws.yaml b/charts/dataplane/values.aws.yaml index b4bd9a8d..b1f7329d 100644 --- a/charts/dataplane/values.aws.yaml +++ b/charts/dataplane/values.aws.yaml @@ -293,4 +293,15 @@ dcgm-exporter: # -- It's common practice to taint accelerator nodes to ensure non accelerator workloads # # tolerations to ensure it only runs on GPU nodes. - # tolerations: [] \ No newline at end of file + # tolerations: [] + +# ---------------------------------------------------------------------------- +# Image Builder (BuildKit) Configuration +# ---------------------------------------------------------------------------- +# Rootless buildkit requires the kernel sysctl user.max_user_namespaces > 0. +# EKS managed node groups and Auto Mode nodes do not set this by default, +# so rootless buildkit fails with "no space left on device" (ENOSPC from the +# kernel when user namespace creation is denied). Use privileged mode instead. +imageBuilder: + buildkit: + rootless: false \ No newline at end of file diff --git a/tests/generated/controlplane.aws.billing-enable.yaml b/tests/generated/controlplane.aws.billing-enable.yaml index ef6dcf5f..fa252dc8 100644 --- a/tests/generated/controlplane.aws.billing-enable.yaml +++ b/tests/generated/controlplane.aws.billing-enable.yaml @@ -660,6 +660,7 @@ data: otel: type: noop sharedService: + connectPort: 8081 metrics: scope: 'cluster:' union: @@ -906,6 +907,7 @@ data: otel: type: noop sharedService: + connectPort: 8081 metrics: scope: 'usage:' union: @@ -1886,11 +1888,11 @@ spec: - name: http port: 88 protocol: TCP - targetPort: 8088 + targetPort: http - name: grpc port: 89 protocol: TCP - targetPort: 8089 + targetPort: grpc - name: http-metrics protocol: TCP port: 10254 @@ -1942,19 +1944,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: connect - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name @@ -1976,19 +1978,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: connect - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name @@ -2010,19 +2012,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: grpc - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name @@ -2044,19 +2046,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: grpc - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name @@ -2078,19 +2080,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: grpc - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name @@ -2112,19 +2114,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: grpc - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name @@ -2146,19 +2148,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: connect - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name @@ -2603,9 +2605,12 @@ spec: imagePullPolicy: "IfNotPresent" name: cacheservice ports: - - containerPort: 8088 - - containerPort: 8089 - - containerPort: 10254 + - name: http + containerPort: 8088 + - name: grpc + containerPort: 8089 + - name: http-metrics + containerPort: 10254 securityContext: allowPrivilegeEscalation: false capabilities: @@ -2764,6 +2769,9 @@ spec: - name: debug containerPort: 10254 protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP volumeMounts: - name: db-pass mountPath: /etc/db @@ -2890,6 +2898,9 @@ spec: - name: debug containerPort: 10254 protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP volumeMounts: - name: db-pass mountPath: /etc/db @@ -3490,6 +3501,9 @@ spec: - name: debug containerPort: 10254 protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP volumeMounts: - name: db-pass mountPath: /etc/db @@ -3803,14 +3817,14 @@ spec: service: name: dataproxy port: - number: 80 + name: grpc - path: /data pathType: Prefix backend: service: name: dataproxy port: - number: 80 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -3855,14 +3869,14 @@ spec: service: name: usage port: - number: 83 + name: connect - path: /cloudidl.usage.UsageService pathType: ImplementationSpecific backend: service: name: usage port: - number: 83 + name: connect --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -3907,14 +3921,14 @@ spec: service: name: usage port: - number: 81 + name: http - path: /usage pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -3958,371 +3972,371 @@ spec: service: name: flyteadmin port: - number: 80 + name: http - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /cloudadmin pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /cloudadmin/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /actor pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /actor/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /agent pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /agent/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /dataplane pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /dataplane/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /spark-history-server pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /spark-history-server/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /api/v1/dataproxy pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /api/v1/dataproxy/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /app pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /app/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /apps pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /apps/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /cluster pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /cluster/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterpool pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterpool/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterconfig pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterconfig/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /org pathType: ImplementationSpecific backend: service: name: organizations port: - number: 81 + name: http - path: /org/* pathType: ImplementationSpecific backend: service: name: organizations port: - number: 81 + name: http - path: /managed_cluster pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /managed_cluster/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /authorizer pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 81 + name: http - path: /authorizer/* pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 81 + name: http - path: /oauth_app pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /oauth_app/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /users pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /users/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /members pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /members/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /roles pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /roles/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /policies pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /policies/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /identities pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /identities/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /echo pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /echo/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /execution pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /execution/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_registry pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_registry/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_instance pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_instance/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /usage pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /usage/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -4366,539 +4380,539 @@ spec: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.execution.ExecutionService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.cluster.ClusterService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterNodepoolService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterNodepoolService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.apikey.APIKeyService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.apikey.APIKeyService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.AppsService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.AppsService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.org.OrgService/* pathType: ImplementationSpecific backend: service: name: organizations port: - number: 80 + name: grpc - path: /cloudidl.org.OrgService pathType: ImplementationSpecific backend: service: name: organizations port: - number: 80 + name: grpc - path: /cloudidl.cloudaccounts.CloudAccountsService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 80 + name: grpc - path: /cloudidl.cloudaccounts.CloudAccountsService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 80 + name: grpc - path: /cloudidl.cluster.ManagedClusterService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ManagedClusterService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.identity.UserService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.UserService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.MemberService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.MemberService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.RoleService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.RoleService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.PolicyService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.PolicyService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.SelfServe/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.SelfServe pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.IdentityService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.IdentityService pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.clusterpool.ClusterPoolService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterpool.ClusterPoolService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterconfig.ClusterConfigService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterconfig.ClusterConfigService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.authorizer.AuthorizerService/* pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 83 + name: connect - path: /cloudidl.authorizer.AuthorizerService pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 83 + name: connect - path: /cloudidl.usage.UsageService/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 83 + name: connect - path: /cloudidl.usage.UsageService pathType: ImplementationSpecific backend: service: name: usage port: - number: 83 + name: connect - path: /datacatalog.DataCatalog/* pathType: ImplementationSpecific backend: service: name: datacatalog port: - number: 89 + name: grpc - path: /datacatalog.DataCatalog pathType: ImplementationSpecific backend: service: name: datacatalog port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.CacheService/* pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.CacheService pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.v2.CacheService/* pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.v2.CacheService pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.agent.AgentService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.agent.AgentService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.secret.SecretService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.secret.SecretService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.secret.SecretService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.secret.SecretService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.support.SupportService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.clouddataproxy.CloudDataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.clouddataproxy.CloudDataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.dataproxy.DataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.dataproxy.DataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceRegistryService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceRegistryService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TranslatorService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TriggerService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TriggerService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService pathType: ImplementationSpecific @@ -4906,154 +4920,154 @@ spec: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.TranslatorService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.trigger.TriggerService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.trigger.TriggerService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.imagebuilder.ImageService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.imagebuilder.ImageService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.imagebuilder.ImageService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.imagebuilder.ImageService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.app.AppService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppLogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.app.ReplicaService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppLogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.ReplicaService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -5097,42 +5111,42 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.project.ProjectService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.project.ProjectService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.WatchService pathType: ImplementationSpecific @@ -5140,7 +5154,7 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.WatchService/* pathType: ImplementationSpecific @@ -5148,147 +5162,147 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.cloudadmin.CloudAdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.cloudadmin.CloudAdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.echo.EchoService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.echo.EchoService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService/Stream* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.execution.ExecutionService/GetExecutionOperation pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/Record* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/Update* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.LeaseService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService/Watch* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.LeaseService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunLogsService/TailLogs pathType: ImplementationSpecific @@ -5296,112 +5310,112 @@ spec: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService/Watch* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService/TailTaskExecutionLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService/WatchWorkspaceInstances pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppService/Watch pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppService/Lease pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.app.ReplicaService/WatchReplicas pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/Watch pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/Lease pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.ReplicaService/WatchReplicas pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -5445,28 +5459,28 @@ spec: service: name: flyteadmin port: - number: 87 + name: redoc - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /healthz pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http # Port 87 in FlyteAdmin maps to the redoc container. - path: /openapi/* pathType: ImplementationSpecific @@ -5474,133 +5488,133 @@ spec: service: name: flyteadmin port: - number: 87 + name: redoc - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /auth pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /auth/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /enqueue_metronome_request/v1 pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_metronome_request/v1/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_stripe_request/v1 pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_stripe_request/v1/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http --- # Source: controlplane/templates/flyte-core-app.yaml # Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only @@ -5647,42 +5661,42 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.HealthService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -5726,7 +5740,7 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -5771,7 +5785,7 @@ spec: service: name: flyteconsole port: - number: 80 + name: http # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - path: /console pathType: ImplementationSpecific @@ -5779,84 +5793,84 @@ spec: service: name: flyteconsole port: - number: 80 + name: http - path: /console/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /dashboard pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /dashboard/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /resources pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /resources/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /cost pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /cost/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /loading pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /loading/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /v2 pathType: ImplementationSpecific backend: service: name: unionconsole port: - number: 80 + name: http - path: /v2/* pathType: ImplementationSpecific backend: service: name: unionconsole port: - number: 80 + name: http --- # Source: controlplane/charts/scylla-operator/templates/validatingwebhook.yaml apiVersion: admissionregistration.k8s.io/v1 diff --git a/tests/generated/controlplane.aws.yaml b/tests/generated/controlplane.aws.yaml index 98eb08ee..e3e83a00 100644 --- a/tests/generated/controlplane.aws.yaml +++ b/tests/generated/controlplane.aws.yaml @@ -660,6 +660,7 @@ data: otel: type: noop sharedService: + connectPort: 8081 metrics: scope: 'cluster:' union: @@ -906,6 +907,7 @@ data: otel: type: noop sharedService: + connectPort: 8081 metrics: scope: 'usage:' union: @@ -1886,11 +1888,11 @@ spec: - name: http port: 88 protocol: TCP - targetPort: 8088 + targetPort: http - name: grpc port: 89 protocol: TCP - targetPort: 8089 + targetPort: grpc - name: http-metrics protocol: TCP port: 10254 @@ -1942,19 +1944,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: connect - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name @@ -1976,19 +1978,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: connect - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name @@ -2010,19 +2012,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: grpc - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name @@ -2044,19 +2046,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: grpc - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name @@ -2078,19 +2080,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: grpc - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name @@ -2112,19 +2114,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: grpc - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name @@ -2146,19 +2148,19 @@ spec: - name: grpc port: 80 protocol: TCP - targetPort: 8080 + targetPort: connect - name: connect port: 83 protocol: TCP - targetPort: 8081 + targetPort: connect - name: http port: 81 protocol: TCP - targetPort: 8089 + targetPort: http - name: debug port: 82 protocol: TCP - targetPort: 10254 + targetPort: debug selector: app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name @@ -2603,9 +2605,12 @@ spec: imagePullPolicy: "IfNotPresent" name: cacheservice ports: - - containerPort: 8088 - - containerPort: 8089 - - containerPort: 10254 + - name: http + containerPort: 8088 + - name: grpc + containerPort: 8089 + - name: http-metrics + containerPort: 10254 securityContext: allowPrivilegeEscalation: false capabilities: @@ -2764,6 +2769,9 @@ spec: - name: debug containerPort: 10254 protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP volumeMounts: - name: db-pass mountPath: /etc/db @@ -2890,6 +2898,9 @@ spec: - name: debug containerPort: 10254 protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP volumeMounts: - name: db-pass mountPath: /etc/db @@ -3490,6 +3501,9 @@ spec: - name: debug containerPort: 10254 protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP volumeMounts: - name: db-pass mountPath: /etc/db @@ -3802,14 +3816,14 @@ spec: service: name: dataproxy port: - number: 80 + name: grpc - path: /data pathType: Prefix backend: service: name: dataproxy port: - number: 80 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -3859,7 +3873,7 @@ spec: service: name: usage port: - number: 83 + name: connect --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -3909,7 +3923,7 @@ spec: service: name: usage port: - number: 81 + name: http --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -3958,371 +3972,371 @@ spec: service: name: flyteadmin port: - number: 80 + name: http - path: /api/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /v1/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /cloudadmin pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /cloudadmin/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /actor pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /actor/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /agent pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /agent/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /dataplane pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /dataplane/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /spark-history-server pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /spark-history-server/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /api/v1/dataproxy pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /api/v1/dataproxy/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 81 + name: http - path: /app pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /app/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /apps pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /apps/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 81 + name: http - path: /cluster pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /cluster/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterpool pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterpool/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterconfig pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /clusterconfig/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /org pathType: ImplementationSpecific backend: service: name: organizations port: - number: 81 + name: http - path: /org/* pathType: ImplementationSpecific backend: service: name: organizations port: - number: 81 + name: http - path: /managed_cluster pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /managed_cluster/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 81 + name: http - path: /authorizer pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 81 + name: http - path: /authorizer/* pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 81 + name: http - path: /oauth_app pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /oauth_app/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /users pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /users/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /members pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /members/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /roles pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /roles/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /policies pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /policies/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /identities pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /identities/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 81 + name: http - path: /echo pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /echo/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /execution pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /execution/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_registry pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_registry/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_instance pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /workspace_instance/* pathType: ImplementationSpecific backend: service: name: execution port: - number: 81 + name: http - path: /usage pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /usage/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -4371,539 +4385,539 @@ spec: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.execution.ExecutionService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.cluster.ClusterService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterNodepoolService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ClusterNodepoolService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.apikey.APIKeyService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.apikey.APIKeyService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.AppsService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.AppsService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.org.OrgService/* pathType: ImplementationSpecific backend: service: name: organizations port: - number: 80 + name: grpc - path: /cloudidl.org.OrgService pathType: ImplementationSpecific backend: service: name: organizations port: - number: 80 + name: grpc - path: /cloudidl.cloudaccounts.CloudAccountsService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 80 + name: grpc - path: /cloudidl.cloudaccounts.CloudAccountsService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 80 + name: grpc - path: /cloudidl.cluster.ManagedClusterService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.cluster.ManagedClusterService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.identity.UserService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.UserService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.MemberService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.MemberService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.RoleService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.RoleService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.PolicyService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.PolicyService pathType: ImplementationSpecific backend: service: name: identity port: - number: 83 + name: connect - path: /cloudidl.identity.SelfServe/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.SelfServe pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.IdentityService/* pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.identity.IdentityService pathType: ImplementationSpecific backend: service: name: identity port: - number: 80 + name: grpc - path: /cloudidl.clusterpool.ClusterPoolService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterpool.ClusterPoolService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterconfig.ClusterConfigService/* pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.clusterconfig.ClusterConfigService pathType: ImplementationSpecific backend: service: name: cluster port: - number: 83 + name: connect - path: /cloudidl.authorizer.AuthorizerService/* pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 83 + name: connect - path: /cloudidl.authorizer.AuthorizerService pathType: ImplementationSpecific backend: service: name: authorizer port: - number: 83 + name: connect - path: /cloudidl.usage.UsageService/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 83 + name: connect - path: /cloudidl.usage.UsageService pathType: ImplementationSpecific backend: service: name: usage port: - number: 83 + name: connect - path: /datacatalog.DataCatalog/* pathType: ImplementationSpecific backend: service: name: datacatalog port: - number: 89 + name: grpc - path: /datacatalog.DataCatalog pathType: ImplementationSpecific backend: service: name: datacatalog port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.CacheService/* pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.CacheService pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.v2.CacheService/* pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /flyteidl.cacheservice.v2.CacheService pathType: ImplementationSpecific backend: service: name: cacheservice port: - number: 89 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.agent.AgentService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.agent.AgentService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.secret.SecretService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.secret.SecretService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.secret.SecretService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.secret.SecretService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.support.SupportService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.clouddataproxy.CloudDataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.clouddataproxy.CloudDataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl.service.DataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl.service.DataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.dataproxy.DataProxyService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.dataproxy.DataProxyService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceRegistryService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceRegistryService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TranslatorService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TriggerService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TriggerService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService pathType: ImplementationSpecific @@ -4911,154 +4925,154 @@ spec: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.TranslatorService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.trigger.TriggerService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.trigger.TriggerService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService/* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.imagebuilder.ImageService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.imagebuilder.ImageService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.imagebuilder.ImageService pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.imagebuilder.ImageService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.app.AppService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppLogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.app.ReplicaService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppLogsService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.ReplicaService/* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -5107,42 +5121,42 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.project.ProjectService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.project.ProjectService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.WatchService pathType: ImplementationSpecific @@ -5150,7 +5164,7 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.WatchService/* pathType: ImplementationSpecific @@ -5158,147 +5172,147 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.cloudadmin.CloudAdminService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.cloudadmin.CloudAdminService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.IdentityService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.IdentityService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.echo.EchoService/* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.echo.EchoService pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl.service.SignalService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.SignalService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /cloudidl.actor.ActorEnvironmentService/Stream* pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.execution.ExecutionService/GetExecutionOperation pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.RunService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/Record* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.InternalRunService/Update* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.TaskService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.workflow.LeaseService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.StateService/Watch* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.QueueService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.workflow.LeaseService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunLogsService/TailLogs pathType: ImplementationSpecific @@ -5306,112 +5320,112 @@ spec: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.RunService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.task.TaskService/Watch* pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/Heartbeat pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.StateService/Watch* pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /flyteidl2.workflow.QueueService/StreamLeases pathType: ImplementationSpecific backend: service: name: queue port: - number: 80 + name: grpc - path: /cloudidl.logs.LogsService/TailTaskExecutionLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.workspace.WorkspaceInstanceService/WatchWorkspaceInstances pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppService/Watch pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppService/Lease pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /cloudidl.app.AppLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /cloudidl.app.ReplicaService/WatchReplicas pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/Watch pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppService/Lease pathType: ImplementationSpecific backend: service: name: executions port: - number: 80 + name: grpc - path: /flyteidl2.app.AppLogsService/TailLogs pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc - path: /flyteidl2.app.ReplicaService/WatchReplicas pathType: ImplementationSpecific backend: service: name: dataproxy port: - number: 80 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -5460,28 +5474,28 @@ spec: service: name: flyteadmin port: - number: 87 + name: redoc - path: /healthcheck pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /healthz pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /me pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http # Port 87 in FlyteAdmin maps to the redoc container. - path: /openapi/* pathType: ImplementationSpecific @@ -5489,133 +5503,133 @@ spec: service: name: flyteadmin port: - number: 87 + name: redoc - path: /.well-known pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /.well-known/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /login pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /login/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /logout pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /logout/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /callback pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /callback/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /config pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /config/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /oauth2 pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /oauth2/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /auth pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /auth/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 80 + name: http - path: /enqueue_metronome_request/v1 pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_metronome_request/v1/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_stripe_request/v1 pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http - path: /enqueue_stripe_request/v1/* pathType: ImplementationSpecific backend: service: name: usage port: - number: 81 + name: http --- # Source: controlplane/templates/flyte-core-app.yaml # Certain ingress controllers like nginx cannot serve HTTP 1 and GRPC with a single ingress because GRPC can only @@ -5667,42 +5681,42 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.HealthService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl.service.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.AuthMetadataService pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc - path: /flyteidl2.auth.AuthMetadataService/* pathType: ImplementationSpecific backend: service: name: flyteadmin port: - number: 81 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -5751,7 +5765,7 @@ spec: service: name: flyteadmin port: - number: 81 + name: grpc --- # Source: controlplane/templates/flyte-core-app.yaml apiVersion: networking.k8s.io/v1 @@ -5801,7 +5815,7 @@ spec: service: name: flyteconsole port: - number: 80 + name: http # NOTE: If you change this, you must update the BASE_URL value in flyteconsole.yaml - path: /console pathType: ImplementationSpecific @@ -5809,84 +5823,84 @@ spec: service: name: flyteconsole port: - number: 80 + name: http - path: /console/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /dashboard pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /dashboard/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /resources pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /resources/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /cost pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /cost/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /loading pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /loading/* pathType: ImplementationSpecific backend: service: name: flyteconsole port: - number: 80 + name: http - path: /v2 pathType: ImplementationSpecific backend: service: name: unionconsole port: - number: 80 + name: http - path: /v2/* pathType: ImplementationSpecific backend: service: name: unionconsole port: - number: 80 + name: http --- # Source: controlplane/charts/scylla-operator/templates/validatingwebhook.yaml apiVersion: admissionregistration.k8s.io/v1