diff --git a/charts/controlplane/Chart.yaml b/charts/controlplane/Chart.yaml index b2d49afe..aa58bc76 100644 --- a/charts/controlplane/Chart.yaml +++ b/charts/controlplane/Chart.yaml @@ -3,8 +3,8 @@ name: controlplane description: Deploys the Union controlplane components to onboard a kubernetes cluster to the Union Cloud. type: application icon: https://i.ibb.co/JxfDQsL/Union-Symbol-yellow-2.png -version: 2026.4.10 -appVersion: 2026.4.10 +version: 2026.5.0 +appVersion: 2026.5.0 kubeVersion: '>= 1.28.0-0' dependencies: - name: flyte-core diff --git a/charts/controlplane/templates/common/_grpcroute-protected.yaml b/charts/controlplane/templates/common/_grpcroute-protected.yaml index 2dab2ab8..626e6866 100644 --- a/charts/controlplane/templates/common/_grpcroute-protected.yaml +++ b/charts/controlplane/templates/common/_grpcroute-protected.yaml @@ -37,7 +37,6 @@ spec: - method: {service: "cloudidl.echo.EchoService"} - method: {service: "cloudidl.app.AppService"} - method: {service: "cloudidl.workflow.RunLogsService"} - - method: {service: "cloudidl.workflow.TranslatorService"} - method: {service: "flyteidl2.app.AppService"} - method: {service: "flyteidl2.workflow.RunLogsService"} backendRefs: @@ -110,6 +109,7 @@ spec: - method: {service: "cloudidl.clouddataproxy.CloudDataProxyService"} - method: {service: "flyteidl.service.DataProxyService"} - method: {service: "flyteidl2.dataproxy.DataProxyService"} + - method: {service: "flyteidl2.workflow.TranslatorService"} - method: {service: "cloudidl.logs.LogsService"} - method: {service: "cloudidl.app.AppLogsService"} - method: {service: "cloudidl.app.ReplicaService"} @@ -153,6 +153,7 @@ spec: {{- if (((.Values.objectstore).controlPlane).enabled) }} - matches: - method: {service: "cloudidl.objectstore.v1.ObjectStoreService"} + - method: {service: "flyteidl2.workflow.TranslatorService"} backendRefs: - name: dataproxy port: 80 @@ -179,7 +180,6 @@ spec: - method: {service: "cloudidl.workflow.TaskService"} - method: {service: "cloudidl.workflow.TriggerService"} - method: {service: "flyteidl2.workflow.RunService"} - - method: {service: "flyteidl2.workflow.TranslatorService"} - method: {service: "flyteidl2.task.TaskService"} - method: {service: "flyteidl2.trigger.TriggerService"} backendRefs: diff --git a/charts/controlplane/templates/common/_ingress-protected.yaml b/charts/controlplane/templates/common/_ingress-protected.yaml index 54687444..a8d452c2 100644 --- a/charts/controlplane/templates/common/_ingress-protected.yaml +++ b/charts/controlplane/templates/common/_ingress-protected.yaml @@ -850,20 +850,6 @@ name: executions port: name: grpc -- path: /cloudidl.workflow.TranslatorService - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc -- path: /cloudidl.workflow.TranslatorService/* - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: @@ -939,14 +925,14 @@ pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.task.TaskService diff --git a/charts/controlplane/templates/flyteadmin-private-config.yaml b/charts/controlplane/templates/flyteadmin-private-config.yaml new file mode 100644 index 00000000..187b5adf --- /dev/null +++ b/charts/controlplane/templates/flyteadmin-private-config.yaml @@ -0,0 +1,12 @@ +{{- /* Union-specific flyteadmin config (private.yaml) - not supported by upstream flyte-core chart */}} +{{- with .Values.flyte.configmap.adminServer.private }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-admin-private-config + namespace: {{ template "flyte.namespace" $ }} + labels: {{ include "flyteadmin.labels" $ | nindent 4 }} +data: + private.yaml: | + {{- tpl (toYaml .) $ | nindent 4 }} +{{- end }} diff --git a/charts/controlplane/values.gcp.selfhosted-intracluster.yaml b/charts/controlplane/values.gcp.selfhosted-intracluster.yaml index 7438b950..2a9f80ce 100644 --- a/charts/controlplane/values.gcp.selfhosted-intracluster.yaml +++ b/charts/controlplane/values.gcp.selfhosted-intracluster.yaml @@ -97,6 +97,57 @@ services: dataproxy: secureTunnelTenantURLPattern: '{{ .Values.global.DATAPLANE_ENDPOINT }}' + # Identity service configuration + # The identity service powers the User Management page in the Union console. + # When using Azure/Entra ID as the identity provider, override the defaults + # below with values from the authn/entraid Terraform module outputs: + # tenantId = module.authn.entra_tenant_id + # clientId = module.authn.identity_service_client_id + # clientSecret stored in GCP Secret Manager; referenced via clientSecretName + # + # The client secret must be present in the KUBERNETES_SECRET_NAME K8s secret + # under the key matching clientSecretName (e.g. "azure_client_secret"). The + # identity service resolves this to /etc/secrets/union/ at + # runtime (the shared secret is mounted at /etc/secrets/union/). + # Use the extraObjectsOverrides ExternalSecret example below to provision it. + # + # identity: + # configMap: + # identity: + # app: + # identityProviderConfig: + # provider: "azure" + # azure: + # tenantId: "" # module.authn.entra_tenant_id + # clientId: "" # module.authn.identity_service_client_id + # clientSecretName: "azure_client_secret" + # groupId: "" # optional: scope user listing to an Entra group + +# The ExternalSecret below merges the Graph API client secret from GCP Secret +# Manager into the shared KUBERNETES_SECRET_NAME secret so it is available to +# the identity service at /etc/secrets/union/azure_client_secret. +# +# Add this to extraObjectsOverrides in your environment-specific override file +# (not here, to avoid overwriting the base extraObjects list). +# +# extraObjectsOverrides: +# - apiVersion: "external-secrets.io/v1" +# kind: "ExternalSecret" +# metadata: +# name: "identity-azure-client-secret" +# spec: +# refreshInterval: "1h" +# secretStoreRef: +# kind: "SecretStore" +# name: "default" +# data: +# - secretKey: "azure_client_secret" +# remoteRef: +# key: "" # e.g. "-identity-service-client-secret" +# target: +# name: '{{ .Values.global.KUBERNETES_SECRET_NAME }}' +# creationPolicy: Merge + # --- GCP ScyllaDB Storage Class --- scylla: storageClass: diff --git a/charts/controlplane/values.yaml b/charts/controlplane/values.yaml index fb29b781..32632341 100644 --- a/charts/controlplane/values.yaml +++ b/charts/controlplane/values.yaml @@ -855,6 +855,63 @@ services: enrichIdentities: false clusterCacheConfig: ttl: 10m + identity: + fullnameOverride: "identity" + service: + type: ClusterIP + grpcport: 80 + httpport: 81 + debugport: 82 + sharedService: + connectPort: 8081 + args: + - cloudidentity + - serve + - --config + - /etc/config/*.yaml + configMap: + cache: + identity: + enabled: true + sharedService: + connectPort: 8081 + identity: + app: + identityProviderConfig: + # Identity provider for the User Management page. + # Supported values: + # noop — returns empty results (default; no external IDP required) + # azure — Azure/Entra ID via Microsoft Graph API + # okta — Okta (Union Cloud managed deployments only) + provider: "noop" + # Azure/Entra ID provider configuration. + # Required when provider is "azure". Requires a dedicated Entra app registration + # with Application permissions (not Delegated): User.Read.All, + # GroupMember.Read.All, Application.ReadWrite.All; admin consent granted. + # + # Store the client secret in the KUBERNETES_SECRET_NAME K8s secret under + # the key referenced by clientSecretName (e.g. "azure_client_secret"). + # The value is read from /etc/secrets/union/ at runtime. + # Example ExternalSecret: + # spec.data[].remoteRef.key: + # spec.data[].secretKey: azure_client_secret + # spec.target.name: + # spec.target.creationPolicy: Merge + # + # azure: + # tenantId: "" # Azure AD tenant (directory) ID + # clientId: "" # App registration client ID + # clientSecretName: "azure_client_secret" + # groupId: "" # Optional: scope user listing to a specific Entra group + adminClient: + connection: + authorizationHeader: flyte-authorization + clientId: '{{ .Values.global.INTERNAL_CLIENT_ID }}' + clientSecretLocation: /etc/secrets/union/client_secret + insecure: true + scopes: + - all + tokenUrl: '{{ .Values.global.AUTH_TOKEN_URL }}' usage: fullnameOverride: "usage" sharedService: @@ -1216,14 +1273,24 @@ flyte: # -- Mounts service-shared-secret at /etc/secrets/union/ so the UserClouds authorizer # can read client_secret from union/client_secret. The flyte-core subchart does not # include this mount by default (it only mounts flyte-admin-secrets at /etc/secrets/). + # -- Mounts flyte-admin-private-config ConfigMap for Union-specific flyteadmin config + # (private.yaml) that isn't supported by the upstream flyte-core chart. additionalVolumes: - name: union-secrets secret: secretName: '{{ .Values.global.KUBERNETES_SECRET_NAME }}' + - name: private-config + configMap: + name: flyte-admin-private-config + # Override configPath to include both config directories + configPath: /etc/flyte/*/*.yaml additionalVolumeMounts: - name: union-secrets mountPath: /etc/secrets/union readOnly: true + - name: private-config + mountPath: /etc/flyte/private + readOnly: true flytescheduler: image: repository: "registry.unionai.cloud/controlplane/services" diff --git a/charts/dataplane-crds/Chart.yaml b/charts/dataplane-crds/Chart.yaml index 7045b758..344822d3 100644 --- a/charts/dataplane-crds/Chart.yaml +++ b/charts/dataplane-crds/Chart.yaml @@ -3,8 +3,8 @@ name: dataplane-crds description: Deploys the Union dataplane CRDs. type: application icon: https://i.ibb.co/JxfDQsL/Union-Symbol-yellow-2.png -version: 2026.4.6 -appVersion: 2026.4.5 +version: 2026.5.0 +appVersion: 2026.5.0 kubeVersion: '>= 1.28.0-0' dependencies: - name: prometheus-operator-crds diff --git a/charts/dataplane/Chart.yaml b/charts/dataplane/Chart.yaml index 065ecd87..002891a5 100644 --- a/charts/dataplane/Chart.yaml +++ b/charts/dataplane/Chart.yaml @@ -3,8 +3,8 @@ name: dataplane description: Deploys the Union dataplane components to onboard a kubernetes cluster to the Union Cloud. type: application icon: https://i.ibb.co/JxfDQsL/Union-Symbol-yellow-2.png -version: 2026.4.10 -appVersion: 2026.4.10 +version: 2026.5.0 +appVersion: 2026.5.0 kubeVersion: '>= 1.28.0-0' dependencies: - name: kube-prometheus-stack diff --git a/charts/sandbox/Chart.yaml b/charts/sandbox/Chart.yaml index 1cd1c930..2e999a1e 100644 --- a/charts/sandbox/Chart.yaml +++ b/charts/sandbox/Chart.yaml @@ -3,6 +3,6 @@ name: sandbox description: Deploys extras for sandbox testing. type: application icon: https://i.ibb.co/JxfDQsL/Union-Symbol-yellow-2.png -version: 2026.4.6 -appVersion: 2026.4.5 +version: 2026.5.0 +appVersion: 2026.5.0 kubeVersion: '>= 1.28.0' diff --git a/tests/generated/controlplane.aws.billing-enable.yaml b/tests/generated/controlplane.aws.billing-enable.yaml index 7c314675..60f60ee5 100644 --- a/tests/generated/controlplane.aws.billing-enable.yaml +++ b/tests/generated/controlplane.aws.billing-enable.yaml @@ -37,10 +37,10 @@ kind: PodDisruptionBudget metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: minAvailable: "33%" @@ -137,6 +137,18 @@ spec: # Source: controlplane/templates/pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget +metadata: + name: identity +spec: + minAvailable: "33%" + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget metadata: name: organizations spec: @@ -243,7 +255,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm imagePullSecrets: - name: union-registry-secret @@ -254,10 +266,10 @@ kind: ServiceAccount metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -267,10 +279,10 @@ kind: ServiceAccount metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -279,10 +291,10 @@ kind: ServiceAccount metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -291,10 +303,10 @@ kind: ServiceAccount metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -303,9 +315,21 @@ kind: ServiceAccount metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: controlplane/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: identity + labels: + helm.sh/chart: controlplane-2026.4.10 + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm --- @@ -315,10 +339,10 @@ kind: ServiceAccount metadata: name: organizations labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: organizations app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -327,10 +351,10 @@ kind: ServiceAccount metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -339,10 +363,10 @@ kind: ServiceAccount metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -351,10 +375,10 @@ kind: ServiceAccount metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/union-serviceaccount.yaml @@ -364,10 +388,10 @@ metadata: name: union namespace: union labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/charts/flyte/templates/admin/secret.yaml @@ -622,7 +646,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm data: db.yaml: | @@ -688,10 +712,10 @@ kind: ConfigMap metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -785,10 +809,10 @@ kind: ConfigMap metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -874,10 +898,10 @@ kind: ConfigMap metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1064,10 +1088,10 @@ kind: ConfigMap metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1173,13 +1197,98 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +data: + config.yaml: | + admin: + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + endpoint: flyteadmin.union.svc.cluster.local:81 + insecure: true + authorizer: + authorizerClient: + forwardHeaders: + - authorization + - flyte-authorization + - x-user-token + grpcConfig: + host: dns:///authorizer.union.svc.cluster.local:80 + insecure: true + type: Authorizer + useExternalIdentity: 'false' + cache: + identity: + enabled: true + connection: + environment: staging + region: us-east-2 + rootTenantURLPattern: dns:///fake-host.domain + identity: + app: + adminClient: + connection: + authorizationHeader: flyte-authorization + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + insecure: true + scopes: + - all + tokenUrl: 'https://test.example.com/oauth2/v1/token' + identityProviderConfig: + provider: noop + logger: + formatter: + type: json + level: 6 + show-source: true + otel: + type: noop + sharedService: + connectPort: 8081 + security: + singleTenantOrgID: '' + selfServeConfig: + legacyHosts: + - '' + union: + auth: + authorizationMetadataKey: flyte-authorization + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + enable: true + scopes: + - 'all' + tokenUrl: 'https://test.example.com/oauth2/v1/token' + type: ClientSecret + connection: + insecure: false + insecureSkipVerify: true + trustedIdentityClaims: + enabled: true + externalIdentityClaim: "" + externalIdentityTypeClaim: app + internalConnectionConfig: + enabled: true + urlPattern: _SERVICE_.union.svc.cluster.local:80 +--- +# Source: controlplane/templates/configmap.yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm data: config.yaml: | admin: @@ -1259,10 +1368,10 @@ kind: ConfigMap metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1342,10 +1451,10 @@ kind: ConfigMap metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1425,10 +1534,10 @@ kind: ConfigMap metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1611,6 +1720,24 @@ data: on (namespace, pod) group_left() max by (namespace, pod) (kube_pod_status_phase{namespace="{{.Namespace}}",pod=~"{{.PodName}}",phase=~"Pending|Running"} == 1)) workers: 10 --- +# Source: controlplane/templates/flyteadmin-private-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-admin-private-config + namespace: union + labels: + app.kubernetes.io/name: flyteadmin + app.kubernetes.io/instance: release-name + helm.sh/chart: controlplane-2026.4.10 + #app.kubernetes.io/managed-by: Helm +data: + private.yaml: | + app: + cacheProviderConfig: + kind: bypass + populateUserFields: false +--- # Source: controlplane/templates/monitoring/dashboard-configmap.yaml apiVersion: v1 kind: ConfigMap @@ -6277,7 +6404,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -6331,7 +6458,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -6491,7 +6618,7 @@ metadata: platform.union.ai/prometheus-group: "union-services" app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6518,10 +6645,10 @@ metadata: name: unionconsole labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6546,10 +6673,10 @@ metadata: name: authorizer labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6585,10 +6712,10 @@ metadata: name: cluster labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6624,10 +6751,10 @@ metadata: name: dataproxy labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6659,10 +6786,10 @@ metadata: name: executions labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6691,14 +6818,49 @@ spec: apiVersion: v1 kind: Service metadata: - name: organizations + name: identity labels: platform.union.ai/prometheus-group: "union-services" helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: grpc + port: 80 + protocol: TCP + targetPort: connect + - name: grpc-native + port: 8080 + protocol: TCP + targetPort: grpc + - name: http + port: 81 + protocol: TCP + targetPort: http + - name: debug + port: 82 + protocol: TCP + targetPort: debug + selector: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: organizations + labels: + platform.union.ai/prometheus-group: "union-services" + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: @@ -6733,10 +6895,10 @@ metadata: name: queue labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6768,10 +6930,10 @@ metadata: name: run-scheduler labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6803,10 +6965,10 @@ metadata: name: usage labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6878,7 +7040,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - run image: "registry.unionai.cloud/controlplane/services:" @@ -6896,7 +7058,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - seed-projects - union-health-monitoring @@ -6919,7 +7081,7 @@ spec: command: ["/bin/sh", "-c"] args: [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", + "flyteadmin --config=/etc/flyte/*/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", ] securityContext: allowPrivilegeEscalation: false @@ -6939,7 +7101,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - serve image: "registry.unionai.cloud/controlplane/services:" imagePullPolicy: "IfNotPresent" @@ -6991,6 +7153,9 @@ spec: - mountPath: /etc/secrets/union name: union-secrets readOnly: true + - mountPath: /etc/flyte/private + name: private-config + readOnly: true serviceAccountName: flyteadmin volumes: - name: union-controlplane-secrets @@ -7018,6 +7183,9 @@ spec: - name: union-secrets secret: secretName: '' + - configMap: + name: flyte-admin-private-config + name: private-config --- # Source: controlplane/charts/flyte/templates/console/deployment.yaml apiVersion: apps/v1 @@ -7344,7 +7512,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -7355,7 +7523,7 @@ spec: template: metadata: annotations: - configChecksum: "4677750f0f40268ea4d335806a712af38ff49c94cf3ca944d8faa7d3816249b" + configChecksum: "70052c4e86279f1f1bdc2ca7114622e188149761d5f03576e790db96bd07ed3" linkerd.io/inject: disabled prometheus.io/path: /metrics prometheus.io/port: "10254" @@ -7364,7 +7532,7 @@ spec: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: securityContext: @@ -7456,10 +7624,10 @@ kind: Deployment metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: strategy: @@ -7499,7 +7667,7 @@ spec: capabilities: drop: - ALL - image: "registry.unionai.cloud/controlplane/unionconsole:2026.4.10" + image: "registry.unionai.cloud/controlplane/unionconsole:2026.5.0" imagePullPolicy: IfNotPresent ports: - name: http @@ -7526,10 +7694,10 @@ kind: Deployment metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7567,7 +7735,7 @@ spec: name: authorizer containers: - name: authorizer - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - authorizer @@ -7641,10 +7809,10 @@ kind: Deployment metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7682,7 +7850,7 @@ spec: name: cluster initContainers: - name: cluster-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7698,7 +7866,7 @@ spec: mountPath: /etc/config/ containers: - name: cluster - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7772,10 +7940,10 @@ kind: Deployment metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7813,7 +7981,7 @@ spec: name: dataproxy containers: - name: dataproxy - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - dataproxy @@ -7884,10 +8052,10 @@ kind: Deployment metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7925,7 +8093,7 @@ spec: name: executions initContainers: - name: executions-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -7941,7 +8109,7 @@ spec: mountPath: /etc/config/ containers: - name: executions - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8010,13 +8178,128 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: identity + linkerd.io/inject: disabled + prometheus.io/path: /metrics + prometheus.io/port: "10254" + labels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + spec: + imagePullSecrets: + - name: union-registry-secret + serviceAccountName: identity + volumes: + - name: secrets + secret: + secretName: + - name: db-pass + secret: + secretName: + - name: config + configMap: + name: identity + containers: + - name: identity + image: registry.unionai.cloud/controlplane/services:2026.4.10 + imagePullPolicy: IfNotPresent + args: + - cloudidentity + - serve + - --config + - /etc/config/*.yaml + ports: + - name: grpc + containerPort: 8080 + protocol: TCP + - name: http + containerPort: 8089 + protocol: TCP + - name: debug + containerPort: 10254 + protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP + volumeMounts: + - name: db-pass + mountPath: /etc/db + - name: secrets + mountPath: /etc/secrets/union + - name: config + mountPath: /etc/config/ + env: + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.cpu + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 250Mi + livenessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + topologyKey: "kubernetes.io/hostname" +--- +# Source: controlplane/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: selector: matchLabels: @@ -8053,7 +8336,7 @@ spec: name: organizations initContainers: - name: organizations-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8069,7 +8352,7 @@ spec: mountPath: /etc/config/ containers: - name: organizations - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8143,10 +8426,10 @@ kind: Deployment metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8185,7 +8468,7 @@ spec: name: queue initContainers: - name: queue-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8201,7 +8484,7 @@ spec: mountPath: /etc/config/ containers: - name: queue - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8272,10 +8555,10 @@ kind: Deployment metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8313,7 +8596,7 @@ spec: name: run-scheduler initContainers: - name: run-scheduler-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8329,7 +8612,7 @@ spec: mountPath: /etc/config/ containers: - name: run-scheduler - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8401,10 +8684,10 @@ kind: Deployment metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8442,7 +8725,7 @@ spec: name: usage containers: - name: usage - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - usage @@ -8549,10 +8832,10 @@ kind: HorizontalPodAutoscaler metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: scaleTargetRef: @@ -8683,6 +8966,32 @@ spec: # Source: controlplane/templates/hpa.yaml apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler +metadata: + name: identity +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: identity + minReplicas: 1 + maxReplicas: 1 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 +--- +# Source: controlplane/templates/hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler metadata: name: organizations spec: @@ -9945,20 +10254,6 @@ spec: name: executions port: name: grpc - - path: /cloudidl.workflow.TranslatorService - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - - path: /cloudidl.workflow.TranslatorService/* - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: @@ -10034,14 +10329,14 @@ spec: pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.task.TaskService @@ -11089,6 +11384,9 @@ webhooks: # Source: controlplane/templates/secret.yaml --- --- +# Source: controlplane/templates/secret.yaml +--- +--- # Source: controlplane/charts/scylla-operator/templates/certificate.yaml apiVersion: cert-manager.io/v1 kind: Certificate diff --git a/tests/generated/controlplane.aws.yaml b/tests/generated/controlplane.aws.yaml index f6d784b6..f10fbc03 100644 --- a/tests/generated/controlplane.aws.yaml +++ b/tests/generated/controlplane.aws.yaml @@ -37,10 +37,10 @@ kind: PodDisruptionBudget metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: minAvailable: "33%" @@ -137,6 +137,18 @@ spec: # Source: controlplane/templates/pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget +metadata: + name: identity +spec: + minAvailable: "33%" + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget metadata: name: organizations spec: @@ -243,7 +255,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm imagePullSecrets: - name: union-registry-secret @@ -254,10 +266,10 @@ kind: ServiceAccount metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -267,10 +279,10 @@ kind: ServiceAccount metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -279,10 +291,10 @@ kind: ServiceAccount metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -291,10 +303,10 @@ kind: ServiceAccount metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -303,9 +315,21 @@ kind: ServiceAccount metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: controlplane/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: identity + labels: + helm.sh/chart: controlplane-2026.4.10 + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm --- @@ -315,10 +339,10 @@ kind: ServiceAccount metadata: name: organizations labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: organizations app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -327,10 +351,10 @@ kind: ServiceAccount metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -339,10 +363,10 @@ kind: ServiceAccount metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -351,10 +375,10 @@ kind: ServiceAccount metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/union-serviceaccount.yaml @@ -364,10 +388,10 @@ metadata: name: union namespace: union labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/charts/flyte/templates/admin/secret.yaml @@ -622,7 +646,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm data: db.yaml: | @@ -688,10 +712,10 @@ kind: ConfigMap metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -785,10 +809,10 @@ kind: ConfigMap metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -874,10 +898,10 @@ kind: ConfigMap metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1064,10 +1088,10 @@ kind: ConfigMap metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1173,13 +1197,98 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +data: + config.yaml: | + admin: + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + endpoint: flyteadmin.union.svc.cluster.local:81 + insecure: true + authorizer: + authorizerClient: + forwardHeaders: + - authorization + - flyte-authorization + - x-user-token + grpcConfig: + host: dns:///authorizer.union.svc.cluster.local:80 + insecure: true + type: Authorizer + useExternalIdentity: 'false' + cache: + identity: + enabled: true + connection: + environment: staging + region: us-east-2 + rootTenantURLPattern: dns:///fake-host.domain + identity: + app: + adminClient: + connection: + authorizationHeader: flyte-authorization + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + insecure: true + scopes: + - all + tokenUrl: 'https://test.example.com/oauth2/v1/token' + identityProviderConfig: + provider: noop + logger: + formatter: + type: json + level: 6 + show-source: true + otel: + type: noop + sharedService: + connectPort: 8081 + security: + singleTenantOrgID: '' + selfServeConfig: + legacyHosts: + - '' + union: + auth: + authorizationMetadataKey: flyte-authorization + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + enable: true + scopes: + - 'all' + tokenUrl: 'https://test.example.com/oauth2/v1/token' + type: ClientSecret + connection: + insecure: false + insecureSkipVerify: true + trustedIdentityClaims: + enabled: true + externalIdentityClaim: "" + externalIdentityTypeClaim: app + internalConnectionConfig: + enabled: true + urlPattern: _SERVICE_.union.svc.cluster.local:80 +--- +# Source: controlplane/templates/configmap.yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm data: config.yaml: | admin: @@ -1259,10 +1368,10 @@ kind: ConfigMap metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1342,10 +1451,10 @@ kind: ConfigMap metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1425,10 +1534,10 @@ kind: ConfigMap metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1611,6 +1720,24 @@ data: on (namespace, pod) group_left() max by (namespace, pod) (kube_pod_status_phase{namespace="{{.Namespace}}",pod=~"{{.PodName}}",phase=~"Pending|Running"} == 1)) workers: 10 --- +# Source: controlplane/templates/flyteadmin-private-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-admin-private-config + namespace: union + labels: + app.kubernetes.io/name: flyteadmin + app.kubernetes.io/instance: release-name + helm.sh/chart: controlplane-2026.4.10 + #app.kubernetes.io/managed-by: Helm +data: + private.yaml: | + app: + cacheProviderConfig: + kind: bypass + populateUserFields: false +--- # Source: controlplane/templates/monitoring/dashboard-configmap.yaml apiVersion: v1 kind: ConfigMap @@ -6277,7 +6404,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -6331,7 +6458,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -6491,7 +6618,7 @@ metadata: platform.union.ai/prometheus-group: "union-services" app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6518,10 +6645,10 @@ metadata: name: unionconsole labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6546,10 +6673,10 @@ metadata: name: authorizer labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6585,10 +6712,10 @@ metadata: name: cluster labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6624,10 +6751,10 @@ metadata: name: dataproxy labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6659,10 +6786,10 @@ metadata: name: executions labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6691,14 +6818,49 @@ spec: apiVersion: v1 kind: Service metadata: - name: organizations + name: identity labels: platform.union.ai/prometheus-group: "union-services" helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: grpc + port: 80 + protocol: TCP + targetPort: connect + - name: grpc-native + port: 8080 + protocol: TCP + targetPort: grpc + - name: http + port: 81 + protocol: TCP + targetPort: http + - name: debug + port: 82 + protocol: TCP + targetPort: debug + selector: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: organizations + labels: + platform.union.ai/prometheus-group: "union-services" + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: @@ -6733,10 +6895,10 @@ metadata: name: queue labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6768,10 +6930,10 @@ metadata: name: run-scheduler labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6803,10 +6965,10 @@ metadata: name: usage labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6878,7 +7040,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - run image: "registry.unionai.cloud/controlplane/services:" @@ -6896,7 +7058,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - seed-projects - union-health-monitoring @@ -6919,7 +7081,7 @@ spec: command: ["/bin/sh", "-c"] args: [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", + "flyteadmin --config=/etc/flyte/*/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", ] securityContext: allowPrivilegeEscalation: false @@ -6939,7 +7101,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - serve image: "registry.unionai.cloud/controlplane/services:" imagePullPolicy: "IfNotPresent" @@ -6991,6 +7153,9 @@ spec: - mountPath: /etc/secrets/union name: union-secrets readOnly: true + - mountPath: /etc/flyte/private + name: private-config + readOnly: true serviceAccountName: flyteadmin volumes: - name: union-controlplane-secrets @@ -7018,6 +7183,9 @@ spec: - name: union-secrets secret: secretName: '' + - configMap: + name: flyte-admin-private-config + name: private-config --- # Source: controlplane/charts/flyte/templates/console/deployment.yaml apiVersion: apps/v1 @@ -7344,7 +7512,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -7355,7 +7523,7 @@ spec: template: metadata: annotations: - configChecksum: "4677750f0f40268ea4d335806a712af38ff49c94cf3ca944d8faa7d3816249b" + configChecksum: "70052c4e86279f1f1bdc2ca7114622e188149761d5f03576e790db96bd07ed3" linkerd.io/inject: disabled prometheus.io/path: /metrics prometheus.io/port: "10254" @@ -7365,7 +7533,7 @@ spec: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: securityContext: @@ -7457,10 +7625,10 @@ kind: Deployment metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: strategy: @@ -7501,7 +7669,7 @@ spec: capabilities: drop: - ALL - image: "registry.unionai.cloud/controlplane/unionconsole:2026.4.10" + image: "registry.unionai.cloud/controlplane/unionconsole:2026.5.0" imagePullPolicy: IfNotPresent ports: - name: http @@ -7528,10 +7696,10 @@ kind: Deployment metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7570,7 +7738,7 @@ spec: name: authorizer containers: - name: authorizer - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - authorizer @@ -7644,10 +7812,10 @@ kind: Deployment metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7686,7 +7854,7 @@ spec: name: cluster initContainers: - name: cluster-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7702,7 +7870,7 @@ spec: mountPath: /etc/config/ containers: - name: cluster - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7776,10 +7944,10 @@ kind: Deployment metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7818,7 +7986,7 @@ spec: name: dataproxy containers: - name: dataproxy - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - dataproxy @@ -7889,10 +8057,10 @@ kind: Deployment metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7931,7 +8099,7 @@ spec: name: executions initContainers: - name: executions-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -7947,7 +8115,7 @@ spec: mountPath: /etc/config/ containers: - name: executions - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8016,13 +8184,129 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: identity + linkerd.io/inject: disabled + prometheus.io/path: /metrics + prometheus.io/port: "10254" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + spec: + imagePullSecrets: + - name: union-registry-secret + serviceAccountName: identity + volumes: + - name: secrets + secret: + secretName: + - name: db-pass + secret: + secretName: + - name: config + configMap: + name: identity + containers: + - name: identity + image: registry.unionai.cloud/controlplane/services:2026.4.10 + imagePullPolicy: IfNotPresent + args: + - cloudidentity + - serve + - --config + - /etc/config/*.yaml + ports: + - name: grpc + containerPort: 8080 + protocol: TCP + - name: http + containerPort: 8089 + protocol: TCP + - name: debug + containerPort: 10254 + protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP + volumeMounts: + - name: db-pass + mountPath: /etc/db + - name: secrets + mountPath: /etc/secrets/union + - name: config + mountPath: /etc/config/ + env: + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.cpu + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 250Mi + livenessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + topologyKey: "kubernetes.io/hostname" +--- +# Source: controlplane/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: selector: matchLabels: @@ -8060,7 +8344,7 @@ spec: name: organizations initContainers: - name: organizations-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8076,7 +8360,7 @@ spec: mountPath: /etc/config/ containers: - name: organizations - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8150,10 +8434,10 @@ kind: Deployment metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8193,7 +8477,7 @@ spec: name: queue initContainers: - name: queue-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8209,7 +8493,7 @@ spec: mountPath: /etc/config/ containers: - name: queue - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8280,10 +8564,10 @@ kind: Deployment metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8322,7 +8606,7 @@ spec: name: run-scheduler initContainers: - name: run-scheduler-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8338,7 +8622,7 @@ spec: mountPath: /etc/config/ containers: - name: run-scheduler - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8410,10 +8694,10 @@ kind: Deployment metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8452,7 +8736,7 @@ spec: name: usage containers: - name: usage - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - usage @@ -8553,10 +8837,10 @@ kind: HorizontalPodAutoscaler metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: scaleTargetRef: @@ -8687,6 +8971,32 @@ spec: # Source: controlplane/templates/hpa.yaml apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler +metadata: + name: identity +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: identity + minReplicas: 1 + maxReplicas: 1 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 +--- +# Source: controlplane/templates/hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler metadata: name: organizations spec: @@ -9935,20 +10245,6 @@ spec: name: executions port: name: grpc - - path: /cloudidl.workflow.TranslatorService - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - - path: /cloudidl.workflow.TranslatorService/* - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: @@ -10024,14 +10320,14 @@ spec: pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.task.TaskService @@ -11079,6 +11375,9 @@ webhooks: # Source: controlplane/templates/secret.yaml --- --- +# Source: controlplane/templates/secret.yaml +--- +--- # Source: controlplane/charts/scylla-operator/templates/certificate.yaml apiVersion: cert-manager.io/v1 kind: Certificate diff --git a/tests/generated/controlplane.custom-oidc.yaml b/tests/generated/controlplane.custom-oidc.yaml index 820c59bc..f2e24b5f 100644 --- a/tests/generated/controlplane.custom-oidc.yaml +++ b/tests/generated/controlplane.custom-oidc.yaml @@ -37,10 +37,10 @@ kind: PodDisruptionBudget metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: minAvailable: "33%" @@ -137,6 +137,18 @@ spec: # Source: controlplane/templates/pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget +metadata: + name: identity +spec: + minAvailable: "33%" + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget metadata: name: organizations spec: @@ -243,7 +255,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm annotations: eks.amazonaws.com/role-arn: '' @@ -256,10 +268,10 @@ kind: ServiceAccount metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -269,10 +281,10 @@ kind: ServiceAccount metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -281,10 +293,10 @@ kind: ServiceAccount metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -293,10 +305,10 @@ kind: ServiceAccount metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -305,9 +317,21 @@ kind: ServiceAccount metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: controlplane/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: identity + labels: + helm.sh/chart: controlplane-2026.4.10 + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm --- @@ -317,10 +341,10 @@ kind: ServiceAccount metadata: name: organizations labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: organizations app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -329,10 +353,10 @@ kind: ServiceAccount metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -341,10 +365,10 @@ kind: ServiceAccount metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -353,10 +377,10 @@ kind: ServiceAccount metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/union-serviceaccount.yaml @@ -366,10 +390,10 @@ metadata: name: union namespace: union labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/charts/flyte/templates/admin/secret.yaml @@ -632,7 +656,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm data: db.yaml: | @@ -703,10 +727,10 @@ kind: ConfigMap metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -800,10 +824,10 @@ kind: ConfigMap metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -889,10 +913,10 @@ kind: ConfigMap metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1079,10 +1103,10 @@ kind: ConfigMap metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1188,13 +1212,98 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +data: + config.yaml: | + admin: + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + endpoint: flyteadmin.union.svc.cluster.local:81 + insecure: true + authorizer: + authorizerClient: + forwardHeaders: + - authorization + - flyte-authorization + - x-user-token + grpcConfig: + host: dns:///authorizer.union.svc.cluster.local:80 + insecure: true + type: Authorizer + useExternalIdentity: 'false' + cache: + identity: + enabled: true + connection: + environment: staging + region: us-east-2 + rootTenantURLPattern: dns:///fake-host.domain + identity: + app: + adminClient: + connection: + authorizationHeader: flyte-authorization + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + insecure: true + scopes: + - all + tokenUrl: 'https://idp.example.com/oauth2/v2.0/token' + identityProviderConfig: + provider: noop + logger: + formatter: + type: json + level: 6 + show-source: true + otel: + type: noop + sharedService: + connectPort: 8081 + security: + singleTenantOrgID: '' + selfServeConfig: + legacyHosts: + - '' + union: + auth: + authorizationMetadataKey: flyte-authorization + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + enable: true + scopes: + - 'all' + tokenUrl: 'https://idp.example.com/oauth2/v2.0/token' + type: ClientSecret + connection: + insecure: false + insecureSkipVerify: true + trustedIdentityClaims: + enabled: true + externalIdentityClaim: "" + externalIdentityTypeClaim: app + internalConnectionConfig: + enabled: true + urlPattern: _SERVICE_.union.svc.cluster.local:80 +--- +# Source: controlplane/templates/configmap.yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm data: config.yaml: | admin: @@ -1274,10 +1383,10 @@ kind: ConfigMap metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1357,10 +1466,10 @@ kind: ConfigMap metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1440,10 +1549,10 @@ kind: ConfigMap metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1626,6 +1735,24 @@ data: on (namespace, pod) group_left() max by (namespace, pod) (kube_pod_status_phase{namespace="{{.Namespace}}",pod=~"{{.PodName}}",phase=~"Pending|Running"} == 1)) workers: 10 --- +# Source: controlplane/templates/flyteadmin-private-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-admin-private-config + namespace: union + labels: + app.kubernetes.io/name: flyteadmin + app.kubernetes.io/instance: release-name + helm.sh/chart: controlplane-2026.4.10 + #app.kubernetes.io/managed-by: Helm +data: + private.yaml: | + app: + cacheProviderConfig: + kind: bypass + populateUserFields: false +--- # Source: controlplane/templates/monitoring/dashboard-configmap.yaml apiVersion: v1 kind: ConfigMap @@ -6295,7 +6422,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -6349,7 +6476,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -6509,7 +6636,7 @@ metadata: platform.union.ai/prometheus-group: "union-services" app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6536,10 +6663,10 @@ metadata: name: unionconsole labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6564,10 +6691,10 @@ metadata: name: authorizer labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6603,10 +6730,10 @@ metadata: name: cluster labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6642,10 +6769,10 @@ metadata: name: dataproxy labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6677,10 +6804,10 @@ metadata: name: executions labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6709,14 +6836,49 @@ spec: apiVersion: v1 kind: Service metadata: - name: organizations + name: identity labels: platform.union.ai/prometheus-group: "union-services" helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: grpc + port: 80 + protocol: TCP + targetPort: connect + - name: grpc-native + port: 8080 + protocol: TCP + targetPort: grpc + - name: http + port: 81 + protocol: TCP + targetPort: http + - name: debug + port: 82 + protocol: TCP + targetPort: debug + selector: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: organizations + labels: + platform.union.ai/prometheus-group: "union-services" + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: @@ -6751,10 +6913,10 @@ metadata: name: queue labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6786,10 +6948,10 @@ metadata: name: run-scheduler labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6821,10 +6983,10 @@ metadata: name: usage labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6896,7 +7058,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - run image: "registry.unionai.cloud/controlplane/services:" @@ -6914,7 +7076,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - seed-projects - union-health-monitoring @@ -6937,7 +7099,7 @@ spec: command: ["/bin/sh", "-c"] args: [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", + "flyteadmin --config=/etc/flyte/*/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", ] securityContext: allowPrivilegeEscalation: false @@ -6957,7 +7119,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - serve image: "registry.unionai.cloud/controlplane/services:" imagePullPolicy: "IfNotPresent" @@ -7009,6 +7171,9 @@ spec: - mountPath: /etc/secrets/union name: union-secrets readOnly: true + - mountPath: /etc/flyte/private + name: private-config + readOnly: true serviceAccountName: flyteadmin volumes: - name: union-controlplane-secrets @@ -7036,6 +7201,9 @@ spec: - name: union-secrets secret: secretName: '' + - configMap: + name: flyte-admin-private-config + name: private-config --- # Source: controlplane/charts/flyte/templates/console/deployment.yaml apiVersion: apps/v1 @@ -7362,7 +7530,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -7373,7 +7541,7 @@ spec: template: metadata: annotations: - configChecksum: "23e9aba4e1ac4e950d35b38168be812455e2dea70a6abb6ebe9ce0778ffb9f7" + configChecksum: "bb090d2064939c39a2227343b72c73b3c8634377be56382bdafcde219e34c85" linkerd.io/inject: disabled prometheus.io/path: /metrics prometheus.io/port: "10254" @@ -7382,7 +7550,7 @@ spec: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: securityContext: @@ -7474,10 +7642,10 @@ kind: Deployment metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: strategy: @@ -7517,7 +7685,7 @@ spec: capabilities: drop: - ALL - image: "registry.unionai.cloud/controlplane/unionconsole:2026.4.10" + image: "registry.unionai.cloud/controlplane/unionconsole:2026.5.0" imagePullPolicy: IfNotPresent ports: - name: http @@ -7544,10 +7712,10 @@ kind: Deployment metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7585,7 +7753,7 @@ spec: name: authorizer containers: - name: authorizer - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - authorizer @@ -7659,10 +7827,10 @@ kind: Deployment metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7700,7 +7868,7 @@ spec: name: cluster initContainers: - name: cluster-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7716,7 +7884,7 @@ spec: mountPath: /etc/config/ containers: - name: cluster - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7790,10 +7958,10 @@ kind: Deployment metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7831,7 +7999,7 @@ spec: name: dataproxy containers: - name: dataproxy - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - dataproxy @@ -7902,10 +8070,10 @@ kind: Deployment metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7943,7 +8111,7 @@ spec: name: executions initContainers: - name: executions-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -7959,7 +8127,7 @@ spec: mountPath: /etc/config/ containers: - name: executions - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8028,13 +8196,128 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: identity + linkerd.io/inject: disabled + prometheus.io/path: /metrics + prometheus.io/port: "10254" + labels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + spec: + imagePullSecrets: + - name: union-registry-secret + serviceAccountName: identity + volumes: + - name: secrets + secret: + secretName: + - name: db-pass + secret: + secretName: + - name: config + configMap: + name: identity + containers: + - name: identity + image: registry.unionai.cloud/controlplane/services:2026.4.10 + imagePullPolicy: IfNotPresent + args: + - cloudidentity + - serve + - --config + - /etc/config/*.yaml + ports: + - name: grpc + containerPort: 8080 + protocol: TCP + - name: http + containerPort: 8089 + protocol: TCP + - name: debug + containerPort: 10254 + protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP + volumeMounts: + - name: db-pass + mountPath: /etc/db + - name: secrets + mountPath: /etc/secrets/union + - name: config + mountPath: /etc/config/ + env: + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.cpu + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 250Mi + livenessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + topologyKey: "kubernetes.io/hostname" +--- +# Source: controlplane/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: selector: matchLabels: @@ -8071,7 +8354,7 @@ spec: name: organizations initContainers: - name: organizations-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8087,7 +8370,7 @@ spec: mountPath: /etc/config/ containers: - name: organizations - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8161,10 +8444,10 @@ kind: Deployment metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8203,7 +8486,7 @@ spec: name: queue initContainers: - name: queue-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8219,7 +8502,7 @@ spec: mountPath: /etc/config/ containers: - name: queue - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8290,10 +8573,10 @@ kind: Deployment metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8331,7 +8614,7 @@ spec: name: run-scheduler initContainers: - name: run-scheduler-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8347,7 +8630,7 @@ spec: mountPath: /etc/config/ containers: - name: run-scheduler - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8419,10 +8702,10 @@ kind: Deployment metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8460,7 +8743,7 @@ spec: name: usage containers: - name: usage - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - usage @@ -8567,10 +8850,10 @@ kind: HorizontalPodAutoscaler metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: scaleTargetRef: @@ -8701,6 +8984,32 @@ spec: # Source: controlplane/templates/hpa.yaml apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler +metadata: + name: identity +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: identity + minReplicas: 1 + maxReplicas: 1 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 +--- +# Source: controlplane/templates/hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler metadata: name: organizations spec: @@ -9949,20 +10258,6 @@ spec: name: executions port: name: grpc - - path: /cloudidl.workflow.TranslatorService - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - - path: /cloudidl.workflow.TranslatorService/* - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: @@ -10038,14 +10333,14 @@ spec: pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.task.TaskService @@ -11093,6 +11388,9 @@ webhooks: # Source: controlplane/templates/secret.yaml --- --- +# Source: controlplane/templates/secret.yaml +--- +--- # Source: controlplane/charts/scylla-operator/templates/certificate.yaml apiVersion: cert-manager.io/v1 kind: Certificate diff --git a/tests/generated/controlplane.external-authz.yaml b/tests/generated/controlplane.external-authz.yaml index 152c4464..55e8174d 100644 --- a/tests/generated/controlplane.external-authz.yaml +++ b/tests/generated/controlplane.external-authz.yaml @@ -37,10 +37,10 @@ kind: PodDisruptionBudget metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: minAvailable: "33%" @@ -137,6 +137,18 @@ spec: # Source: controlplane/templates/pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget +metadata: + name: identity +spec: + minAvailable: "33%" + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget metadata: name: organizations spec: @@ -241,7 +253,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm imagePullSecrets: - name: union-registry-secret @@ -252,10 +264,10 @@ kind: ServiceAccount metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -265,10 +277,10 @@ kind: ServiceAccount metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -277,10 +289,10 @@ kind: ServiceAccount metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -289,10 +301,10 @@ kind: ServiceAccount metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -301,9 +313,21 @@ kind: ServiceAccount metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: controlplane/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: identity + labels: + helm.sh/chart: controlplane-2026.4.10 + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm --- @@ -313,10 +337,10 @@ kind: ServiceAccount metadata: name: organizations labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: organizations app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -325,10 +349,10 @@ kind: ServiceAccount metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -337,10 +361,10 @@ kind: ServiceAccount metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -349,10 +373,10 @@ kind: ServiceAccount metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/union-serviceaccount.yaml @@ -362,10 +386,10 @@ metadata: name: union namespace: union labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/charts/flyte/templates/admin/secret.yaml @@ -623,7 +647,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm data: db.yaml: | @@ -689,10 +713,10 @@ kind: ConfigMap metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -790,10 +814,10 @@ kind: ConfigMap metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -879,10 +903,10 @@ kind: ConfigMap metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1069,10 +1093,10 @@ kind: ConfigMap metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1178,13 +1202,98 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +data: + config.yaml: | + admin: + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + endpoint: flyteadmin.union.svc.cluster.local:81 + insecure: true + authorizer: + authorizerClient: + forwardHeaders: + - authorization + - flyte-authorization + - x-user-token + grpcConfig: + host: dns:///authorizer.union.svc.cluster.local:80 + insecure: true + type: Authorizer + useExternalIdentity: 'true' + cache: + identity: + enabled: true + connection: + environment: staging + region: us-east-2 + rootTenantURLPattern: dns:///fake-host.domain + identity: + app: + adminClient: + connection: + authorizationHeader: flyte-authorization + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + insecure: true + scopes: + - all + tokenUrl: 'https://test.example.com/oauth2/v1/token' + identityProviderConfig: + provider: noop + logger: + formatter: + type: json + level: 6 + show-source: true + otel: + type: noop + sharedService: + connectPort: 8081 + security: + singleTenantOrgID: '' + selfServeConfig: + legacyHosts: + - '' + union: + auth: + authorizationMetadataKey: flyte-authorization + clientId: 'test-internal-client-id' + clientSecretLocation: /etc/secrets/union/client_secret + enable: true + scopes: + - 'all' + tokenUrl: 'https://test.example.com/oauth2/v1/token' + type: ClientSecret + connection: + insecure: false + insecureSkipVerify: true + trustedIdentityClaims: + enabled: true + externalIdentityClaim: "" + externalIdentityTypeClaim: app + internalConnectionConfig: + enabled: true + urlPattern: _SERVICE_.union.svc.cluster.local:80 +--- +# Source: controlplane/templates/configmap.yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm data: config.yaml: | admin: @@ -1264,10 +1373,10 @@ kind: ConfigMap metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1347,10 +1456,10 @@ kind: ConfigMap metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1430,10 +1539,10 @@ kind: ConfigMap metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1616,6 +1725,24 @@ data: on (namespace, pod) group_left() max by (namespace, pod) (kube_pod_status_phase{namespace="{{.Namespace}}",pod=~"{{.PodName}}",phase=~"Pending|Running"} == 1)) workers: 10 --- +# Source: controlplane/templates/flyteadmin-private-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-admin-private-config + namespace: union + labels: + app.kubernetes.io/name: flyteadmin + app.kubernetes.io/instance: release-name + helm.sh/chart: controlplane-2026.4.10 + #app.kubernetes.io/managed-by: Helm +data: + private.yaml: | + app: + cacheProviderConfig: + kind: bypass + populateUserFields: false +--- # Source: controlplane/templates/monitoring/dashboard-configmap.yaml apiVersion: v1 kind: ConfigMap @@ -6282,7 +6409,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -6336,7 +6463,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -6496,7 +6623,7 @@ metadata: platform.union.ai/prometheus-group: "union-services" app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6523,10 +6650,10 @@ metadata: name: unionconsole labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6551,10 +6678,10 @@ metadata: name: authorizer labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6590,10 +6717,10 @@ metadata: name: cluster labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6629,10 +6756,10 @@ metadata: name: dataproxy labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6664,10 +6791,10 @@ metadata: name: executions labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6696,14 +6823,49 @@ spec: apiVersion: v1 kind: Service metadata: - name: organizations + name: identity labels: platform.union.ai/prometheus-group: "union-services" helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: grpc + port: 80 + protocol: TCP + targetPort: connect + - name: grpc-native + port: 8080 + protocol: TCP + targetPort: grpc + - name: http + port: 81 + protocol: TCP + targetPort: http + - name: debug + port: 82 + protocol: TCP + targetPort: debug + selector: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: organizations + labels: + platform.union.ai/prometheus-group: "union-services" + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: @@ -6738,10 +6900,10 @@ metadata: name: queue labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6773,10 +6935,10 @@ metadata: name: run-scheduler labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6808,10 +6970,10 @@ metadata: name: usage labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6883,7 +7045,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - run image: "registry.unionai.cloud/controlplane/services:" @@ -6901,7 +7063,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - seed-projects - union-health-monitoring @@ -6924,7 +7086,7 @@ spec: command: ["/bin/sh", "-c"] args: [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", + "flyteadmin --config=/etc/flyte/*/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", ] securityContext: allowPrivilegeEscalation: false @@ -6944,7 +7106,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - serve image: "registry.unionai.cloud/controlplane/services:" imagePullPolicy: "IfNotPresent" @@ -6996,6 +7158,9 @@ spec: - mountPath: /etc/secrets/union name: union-secrets readOnly: true + - mountPath: /etc/flyte/private + name: private-config + readOnly: true serviceAccountName: flyteadmin volumes: - name: union-controlplane-secrets @@ -7023,6 +7188,9 @@ spec: - name: union-secrets secret: secretName: '' + - configMap: + name: flyte-admin-private-config + name: private-config --- # Source: controlplane/charts/flyte/templates/console/deployment.yaml apiVersion: apps/v1 @@ -7349,7 +7517,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -7360,7 +7528,7 @@ spec: template: metadata: annotations: - configChecksum: "8c8925905b64796ee75915c2cb2d424cefd35b9337a8233562eaf19b6e1de8e" + configChecksum: "a7ef30da792fec1bbef7948b89b3b93dce3a745599674f3ad85960f32943b7e" linkerd.io/inject: disabled prometheus.io/path: /metrics prometheus.io/port: "10254" @@ -7369,7 +7537,7 @@ spec: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: securityContext: @@ -7461,10 +7629,10 @@ kind: Deployment metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: strategy: @@ -7504,7 +7672,7 @@ spec: capabilities: drop: - ALL - image: "registry.unionai.cloud/controlplane/unionconsole:2026.4.10" + image: "registry.unionai.cloud/controlplane/unionconsole:2026.5.0" imagePullPolicy: IfNotPresent ports: - name: http @@ -7531,10 +7699,10 @@ kind: Deployment metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7572,7 +7740,7 @@ spec: name: authorizer containers: - name: authorizer - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - authorizer @@ -7646,10 +7814,10 @@ kind: Deployment metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7687,7 +7855,7 @@ spec: name: cluster initContainers: - name: cluster-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7703,7 +7871,7 @@ spec: mountPath: /etc/config/ containers: - name: cluster - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7777,10 +7945,10 @@ kind: Deployment metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7818,7 +7986,7 @@ spec: name: dataproxy containers: - name: dataproxy - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - dataproxy @@ -7889,10 +8057,10 @@ kind: Deployment metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7930,7 +8098,7 @@ spec: name: executions initContainers: - name: executions-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -7946,7 +8114,7 @@ spec: mountPath: /etc/config/ containers: - name: executions - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8015,13 +8183,128 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: identity + linkerd.io/inject: disabled + prometheus.io/path: /metrics + prometheus.io/port: "10254" + labels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + spec: + imagePullSecrets: + - name: union-registry-secret + serviceAccountName: identity + volumes: + - name: secrets + secret: + secretName: + - name: db-pass + secret: + secretName: + - name: config + configMap: + name: identity + containers: + - name: identity + image: registry.unionai.cloud/controlplane/services:2026.4.10 + imagePullPolicy: IfNotPresent + args: + - cloudidentity + - serve + - --config + - /etc/config/*.yaml + ports: + - name: grpc + containerPort: 8080 + protocol: TCP + - name: http + containerPort: 8089 + protocol: TCP + - name: debug + containerPort: 10254 + protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP + volumeMounts: + - name: db-pass + mountPath: /etc/db + - name: secrets + mountPath: /etc/secrets/union + - name: config + mountPath: /etc/config/ + env: + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.cpu + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 250Mi + livenessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + topologyKey: "kubernetes.io/hostname" +--- +# Source: controlplane/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: selector: matchLabels: @@ -8058,7 +8341,7 @@ spec: name: organizations initContainers: - name: organizations-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8074,7 +8357,7 @@ spec: mountPath: /etc/config/ containers: - name: organizations - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8148,10 +8431,10 @@ kind: Deployment metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8190,7 +8473,7 @@ spec: name: queue initContainers: - name: queue-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8206,7 +8489,7 @@ spec: mountPath: /etc/config/ containers: - name: queue - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8277,10 +8560,10 @@ kind: Deployment metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8318,7 +8601,7 @@ spec: name: run-scheduler initContainers: - name: run-scheduler-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8334,7 +8617,7 @@ spec: mountPath: /etc/config/ containers: - name: run-scheduler - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8406,10 +8689,10 @@ kind: Deployment metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8447,7 +8730,7 @@ spec: name: usage containers: - name: usage - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - usage @@ -8554,10 +8837,10 @@ kind: HorizontalPodAutoscaler metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: scaleTargetRef: @@ -8688,6 +8971,32 @@ spec: # Source: controlplane/templates/hpa.yaml apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler +metadata: + name: identity +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: identity + minReplicas: 1 + maxReplicas: 1 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 +--- +# Source: controlplane/templates/hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler metadata: name: organizations spec: @@ -9936,20 +10245,6 @@ spec: name: executions port: name: grpc - - path: /cloudidl.workflow.TranslatorService - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - - path: /cloudidl.workflow.TranslatorService/* - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: @@ -10025,14 +10320,14 @@ spec: pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.task.TaskService @@ -11080,6 +11375,9 @@ webhooks: # Source: controlplane/templates/secret.yaml --- --- +# Source: controlplane/templates/secret.yaml +--- +--- # Source: controlplane/charts/scylla-operator/templates/certificate.yaml apiVersion: cert-manager.io/v1 kind: Certificate diff --git a/tests/generated/controlplane.userclouds.yaml b/tests/generated/controlplane.userclouds.yaml index 2a58acc4..f4f1ddad 100644 --- a/tests/generated/controlplane.userclouds.yaml +++ b/tests/generated/controlplane.userclouds.yaml @@ -37,10 +37,10 @@ kind: PodDisruptionBudget metadata: name: release-name-union-authz labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union-authz app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: minAvailable: 2 @@ -55,10 +55,10 @@ kind: PodDisruptionBudget metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: minAvailable: "33%" @@ -155,6 +155,18 @@ spec: # Source: controlplane/templates/pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget +metadata: + name: identity +spec: + minAvailable: "33%" + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget metadata: name: organizations spec: @@ -258,10 +270,10 @@ kind: ServiceAccount metadata: name: release-name-union-authz labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union-authz app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/cacheservice/rbac.yaml @@ -273,7 +285,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm imagePullSecrets: - name: union-registry-secret @@ -284,10 +296,10 @@ kind: ServiceAccount metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -297,10 +309,10 @@ kind: ServiceAccount metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -309,10 +321,10 @@ kind: ServiceAccount metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -321,10 +333,10 @@ kind: ServiceAccount metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -333,9 +345,21 @@ kind: ServiceAccount metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: controlplane/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: identity + labels: + helm.sh/chart: controlplane-2026.4.10 + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm --- @@ -345,10 +369,10 @@ kind: ServiceAccount metadata: name: organizations labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: organizations app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -357,10 +381,10 @@ kind: ServiceAccount metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -369,10 +393,10 @@ kind: ServiceAccount metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/serviceaccount.yaml @@ -381,10 +405,10 @@ kind: ServiceAccount metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/templates/union-serviceaccount.yaml @@ -394,10 +418,10 @@ metadata: name: union namespace: union labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm --- # Source: controlplane/charts/flyte/templates/admin/secret.yaml @@ -649,10 +673,10 @@ kind: ConfigMap metadata: name: release-name-union-authz-config labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union-authz app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -698,7 +722,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm data: db.yaml: | @@ -764,10 +788,10 @@ kind: ConfigMap metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -873,10 +897,10 @@ kind: ConfigMap metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -962,10 +986,10 @@ kind: ConfigMap metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1152,10 +1176,10 @@ kind: ConfigMap metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1261,13 +1285,98 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +data: + config.yaml: | + admin: + clientId: '' + clientSecretLocation: /etc/secrets/union/client_secret + endpoint: flyteadmin.union.svc.cluster.local:81 + insecure: true + authorizer: + authorizerClient: + forwardHeaders: + - authorization + - flyte-authorization + - x-user-token + grpcConfig: + host: dns:///authorizer.union.svc.cluster.local:80 + insecure: true + type: Authorizer + useExternalIdentity: 'false' + cache: + identity: + enabled: true + connection: + environment: staging + region: us-east-2 + rootTenantURLPattern: dns:///fake-host.domain + identity: + app: + adminClient: + connection: + authorizationHeader: flyte-authorization + clientId: '' + clientSecretLocation: /etc/secrets/union/client_secret + insecure: true + scopes: + - all + tokenUrl: '' + identityProviderConfig: + provider: noop + logger: + formatter: + type: json + level: 6 + show-source: true + otel: + type: noop + sharedService: + connectPort: 8081 + security: + singleTenantOrgID: 'test-org' + selfServeConfig: + legacyHosts: + - 'test-org' + union: + auth: + authorizationMetadataKey: flyte-authorization + clientId: '' + clientSecretLocation: /etc/secrets/union/client_secret + enable: true + scopes: + - 'all' + tokenUrl: '' + type: ClientSecret + connection: + insecure: false + insecureSkipVerify: true + trustedIdentityClaims: + enabled: true + externalIdentityClaim: "" + externalIdentityTypeClaim: app + internalConnectionConfig: + enabled: true + urlPattern: _SERVICE_.union.svc.cluster.local:80 +--- +# Source: controlplane/templates/configmap.yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm data: config.yaml: | admin: @@ -1347,10 +1456,10 @@ kind: ConfigMap metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1430,10 +1539,10 @@ kind: ConfigMap metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1513,10 +1622,10 @@ kind: ConfigMap metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm data: config.yaml: | @@ -1699,6 +1808,24 @@ data: on (namespace, pod) group_left() max by (namespace, pod) (kube_pod_status_phase{namespace="{{.Namespace}}",pod=~"{{.PodName}}",phase=~"Pending|Running"} == 1)) workers: 10 --- +# Source: controlplane/templates/flyteadmin-private-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: flyte-admin-private-config + namespace: union + labels: + app.kubernetes.io/name: flyteadmin + app.kubernetes.io/instance: release-name + helm.sh/chart: controlplane-2026.4.10 + #app.kubernetes.io/managed-by: Helm +data: + private.yaml: | + app: + cacheProviderConfig: + kind: bypass + populateUserFields: false +--- # Source: controlplane/templates/monitoring/dashboard-configmap.yaml apiVersion: v1 kind: ConfigMap @@ -6362,10 +6489,10 @@ kind: Role metadata: name: release-name-union-authz-secrets-manager labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union-authz app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: [""] @@ -6381,7 +6508,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -6432,10 +6559,10 @@ kind: RoleBinding metadata: name: release-name-union-authz-secrets-manager labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union-authz app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -6455,7 +6582,7 @@ metadata: labels: app.kubernetes.io/name: flyteadmin app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 #app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -6611,10 +6738,10 @@ kind: Service metadata: name: release-name-union-authz labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union-authz app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6637,7 +6764,7 @@ metadata: platform.union.ai/prometheus-group: "union-services" app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6664,10 +6791,10 @@ metadata: name: unionconsole labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6692,10 +6819,10 @@ metadata: name: authorizer labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6731,10 +6858,10 @@ metadata: name: cluster labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6770,10 +6897,10 @@ metadata: name: dataproxy labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6805,10 +6932,10 @@ metadata: name: executions labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6837,14 +6964,49 @@ spec: apiVersion: v1 kind: Service metadata: - name: organizations + name: identity labels: platform.union.ai/prometheus-group: "union-services" helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: grpc + port: 80 + protocol: TCP + targetPort: connect + - name: grpc-native + port: 8080 + protocol: TCP + targetPort: grpc + - name: http + port: 81 + protocol: TCP + targetPort: http + - name: debug + port: 82 + protocol: TCP + targetPort: debug + selector: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name +--- +# Source: controlplane/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: organizations + labels: + platform.union.ai/prometheus-group: "union-services" + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: @@ -6879,10 +7041,10 @@ metadata: name: queue labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6914,10 +7076,10 @@ metadata: name: run-scheduler labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -6949,10 +7111,10 @@ metadata: name: usage labels: platform.union.ai/prometheus-group: "union-services" - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -7024,7 +7186,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - run image: "registry.unionai.cloud/controlplane/services:" @@ -7042,7 +7204,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - migrate - seed-projects - union-health-monitoring @@ -7065,7 +7227,7 @@ spec: command: ["/bin/sh", "-c"] args: [ - "flyteadmin --config=/etc/flyte/config/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", + "flyteadmin --config=/etc/flyte/*/*.yaml secrets init --localPath /etc/scratch/secrets && flyteadmin --config=/etc/flyte/config/*.yaml secrets create --name flyte-admin-secrets --fromPath /etc/scratch/secrets", ] securityContext: allowPrivilegeEscalation: false @@ -7085,7 +7247,7 @@ spec: - command: - flyteadmin - --config - - /etc/flyte/config/*.yaml + - /etc/flyte/*/*.yaml - serve image: "registry.unionai.cloud/controlplane/services:" imagePullPolicy: "IfNotPresent" @@ -7137,6 +7299,9 @@ spec: - mountPath: /etc/secrets/union name: union-secrets readOnly: true + - mountPath: /etc/flyte/private + name: private-config + readOnly: true serviceAccountName: flyteadmin volumes: - name: union-controlplane-secrets @@ -7164,6 +7329,9 @@ spec: - name: union-secrets secret: secretName: '' + - configMap: + name: flyte-admin-private-config + name: private-config --- # Source: controlplane/charts/flyte/templates/console/deployment.yaml apiVersion: apps/v1 @@ -7487,10 +7655,10 @@ kind: Deployment metadata: name: release-name-union-authz labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union-authz app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: strategy: @@ -7505,7 +7673,7 @@ spec: template: metadata: annotations: - checksum/config: a22577a49f800c296079f27de14da841749fc9adaf3af25901975e54be316256 + checksum/config: 81136d7cabe24144fdf856d1234d7b3fa271fd5b3a3445e974cc60de61d70011 linkerd.io/inject: disabled prometheus.io/path: /metrics prometheus.io/port: "10254" @@ -7531,7 +7699,7 @@ spec: drop: - ALL readOnlyRootFilesystem: true - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent command: - userclouds-lite @@ -7606,7 +7774,7 @@ metadata: labels: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -7617,7 +7785,7 @@ spec: template: metadata: annotations: - configChecksum: "4677750f0f40268ea4d335806a712af38ff49c94cf3ca944d8faa7d3816249b" + configChecksum: "70052c4e86279f1f1bdc2ca7114622e188149761d5f03576e790db96bd07ed3" linkerd.io/inject: disabled prometheus.io/path: /metrics prometheus.io/port: "10254" @@ -7626,7 +7794,7 @@ spec: app.kubernetes.io/name: cacheservice app.kubernetes.io/instance: release-name - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/managed-by: Helm spec: securityContext: @@ -7718,10 +7886,10 @@ kind: Deployment metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: strategy: @@ -7761,7 +7929,7 @@ spec: capabilities: drop: - ALL - image: "registry.unionai.cloud/controlplane/unionconsole:2026.4.10" + image: "registry.unionai.cloud/controlplane/unionconsole:2026.5.0" imagePullPolicy: IfNotPresent ports: - name: http @@ -7788,10 +7956,10 @@ kind: Deployment metadata: name: authorizer labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: authorizer app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7829,7 +7997,7 @@ spec: name: authorizer containers: - name: authorizer - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - authorizer @@ -7903,10 +8071,10 @@ kind: Deployment metadata: name: cluster labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: cluster app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -7944,7 +8112,7 @@ spec: name: cluster initContainers: - name: cluster-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -7960,7 +8128,7 @@ spec: mountPath: /etc/config/ containers: - name: cluster - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudcluster @@ -8034,10 +8202,10 @@ kind: Deployment metadata: name: dataproxy labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: dataproxy app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8075,7 +8243,7 @@ spec: name: dataproxy containers: - name: dataproxy - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - dataproxy @@ -8146,10 +8314,10 @@ kind: Deployment metadata: name: executions labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: executions app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8187,7 +8355,7 @@ spec: name: executions initContainers: - name: executions-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8203,7 +8371,7 @@ spec: mountPath: /etc/config/ containers: - name: executions - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8272,13 +8440,128 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: organizations + name: identity labels: helm.sh/chart: controlplane-2026.4.10 - app.kubernetes.io/name: organizations + app.kubernetes.io/name: identity app.kubernetes.io/instance: release-name app.kubernetes.io/version: "2026.4.10" app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: identity + linkerd.io/inject: disabled + prometheus.io/path: /metrics + prometheus.io/port: "10254" + labels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + spec: + imagePullSecrets: + - name: union-registry-secret + serviceAccountName: identity + volumes: + - name: secrets + secret: + secretName: + - name: db-pass + secret: + secretName: + - name: config + configMap: + name: identity + containers: + - name: identity + image: registry.unionai.cloud/controlplane/services:2026.4.10 + imagePullPolicy: IfNotPresent + args: + - cloudidentity + - serve + - --config + - /etc/config/*.yaml + ports: + - name: grpc + containerPort: 8080 + protocol: TCP + - name: http + containerPort: 8089 + protocol: TCP + - name: debug + containerPort: 10254 + protocol: TCP + - name: connect + containerPort: 8081 + protocol: TCP + volumeMounts: + - name: db-pass + mountPath: /etc/db + - name: secrets + mountPath: /etc/secrets/union + - name: config + mountPath: /etc/config/ + env: + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.cpu + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 250Mi + livenessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /healthcheck + port: debug + initialDelaySeconds: 3 + periodSeconds: 3 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: identity + app.kubernetes.io/instance: release-name + topologyKey: "kubernetes.io/hostname" +--- +# Source: controlplane/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: organizations + labels: + helm.sh/chart: controlplane-2026.5.0 + app.kubernetes.io/name: organizations + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "2026.5.0" + app.kubernetes.io/managed-by: Helm spec: selector: matchLabels: @@ -8315,7 +8598,7 @@ spec: name: organizations initContainers: - name: organizations-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8331,7 +8614,7 @@ spec: mountPath: /etc/config/ containers: - name: organizations - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudorganizations @@ -8405,10 +8688,10 @@ kind: Deployment metadata: name: queue labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: queue app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8447,7 +8730,7 @@ spec: name: queue initContainers: - name: queue-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8463,7 +8746,7 @@ spec: mountPath: /etc/config/ containers: - name: queue - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - queue @@ -8534,10 +8817,10 @@ kind: Deployment metadata: name: run-scheduler labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: run-scheduler app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8575,7 +8858,7 @@ spec: name: run-scheduler initContainers: - name: run-scheduler-migrate - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8591,7 +8874,7 @@ spec: mountPath: /etc/config/ containers: - name: run-scheduler - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - cloudpropeller @@ -8663,10 +8946,10 @@ kind: Deployment metadata: name: usage labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: usage app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: selector: @@ -8704,7 +8987,7 @@ spec: name: usage containers: - name: usage - image: registry.unionai.cloud/controlplane/services:2026.4.10 + image: registry.unionai.cloud/controlplane/services:2026.5.0 imagePullPolicy: IfNotPresent args: - usage @@ -8805,10 +9088,10 @@ kind: HorizontalPodAutoscaler metadata: name: release-name-union-authz labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: union-authz app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: scaleTargetRef: @@ -8831,10 +9114,10 @@ kind: HorizontalPodAutoscaler metadata: name: unionconsole labels: - helm.sh/chart: controlplane-2026.4.10 + helm.sh/chart: controlplane-2026.5.0 app.kubernetes.io/name: unionconsole app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm spec: scaleTargetRef: @@ -8965,6 +9248,32 @@ spec: # Source: controlplane/templates/hpa.yaml apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler +metadata: + name: identity +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: identity + minReplicas: 1 + maxReplicas: 1 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 +--- +# Source: controlplane/templates/hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler metadata: name: organizations spec: @@ -10213,20 +10522,6 @@ spec: name: executions port: name: grpc - - path: /cloudidl.workflow.TranslatorService - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - - path: /cloudidl.workflow.TranslatorService/* - pathType: ImplementationSpecific - backend: - service: - name: executions - port: - name: grpc - path: /cloudidl.workflow.TaskService pathType: ImplementationSpecific backend: @@ -10302,14 +10597,14 @@ spec: pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.workflow.TranslatorService/* pathType: ImplementationSpecific backend: service: - name: executions + name: dataproxy port: name: grpc - path: /flyteidl2.task.TaskService @@ -11357,6 +11652,9 @@ webhooks: # Source: controlplane/templates/secret.yaml --- --- +# Source: controlplane/templates/secret.yaml +--- +--- # Source: controlplane/charts/scylla-operator/templates/certificate.yaml apiVersion: cert-manager.io/v1 kind: Certificate diff --git a/tests/generated/dataplane.additional-podlabels.yaml b/tests/generated/dataplane.additional-podlabels.yaml index 2b29aebe..97ef6df9 100644 --- a/tests/generated/dataplane.additional-podlabels.yaml +++ b/tests/generated/dataplane.additional-podlabels.yaml @@ -10219,7 +10219,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10319,7 +10319,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10427,7 +10427,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10495,7 +10495,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10562,7 +10562,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10672,7 +10672,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -10988,10 +10988,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11038,10 +11038,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.additional-templates.yaml b/tests/generated/dataplane.additional-templates.yaml index 4bcf822e..4a171484 100644 --- a/tests/generated/dataplane.additional-templates.yaml +++ b/tests/generated/dataplane.additional-templates.yaml @@ -10249,7 +10249,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10347,7 +10347,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10453,7 +10453,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10521,7 +10521,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10586,7 +10586,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10694,7 +10694,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11010,10 +11010,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11060,10 +11060,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.aws.eks-automode.yaml b/tests/generated/dataplane.aws.eks-automode.yaml index b7b0ac8d..93f88173 100644 --- a/tests/generated/dataplane.aws.eks-automode.yaml +++ b/tests/generated/dataplane.aws.eks-automode.yaml @@ -10750,7 +10750,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10848,7 +10848,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10954,7 +10954,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -11022,7 +11022,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -11087,7 +11087,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -11195,7 +11195,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11598,10 +11598,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11648,10 +11648,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.aws.with-ingress.yaml b/tests/generated/dataplane.aws.with-ingress.yaml index 77bb8a6b..c75da5b1 100644 --- a/tests/generated/dataplane.aws.with-ingress.yaml +++ b/tests/generated/dataplane.aws.with-ingress.yaml @@ -10218,7 +10218,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10316,7 +10316,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10422,7 +10422,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10490,7 +10490,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10555,7 +10555,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10663,7 +10663,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11099,10 +11099,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11149,10 +11149,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.aws.yaml b/tests/generated/dataplane.aws.yaml index 6bc527d9..32df67c2 100644 --- a/tests/generated/dataplane.aws.yaml +++ b/tests/generated/dataplane.aws.yaml @@ -10677,7 +10677,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10775,7 +10775,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10881,7 +10881,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10949,7 +10949,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -11014,7 +11014,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -11122,7 +11122,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11468,10 +11468,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11518,10 +11518,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.azure-custom-storage-prefix.yaml b/tests/generated/dataplane.azure-custom-storage-prefix.yaml index de2af4a6..ff138333 100644 --- a/tests/generated/dataplane.azure-custom-storage-prefix.yaml +++ b/tests/generated/dataplane.azure-custom-storage-prefix.yaml @@ -10286,7 +10286,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10385,7 +10385,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10492,7 +10492,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10560,7 +10560,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10626,7 +10626,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10735,7 +10735,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11051,10 +11051,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11101,10 +11101,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.azure.yaml b/tests/generated/dataplane.azure.yaml index 5b5264be..91e64d3b 100644 --- a/tests/generated/dataplane.azure.yaml +++ b/tests/generated/dataplane.azure.yaml @@ -10286,7 +10286,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10385,7 +10385,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10492,7 +10492,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10560,7 +10560,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10626,7 +10626,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10735,7 +10735,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11051,10 +11051,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11101,10 +11101,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.cost.yaml b/tests/generated/dataplane.cost.yaml index 28b76bf6..7b048450 100644 --- a/tests/generated/dataplane.cost.yaml +++ b/tests/generated/dataplane.cost.yaml @@ -10235,7 +10235,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10333,7 +10333,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10439,7 +10439,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10507,7 +10507,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10572,7 +10572,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10680,7 +10680,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -10996,10 +10996,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11046,10 +11046,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.dcgm-exporter.yaml b/tests/generated/dataplane.dcgm-exporter.yaml index 9a5f8436..9d069ee9 100644 --- a/tests/generated/dataplane.dcgm-exporter.yaml +++ b/tests/generated/dataplane.dcgm-exporter.yaml @@ -10560,7 +10560,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10658,7 +10658,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10764,7 +10764,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10832,7 +10832,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10897,7 +10897,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -11005,7 +11005,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11351,10 +11351,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11401,10 +11401,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.fully-selfhosted.yaml b/tests/generated/dataplane.fully-selfhosted.yaml index 0a2e32ef..c86946ef 100644 --- a/tests/generated/dataplane.fully-selfhosted.yaml +++ b/tests/generated/dataplane.fully-selfhosted.yaml @@ -10234,7 +10234,7 @@ spec: name: leaseworker containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10322,7 +10322,7 @@ spec: name: executor containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10421,7 +10421,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10523,7 +10523,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10629,7 +10629,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11068,10 +11068,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11118,10 +11118,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.gcp.yaml b/tests/generated/dataplane.gcp.yaml index 4cb31e3f..6242522c 100644 --- a/tests/generated/dataplane.gcp.yaml +++ b/tests/generated/dataplane.gcp.yaml @@ -10233,7 +10233,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10331,7 +10331,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10437,7 +10437,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10505,7 +10505,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10570,7 +10570,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10678,7 +10678,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -10994,10 +10994,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11044,10 +11044,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.low-priv.yaml b/tests/generated/dataplane.low-priv.yaml index 27ee6c9d..4d076537 100644 --- a/tests/generated/dataplane.low-priv.yaml +++ b/tests/generated/dataplane.low-priv.yaml @@ -10257,7 +10257,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10355,7 +10355,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10461,7 +10461,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10529,7 +10529,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10594,7 +10594,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10702,7 +10702,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11018,10 +11018,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11068,10 +11068,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.monitoring.yaml b/tests/generated/dataplane.monitoring.yaml index c914cd2c..bdf637d2 100644 --- a/tests/generated/dataplane.monitoring.yaml +++ b/tests/generated/dataplane.monitoring.yaml @@ -12342,7 +12342,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -12440,7 +12440,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -12546,7 +12546,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -12614,7 +12614,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -12679,7 +12679,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -12787,7 +12787,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -17557,10 +17557,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -17607,10 +17607,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.nodeobserver.yaml b/tests/generated/dataplane.nodeobserver.yaml index f2cfd498..bde74e27 100644 --- a/tests/generated/dataplane.nodeobserver.yaml +++ b/tests/generated/dataplane.nodeobserver.yaml @@ -9684,7 +9684,7 @@ spec: privileged: true runAsNonRoot: false runAsUser: 0 - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10380,7 +10380,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10478,7 +10478,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10584,7 +10584,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10652,7 +10652,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10717,7 +10717,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10825,7 +10825,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11141,10 +11141,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11191,10 +11191,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: diff --git a/tests/generated/dataplane.oci.yaml b/tests/generated/dataplane.oci.yaml index 6e24bebc..4be50616 100644 --- a/tests/generated/dataplane.oci.yaml +++ b/tests/generated/dataplane.oci.yaml @@ -10278,7 +10278,7 @@ spec: secretName: union-secret-auth containers: - name: leaseworker - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - leaseworker @@ -10390,7 +10390,7 @@ spec: secretName: union-secret-auth containers: - name: executor - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent command: - executorv2 @@ -10510,7 +10510,7 @@ spec: - name: operator-proxy securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10584,7 +10584,7 @@ spec: - name: "tunnel" securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent args: - cloudflared @@ -10657,7 +10657,7 @@ spec: - name: operator securityContext: {} - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: IfNotPresent terminationMessagePolicy: FallbackToLogsOnError resources: @@ -10779,7 +10779,7 @@ spec: serviceAccountName: union-system containers: - name: webhook - image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.4.10" + image: "public.ecr.aws/p0i0a9q8/unionoperator:2026.5.0" imagePullPolicy: "IfNotPresent" command: - flytepropeller @@ -11109,10 +11109,10 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: serving spec: @@ -11159,10 +11159,10 @@ spec: workloads: - name: 3scale-kourier-gateway labels: - helm.sh/chart: dataplane-2026.4.10 + helm.sh/chart: dataplane-2026.5.0 app.kubernetes.io/name: release-name-dataplane app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "2026.4.10" + app.kubernetes.io/version: "2026.5.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: 3scale-kourier-gateway affinity: