forked from flyteorg/flyte
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
378 lines (368 loc) · 14.3 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
# nameOverride String to override flyte-binary.name template
nameOverride: ""
# fullnameOverride String to override flyte-binary.fullname template
fullnameOverride: ""
# commonLabels Add labels to all the deployed resources
commonLabels:
azure.workload.identity/use: "true"
# commonAnnotations Add annotations to all the deployed resources
commonAnnotations:
azure.workload.identity/client-id: "a1a56a4e-9f89-479e-994a-e9221ba18866"
azure.workload.identity/tenant-id: "a84894e7-87c5-40e3-9783-320d0334b3cc"
# flyte-core-components: Configuration of flyte's core components
flyte-core-components:
# admin Configuration to disable FlyteAdmin or any of its components
admin:
# disabled Disable flyteadmin
disabled: false
# disableScheduler Disable native scheduler
disableScheduler: false
# disableClusterResourceManager disables Cluster resource manager
disableClusterResourceManager: false
# seedProjects flyte projects to create by default
seedProjects: {}
# propeller Configuration to disable propeller or any of its components
propeller:
# disabled Disables flytepropeller
disabled: false
# disabledWebhook Disables webhook only
disableWebhook: false
create-flyteworkflow-crd: true
# dataCatalog Configuration to disable DataCatalog
dataCatalog:
# disabled Disables datacatalog
disabled: false
# configuration Specify configuration for Flyte
configuration:
# database Specify configuration for Flyte's database connection
database:
host: flyte-dev-hzec19kf.postgres.database.azure.com
username: LocalAdmin
passwordPath: /external-secrets/postgres-pw
dbname: flyteaz
options: sslmode=verify-full
port: 5432
# storage Specify configuration for object store
storage:
userDataContainer: myflytetest
metadataContainer: myflytetest
bucketName: pjbedy8f
provider: azure
providerConfig:
azure:
type: stow
account: pjbedy8f
# logging Specify configuration for logs emitted by Flyte
logging:
# level Set the log level
level: 5
# plugins Specify additional logging plugins
plugins:
# kubernetes Configure logging plugin to have logs visible in the Kubernetes Dashboard
kubernetes:
enabled: false
templateUri: ""
# cloudwatch Configure logging plugin to have logs visible in CloudWatch
cloudwatch:
enabled: false
templateUri: ""
# stackdriver Configure logging plugin to have logs visible in StackDriver
stackdriver:
enabled: false
templateUri: ""
custom: []
# auth Specify configuration for Flyte authentication
auth:
# enabled Enable Flyte authentication
enabled: false
# enableAuthServer Enable built-in authentication server
enableAuthServer: true
# oidc OIDC configuration for Flyte authentication
oidc:
# baseUrl URL for OIDC provider
baseUrl: ""
# clientId Flyte application client ID
clientId: ""
# clientSecret Flyte application client secret
clientSecret: ""
# internal Configuration for internal authentication
# The settings for internal still need to be defined if you wish to use an external auth server
# These credentials are used during communication between the FlyteAdmin and Propeller microservices
internal:
# clientId Client ID for internal authentication - set to flytepropeller or external auth server
clientId: flytepropeller
# clientSecret Client secret for internal authentication
clientSecret: ""
# clientSecretHash Bcrypt hash of clientSecret
clientSecretHash: ""
# Uncomment next line if needed - set this field if your external Auth server (ex. Auth0) requires an audience parameter
# audience: ""
# flyteClient Configuration for Flyte client authentication
flyteClient:
# clientId Client ID for Flyte client authentication
clientId: flytectl
# redirectUri Redirect URI for Flyte client authentication
redirectUri: http://localhost:53593/callback
# scopes Scopes for Flyte client authentication
scopes:
- all
# audience Audience for Flyte client authentication
audience: ""
# authorizedUris Set of URIs that clients are allowed to visit the service on
authorizedUris: []
# clientSecretExternalSecretRef Specify an existing, external Secret containing values for `client_secret` and `oidc_client_secret`.
# If set, a Secret will not be generated by this chart for client secrets.
clientSecretsExternalSecretRef: ""
# co-pilot Configuration for Flyte CoPilot
co-pilot:
# image Configure image to use for CoPilot sidecar
image:
# repository CoPilot sidecar image repository
repository: cr.flyte.org/flyteorg/flytecopilot # FLYTECOPILOT_IMAGE
# tag CoPilot sidecar image tag
tag: v1.9.4 # FLYTECOPILOT_TAG
# agentService Flyte Agent configuration
agentService:
defaultAgent:
endpoint: "dns:///flyteagent.flyte.svc.cluster.local:8000"
insecure: true
timeouts:
GetTask: 10s
defaultTimeout: 10s
# Uncomment and modify to include configuration for Flyte Agent
supportedTaskTypes:
- default_task
# externalConfigMap Specify an existing, external ConfigMap to use as configuration for Flyte
# If set, no Flyte configuration will be generated by this chart
externalConfigMap: ""
# externalSecretRef Specify an existing, external Secret to use as configuration for Flyte
# If set, no Flyte configuration will be generated by this chart
externalSecretRef: ""
# inline Specify additional configuration or overrides for Flyte, to be merged with the base configuration
inline:
plugins:
k8s:
metadata:
namespace: flyte-az-development
inject-finalizer: true
default-pod-template-name: service-account-template
default-env-vars:
- FLYTE_AZURE_STORAGE_ACCOUNT_NAME: pjbedy8f
# inlineConfigMap Specify an existing ConfigMap containing additional configuration
# or overrides for Flyte, to be merged with the base configuration
inlineConfigMap: ""
# inlineSecretRef Specify an existing Secret containing additional configuration
# or overrides for Flyte, to be merged with the base configuration
inlineSecretRef: ""
# labels Add labels to created ConfigMap
labels: {}
# annotations Add annotations to created ConfigMap
annotations: {}
# clusterResourceTemplates Specify templates for Kubernetes resources that should be created for new Flyte projects
clusterResourceTemplates:
# externalConfigMap Specify an existing, external ConfigMap containing cluster resource templates to create for new projects
# If set, no ConfigMap will be generated by this chart
externalConfigMap: ""
# inline Specify additional cluster resource templates, to be merged with the base configuration
inline: {}
# inlineConfigMap Specify an existing ConfigMap containing additional cluster
# resource templates, to be merged with the base configuration
inlineConfigMap: ""
# labels Add labels to created ConfigMap
labels: {}
# annotations Add annotations to created ConfigMap
annotations: {}
# deployment Configure Flyte deployment specification
deployment:
# image Configure image to use for Flyte
image:
# repository Flyte image repository
repository: "iefdev.azurecr.io/flyte-binary-az-amd64"
tag: "newest"
# pullPolicy Flyte image pull policy
pullPolicy: IfNotPresent
# extraEnvVars Array with extra environment variables to add to Flyte
extraEnvVars: []
# extraEnvVarsConfigMap Name of existing ConfigMap containing extra env vars for Flyte
extraEnvVarsConfigMap: ""
# extraEnvVarsSecret Name of existing Secret containing extra env vars for Flyte
extraEnvVarsSecret: ""
# command Override default container command
command: []
# args Override default container args
args: []
# livenessProbe Override default container liveness probe
# See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
livenessProbe: {}
# readinessProbe Override default container readiness probe
readinessProbe: {}
# startupProbe Specify a startup probe for Flyte container
startupProbe: {}
# lifecycleHooks Specify hooks to run in Flyte container before or after startup
lifecycleHooks: {}
# resources Resource limits and requests for Flyte container
# Uncomment and update to specify resources for deployment
resources:
limits:
memory: 1Gi
cpu: 1
requests:
memory: 1Gi
cpu: 1
# podSecurityContext Specify security context for Flyte pod
# See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
podSecurityContext:
enabled: false
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
# waitForDB Configure init container to wait for DB during pod startup
# This is disabled when an external ConfigMap is used to specify Flyte configuration
waitForDB:
# image Configure image to use for wait-for-db init container
image:
# repository Init container image repository
repository: postgres
# tag Init container image tag
tag: 15-alpine
# pullPolicy Init container image pull policy
pullPolicy: IfNotPresent
# command Override default init container command
command: []
# args Override default init container args
args: []
# genAdminAuthSecret Configure init container to generate secrets for internal use
genAdminAuthSecret:
# command Override default init container command
command: []
# args Override default init container args
args: []
# labels Add labels to Flyte deployment
labels: {}
# annotations Add annotations to Flyte deployment
annotations: {}
# labels Add labels to Flyte pod
podLabels: {}
# annotations Add annotations to Flyte pod
podAnnotations: {}
# extraVolumeMounts Specify additional volumeMounts for Flyte container
extraVolumeMounts:
- name: external-secrets-volume
readOnly: true
mountPath: "/external-secrets/"
extraVolumes:
- name: external-secrets-volume
secret:
secretName: postgres-pw
# sidecars Specify additional containers for Flyte pod
sidecars: []
# initContainers Specify additional init containers for Flyte pod
initContainers: []
# extraPodSpec Specify additional configuration for Flyte pod
# This can be used for adding affinity, tolerations, hostNetwork, etc.
extraPodSpec: {}
# service Configure service for Flyte
service:
# type Kubernetes service type
type: ClusterIP
# ports Flyte service ports
# If not specified, defaults to corresponding container ports
ports:
http: ""
grpc: ""
# nodePorts Node ports for Flyte service if service type is `NodePort` or `LoadBalancer`
nodePorts:
http: ""
grpc: ""
# clusterIP Set static IP if service type is `ClusterIP`
clusterIP: ""
# labels Add labels to Flyte services
labels: {}
# commonAnnotations Add annotations to Flyte services
commonAnnotations: {}
# httpAnnotations Add annotations to http service resource
httpAnnotations: {}
# grpcAnnotations Add annotations to grpc service resource
grpcAnnotations: {}
# loadBalancerIP Set static IP if service type is `LoadBalancer`
loadBalancerIP: ""
# externalTrafficPolicy Enable client source IP preservation if service type is `NodePort` or `LoadBalancer`
# See: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: Cluster
# loadBalancerSourceRanges Addresses that are allowed when service is `LoadBalancer`
loadBalancerSourceRanges: []
# extraPorts Additional ports to add to Flyte service
extraPorts: []
# ingress Configure ingress for Flyte
ingress:
# create Create ingress resources
create: false
# labels Add labels to ingress resources
labels: {}
# host Hostname to bind to ingress resources
host: ""
# commonAnnotations Add common annotations to all ingress resources
commonAnnotations: {}
# httpAnnotations Add annotations to http ingress resource
httpAnnotations: {}
# grpcAnnotations Add annotations to grpc ingress resource
grpcAnnotations: {}
# ingressClassName Ingress class to use with all ingress resources
ingressClassName: ""
# httpIngressClassName Ingress class to use with all http ingress resource. Overrides `ingressClassName`
httpIngressClassName: ""
# grpcIngressClassName Ingress class to use with all grpc ingress resource. Overrides `ingressClassName`
grpcIngressClassName: ""
# tls Add TLS configuration to all ingress resources
tls: []
# httpTls Add TLS configuration to http ingress resource. Overrides `tls`
httpTls: []
# grpcTls Add TLS configuration to grpc ingress resource. Overrides `tls`
grpcTls: []
# httpExtraPaths Add extra paths to http ingress rule
httpExtraPaths:
prepend: []
append: []
# grpcExtraPaths Add extra paths to grpc ingress rule
grpcExtraPaths:
prepend: []
append: []
# rbac Configure Kubernetes RBAC for Flyte
rbac:
# create Create ClusterRole and ClusterRoleBinding resources
create: true
# labels Add labels to RBAC resources
labels: {}
# annotations Add annotations to RBAC resources
annotations: {}
# extraRules Add additional rules to the ClusterRole
extraRules: []
# serviceAccount Configure Flyte ServiceAccount
serviceAccount:
create: false
enabled: true
name: workload-identity-sa
labels:
"azure.workload.identity/use": "true"
# flyteagent Configure Flyte Agent objects
flyteagent:
# enable Flag to enable bundled Flyte Agent
enabled: false
enabled_plugins:
# -- Tasks specific configuration [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#GetConfig)
tasks:
# -- Plugins configuration, [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#TaskPluginConfig)
task-plugins:
# -- [Enabled Plugins](https://pkg.go.dev/github.com/lyft/flyteplugins/go/tasks/config#Config).
# Enable sagemaker*, athena if you install the backend plugins
enabled-plugins:
- container
- sidecar
- k8s-array
- agent-service
default-for-task-types:
container: container
sidecar: sidecar
container_array: k8s-array
# -- Uncomment to enable task type that uses Flyte Agent
# bigquery_query_job_task: agent-service