Add namespace mapping configuration docs#816
Merged
mhotan merged 2 commits intomike/self-onboarding-doc-updatesfrom Mar 4, 2026
Merged
Add namespace mapping configuration docs#816mhotan merged 2 commits intomike/self-onboarding-doc-updatesfrom
mhotan merged 2 commits intomike/self-onboarding-doc-updatesfrom
Conversation
Documents the namespace_mapping Helm value for customizing how project-domain pairs map to Kubernetes namespaces. Covers dataplane configuration, self-hosted control plane requirements (V1 only), template syntax, and the cascade to downstream services. Co-Authored-By: Claude Opus 4.6 <[email protected]>
mhotan
requested review from
EngHabu,
cosmicBboy,
jpvotta,
kumare3,
ppiegaze and
samhita-alla
as code owners
Deploying docs with
|
| Latest commit: |
6c19a5b
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://0d259d72.docs-dog.pages.dev |
| Branch Preview URL: | https://mike-selfmanaged-namespace-m.docs-dog.pages.dev |
- Fix double nesting: namespace_config.namespace_config → namespace_config - Clarify V2 does not need CP namespace_mapping (resolves on DP) - Add note that V2 namespace resolution happens on data plane Co-Authored-By: Claude Opus 4.6 <[email protected]>
| > [!NOTE] | ||
| > The template uses Helm's backtick escaping for Go template delimiters. In your values file, wrap `{{ project }}` and `{{ domain }}` with backtick-escaped `{{` and `}}` delimiters as shown above. | ||
|
|
||
| {{< variant selfmanaged >}} |
Contributor
There was a problem hiding this comment.
do we need a "selfhosted" variant?
cc @ppiegaze
Contributor
Author
There was a problem hiding this comment.
Asking the same question here: #762 (comment)
davidmirror-ops
approved these changes
Mar 4, 2026
Contributor
Author
|
Going to merge now and we can have Peeter just review the parent PR. |
ppiegaze
added a commit
that referenced
this pull request
Mar 13, 2026
…nup (#762) * Add selfmanaged/selfhosted Notion guide reference to CLAUDE.md Points Claude Code sessions to the canonical Notion doc for selfmanaged and selfhosted project context. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Rename byok-* to selfmanaged-* and update cross-references Rename all data plane setup documentation files from the outdated "byok" (Bring Your Own Kubernetes) naming to "selfmanaged" to align with the Hugo variant system naming convention. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add self-hosted deployment guides Create comprehensive documentation for self-hosted (intra-cluster) deployments where both control plane and data plane run in the same Kubernetes cluster. Includes: - Overview with architecture diagram and prerequisites - Control plane guides for AWS and GCP - Data plane guides for AWS and GCP - Authentication guide documenting all 5 OAuth apps required for self-hosted deployments, with comparison to self-managed where app provisioning is automated via uctl Migrated from helm-charts SELFHOSTED_INTRA_CLUSTER docs with Hugo shortcode conversion and shared authentication section. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add self-hosted deployment section to deployment index Add link card for the self-hosted deployment guides under the selfmanaged variant, giving users a clear entry point to the intra-cluster deployment documentation. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Update unionai-docs-infra submodule for redirect exclusion Points to mike/exclude-legacy-oci-redirect branch which excludes the legacy uppercase byok-data-plane-setup-on-OCI.md from the redirect check. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Shorten selfmanaged file names and update cross-references Rename selfmanaged-data-plane-setup-on-* to selfmanaged-* for cleaner URLs and reduced redundancy. Update internal cross-references in the generic and GCP guides. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Replace customer terminology with overrides and link values files to GitHub Rename example values file from selfhosted-customer to selfhosted-overrides across all selfhosted docs. Add GitHub links to repo-hosted values files (selfhosted-intracluster, registry) in prose references. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add deployment glossary Define key deployment terminology: self-managed vs self-hosted, control plane, data plane, intra-cluster, IRSA, Workload Identity. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add AWS-only support notices to selfhosted GCP docs Self-hosted intra-cluster deployment is officially supported on AWS only. Mark GCP guides as preview with notices linking to AWS guides, and add (Preview) labels to GCP link cards on the overview page. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add selfmanaged authentication configuration docs Adds comprehensive authentication documentation for the selfmanaged variant covering: - OIDC browser auth flow with sequence diagram - Okta configuration (automated via Terraform and manual) - Control plane Helm values (flyteadmin OIDC, service-to-service auth, trustedIdentityClaims, ingress auth annotations) - Secret delivery via External Secrets Operator - Dataplane auth (operator + eager mode) - SDK/CLI PKCE auth and CI/CD client credentials - Troubleshooting guide Co-Authored-By: Claude Opus 4.6 <[email protected]> * Remove internal Terraform module references from auth docs Abstract union_extension module specifics to generic IdP requirements. Replace Okta-specific references with provider-agnostic language. Add multiple secret delivery options (ESO + direct K8s secret). Co-Authored-By: Claude Opus 4.6 <[email protected]> * Update selfmanaged authentication docs for consistency - Consolidate OAuth apps from 5 to 3 (matching actual values files) - Add complete control plane config (flyteadmin OIDC, admin SDK client, scheduler secrets, service-to-service auth, executions auth, ingress) - Add complete dataplane config (CRS, operator, propeller, secrets, executor) - Add comprehensive secret delivery table with all K8s secrets - Remove disableForGrpc configuration - Remove Okta-specific references, use generic OIDC/OAuth2 language - Fix incorrect service terminology (no "monolith" in selfhosted) Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add namespace mapping configuration docs (#816) * Add namespace mapping configuration docs Documents the namespace_mapping Helm value for customizing how project-domain pairs map to Kubernetes namespaces. Covers dataplane configuration, self-hosted control plane requirements (V1 only), template syntax, and the cascade to downstream services. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Fix namespace mapping docs: correct nesting, V1-only CP config - Fix double nesting: namespace_config.namespace_config → namespace_config - Clarify V2 does not need CP namespace_mapping (resolves on DP) - Add note that V2 namespace resolution happens on data plane Co-Authored-By: Claude Opus 4.6 <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]> * Fix absolute URL in dataplane helm chart reference Replace absolute https://www.union.ai/docs URL with relative link to fix Cloudflare build pre-check failure. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Updates to authentication and namespace mapping docs * update * update submodule pointers to latest main - unionai-docs-infra: 6673d5e (pydantic models: show actual fields) - unionai-examples: 12005fd (update-jsonl with missing fragments) Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * remove self-hosted content from this PR Self-hosted deployment guides, glossary, and link card moved to peeter/selfhosted-docs branch to hold for product announcement. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * restore selfmanaged/selfhosted Notion link in CLAUDE.md Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * remove self-hosted section from namespace-mapping docs Moved to peeter/selfhosted-docs branch with selfhosted variant tag. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * update infra submodule to include byok→selfmanaged redirects Points to unionai-docs-infra#43 (2f329df). Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * update infra submodule for case-insensitive redirect check Points to unionai-docs-infra#44. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Peeter Piegaze <[email protected]>
ppiegaze
added a commit
that referenced
this pull request
Mar 13, 2026
* Add selfmanaged/selfhosted Notion guide reference to CLAUDE.md Points Claude Code sessions to the canonical Notion doc for selfmanaged and selfhosted project context. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Rename byok-* to selfmanaged-* and update cross-references Rename all data plane setup documentation files from the outdated "byok" (Bring Your Own Kubernetes) naming to "selfmanaged" to align with the Hugo variant system naming convention. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add self-hosted deployment guides Create comprehensive documentation for self-hosted (intra-cluster) deployments where both control plane and data plane run in the same Kubernetes cluster. Includes: - Overview with architecture diagram and prerequisites - Control plane guides for AWS and GCP - Data plane guides for AWS and GCP - Authentication guide documenting all 5 OAuth apps required for self-hosted deployments, with comparison to self-managed where app provisioning is automated via uctl Migrated from helm-charts SELFHOSTED_INTRA_CLUSTER docs with Hugo shortcode conversion and shared authentication section. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add self-hosted deployment section to deployment index Add link card for the self-hosted deployment guides under the selfmanaged variant, giving users a clear entry point to the intra-cluster deployment documentation. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Update unionai-docs-infra submodule for redirect exclusion Points to mike/exclude-legacy-oci-redirect branch which excludes the legacy uppercase byok-data-plane-setup-on-OCI.md from the redirect check. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Shorten selfmanaged file names and update cross-references Rename selfmanaged-data-plane-setup-on-* to selfmanaged-* for cleaner URLs and reduced redundancy. Update internal cross-references in the generic and GCP guides. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Replace customer terminology with overrides and link values files to GitHub Rename example values file from selfhosted-customer to selfhosted-overrides across all selfhosted docs. Add GitHub links to repo-hosted values files (selfhosted-intracluster, registry) in prose references. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add deployment glossary Define key deployment terminology: self-managed vs self-hosted, control plane, data plane, intra-cluster, IRSA, Workload Identity. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add AWS-only support notices to selfhosted GCP docs Self-hosted intra-cluster deployment is officially supported on AWS only. Mark GCP guides as preview with notices linking to AWS guides, and add (Preview) labels to GCP link cards on the overview page. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add selfmanaged authentication configuration docs Adds comprehensive authentication documentation for the selfmanaged variant covering: - OIDC browser auth flow with sequence diagram - Okta configuration (automated via Terraform and manual) - Control plane Helm values (flyteadmin OIDC, service-to-service auth, trustedIdentityClaims, ingress auth annotations) - Secret delivery via External Secrets Operator - Dataplane auth (operator + eager mode) - SDK/CLI PKCE auth and CI/CD client credentials - Troubleshooting guide Co-Authored-By: Claude Opus 4.6 <[email protected]> * Remove internal Terraform module references from auth docs Abstract union_extension module specifics to generic IdP requirements. Replace Okta-specific references with provider-agnostic language. Add multiple secret delivery options (ESO + direct K8s secret). Co-Authored-By: Claude Opus 4.6 <[email protected]> * Update selfmanaged authentication docs for consistency - Consolidate OAuth apps from 5 to 3 (matching actual values files) - Add complete control plane config (flyteadmin OIDC, admin SDK client, scheduler secrets, service-to-service auth, executions auth, ingress) - Add complete dataplane config (CRS, operator, propeller, secrets, executor) - Add comprehensive secret delivery table with all K8s secrets - Remove disableForGrpc configuration - Remove Okta-specific references, use generic OIDC/OAuth2 language - Fix incorrect service terminology (no "monolith" in selfhosted) Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add namespace mapping configuration docs (#816) * Add namespace mapping configuration docs Documents the namespace_mapping Helm value for customizing how project-domain pairs map to Kubernetes namespaces. Covers dataplane configuration, self-hosted control plane requirements (V1 only), template syntax, and the cascade to downstream services. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Fix namespace mapping docs: correct nesting, V1-only CP config - Fix double nesting: namespace_config.namespace_config → namespace_config - Clarify V2 does not need CP namespace_mapping (resolves on DP) - Add note that V2 namespace resolution happens on data plane Co-Authored-By: Claude Opus 4.6 <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]> * Fix absolute URL in dataplane helm chart reference Replace absolute https://www.union.ai/docs URL with relative link to fix Cloudflare build pre-check failure. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Add monitoring configuration docs for selfmanaged deployments Documents the data plane monitoring architecture: - Static Prometheus for Union features (scrape targets, configuration) - Optional kube-prometheus-stack for cluster health monitoring - Prometheus Operator CRD installation via dataplane-crds chart - Integrating with existing Prometheus (static configs and ServiceMonitors) - Exporting metrics with remote write (AMP example) - Links to Prometheus official documentation Co-Authored-By: Claude Opus 4.6 <[email protected]> * Clarify that Prometheus Operator CRDs are optional Static scrape configs are an alternative to CRD-based discovery. Co-Authored-By: Claude Opus 4.6 <[email protected]> * De-emphasize BYO Prometheus, remove remote write for features instance - Clarify Union features Prometheus is a platform dependency, not to be replaced or reconfigured - Remove remote write section for the static Prometheus instance - Move remote write guidance to the monitoring stack section where kube-prometheus-stack natively supports it - Rename and shorten BYO Prometheus section to "Scraping Union services from your own Prometheus" with note that it's for additional operational visibility only - Remove remote_write from architecture diagram - Simplify BYO scrape config to use endpoints SD instead of per-service jobs Co-Authored-By: Claude Opus 4.6 <[email protected]> * remove self-hosted content from this PR Self-hosted deployment guides, glossary, link card, and namespace-mapping self-hosted section moved to peeter/selfhosted-docs branch to hold for product announcement. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Peeter Piegaze <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
namespace_mappingHelm value for customizing how project-domain pairs map to Kubernetes namespacesnamespace_config.namespace_config→namespace_config)Related: helm-charts #226 (consolidate namespace_mapping into single canonical Helm value)
Test plan
make devrenders the namespace-mapping page correctly for the selfmanaged variant🤖 Generated with Claude Code