diff --git a/charts/flyte-demo/Chart.lock b/charts/flyte-demo/Chart.lock index 551f4c2f2f..8f722e7a48 100644 --- a/charts/flyte-demo/Chart.lock +++ b/charts/flyte-demo/Chart.lock @@ -5,6 +5,8 @@ dependencies: - name: flyte-binary repository: file://../flyte-binary version: v0.2.0 - -digest: sha256:bc1e2e37ac2f11f9bf547262643c9076d6c86af661b6ffdee77cc6756d687d6e -generated: "2026-04-14T10:42:50.772509+08:00" +- name: rustfs + repository: https://rustfs.github.io/helm + version: 0.0.94 +digest: sha256:9bdbd39953aa90c13d03384b1273125aa8e944fc1f1fccb7070f581d078a7db1 +generated: "2026-04-18T19:21:38.284835-05:00" diff --git a/charts/flyte-demo/Chart.yaml b/charts/flyte-demo/Chart.yaml index e0abd2dc7c..ed70b249da 100644 --- a/charts/flyte-demo/Chart.yaml +++ b/charts/flyte-demo/Chart.yaml @@ -32,3 +32,8 @@ dependencies: version: v0.2.0 repository: file://../flyte-binary condition: flyte-binary.enabled + - name: rustfs + alias: rustfsupstream + version: 0.0.94 + repository: https://rustfs.github.io/helm + condition: rustfs.enabled diff --git a/charts/flyte-demo/templates/_helpers.tpl b/charts/flyte-demo/templates/_helpers.tpl index ccc359bd18..e9a389b807 100644 --- a/charts/flyte-demo/templates/_helpers.tpl +++ b/charts/flyte-demo/templates/_helpers.tpl @@ -82,14 +82,6 @@ Name of PersistentVolume and PersistentVolumeClaim for PostgreSQL database {{- printf "%s-db-storage" .Release.Name -}} {{- end }} -{{/* -Name of PersistentVolume and PersistentVolumeClaim for RustFS -*/}} -{{- define "flyte-demo.persistence.rustfsVolumeName" -}} -{{- printf "%s-rustfs-storage" .Release.Name -}} -{{- end }} - - {{/* Selector labels for console */}} diff --git a/charts/flyte-demo/templates/storage/rustfs-bucket-init-job.yaml b/charts/flyte-demo/templates/storage/rustfs-bucket-init-job.yaml new file mode 100644 index 0000000000..472f4647ed --- /dev/null +++ b/charts/flyte-demo/templates/storage/rustfs-bucket-init-job.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.rustfs.enabled .Values.rustfs.bucketInit.enabled }} +{{- $accessKey := .Values.rustfsupstream.secret.rustfs.access_key }} +{{- $secretKey := .Values.rustfsupstream.secret.rustfs.secret_key }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-rustfs-bucket-init" .Release.Name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "flyte-demo.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "10" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 6 + template: + metadata: + labels: + {{- include "flyte-demo.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: rustfs-bucket-init + spec: + restartPolicy: OnFailure + containers: + - name: bucket-init + image: "{{ .Values.rustfs.bucketInit.image.repository }}:{{ .Values.rustfs.bucketInit.image.tag }}" + imagePullPolicy: {{ .Values.rustfs.bucketInit.image.pullPolicy }} + command: + - /bin/sh + - -ec + - | + until mc alias set local '{{ .Values.rustfs.bucketInit.endpoint }}' '{{ $accessKey }}' '{{ $secretKey }}'; do + echo "waiting for rustfs endpoint..." + sleep 2 + done + {{- range $bucket := .Values.rustfs.defaultBuckets }} + mc mb --ignore-existing local/{{ $bucket }} + {{- end }} +{{- end }} diff --git a/charts/flyte-demo/templates/storage/rustfs/deployment.yaml b/charts/flyte-demo/templates/storage/rustfs/deployment.yaml deleted file mode 100644 index c26127421c..0000000000 --- a/charts/flyte-demo/templates/storage/rustfs/deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-demo.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - initContainers: - - name: volume-permissions - image: busybox:latest - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - containers: - - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never - env: - - name: RUSTFS_ADDRESS - value: "0.0.0.0:9000" - - name: RUSTFS_VOLUMES - value: "/data" - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - name: rustfs - key: access-key - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - name: rustfs - key: secret-key - ports: - - containerPort: 9000 - name: rustfs-api - protocol: TCP - livenessProbe: - tcpSocket: - port: rustfs-api - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 5 - readinessProbe: - tcpSocket: - port: rustfs-api - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 5 - securityContext: - runAsUser: 10001 - runAsNonRoot: true - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 10001 - volumes: - - name: data - persistentVolumeClaim: - claimName: {{ include "flyte-demo.persistence.rustfsVolumeName" . }} -{{- end }} diff --git a/charts/flyte-demo/templates/storage/rustfs/pv.yaml b/charts/flyte-demo/templates/storage/rustfs/pv.yaml deleted file mode 100644 index 457205464e..0000000000 --- a/charts/flyte-demo/templates/storage/rustfs/pv.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "flyte-demo.persistence.rustfsVolumeName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-demo.labels" . | nindent 4 }} -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: "/var/lib/flyte/storage/rustfs" -{{- end }} diff --git a/charts/flyte-demo/templates/storage/rustfs/pvc.yaml b/charts/flyte-demo/templates/storage/rustfs/pvc.yaml deleted file mode 100644 index 9402c9a706..0000000000 --- a/charts/flyte-demo/templates/storage/rustfs/pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "flyte-demo.persistence.rustfsVolumeName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-demo.labels" . | nindent 4 }} -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - volumeName: {{ include "flyte-demo.persistence.rustfsVolumeName" . }} -{{- end }} diff --git a/charts/flyte-demo/templates/storage/rustfs/secret.yaml b/charts/flyte-demo/templates/storage/rustfs/secret.yaml deleted file mode 100644 index 0ad1952f7d..0000000000 --- a/charts/flyte-demo/templates/storage/rustfs/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-demo.labels" . | nindent 4 }} -type: Opaque -data: - access-key: {{ .Values.rustfs.accessKey | b64enc | quote }} - secret-key: {{ .Values.rustfs.secretKey | b64enc | quote }} -{{- end }} diff --git a/charts/flyte-demo/templates/storage/rustfs/service.yaml b/charts/flyte-demo/templates/storage/rustfs/service.yaml deleted file mode 100644 index bc64350f02..0000000000 --- a/charts/flyte-demo/templates/storage/rustfs/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-demo.labels" . | nindent 4 }} -spec: - type: NodePort - ports: - - name: rustfs-api - nodePort: 30002 - port: 9000 - targetPort: rustfs-api - selector: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/flyte-demo/values.yaml b/charts/flyte-demo/values.yaml index 3b66a4e24f..7d95eed936 100644 --- a/charts/flyte-demo/values.yaml +++ b/charts/flyte-demo/values.yaml @@ -27,7 +27,7 @@ flyte-binary: s3: disableSSL: true v2Signing: true - endpoint: http://rustfs.{{ .Release.Namespace }}:9000 + endpoint: http://rustfs-svc:9000 authType: accesskey accessKey: rustfs secretKey: rustfsstorage @@ -52,7 +52,7 @@ flyte-binary: plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs.{{ .Release.Namespace }}:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: 'flyte-binary-http.{{ .Release.Namespace }}:8090' @@ -111,8 +111,35 @@ flyte-binary: rustfs: enabled: true - accessKey: rustfs - secretKey: rustfsstorage + bucketInit: + enabled: true + endpoint: http://rustfs-svc:9000 + image: + repository: minio/mc + tag: latest + pullPolicy: IfNotPresent + defaultBuckets: + - flyte-data + +# Upstream RustFS chart configuration. +rustfsupstream: + fullnameOverride: rustfs + mode: + standalone: + enabled: true + distributed: + enabled: false + image: + repository: rustfs/rustfs + tag: sandbox + service: + type: NodePort + endpoint: + nodePort: 30002 + secret: + rustfs: + access_key: rustfs + secret_key: rustfsstorage postgresql: fullnameOverride: postgresql diff --git a/docker/demo-bundled/Makefile b/docker/demo-bundled/Makefile index b2f1a02713..ec7ae409ed 100644 --- a/docker/demo-bundled/Makefile +++ b/docker/demo-bundled/Makefile @@ -28,6 +28,7 @@ flyte: create_builder helm-repos: helm repo add docker-registry https://twuni.github.io/docker-registry.helm helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add rustfs https://rustfs.github.io/helm helm repo update .PHONY: dep_build @@ -51,7 +52,7 @@ manifests: dep_update --load-restrictor=LoadRestrictionsNone \ kustomize/dev > manifests/dev.yaml -CONSOLE_IMAGE := ghcr.io/flyteorg/flyte-client-v2 +CONSOLE_IMAGE := ghcr.io/unionai-oss/flyteconsole-v2 CONSOLE_TAG := latest .PHONY: console diff --git a/docker/demo-bundled/images/manifest.txt b/docker/demo-bundled/images/manifest.txt index fe6a52ca20..e9d1c9a96b 100644 --- a/docker/demo-bundled/images/manifest.txt +++ b/docker/demo-bundled/images/manifest.txt @@ -4,4 +4,5 @@ docker.io/rancher/local-path-provisioner:v0.0.21 docker.io/rancher/mirrored-coredns-coredns:1.9.1 docker.io/rancher/mirrored-library-busybox:1.34.1 docker.io/rancher/mirrored-pause:3.6 +docker.io/minio/mc:latest docker.io/rustfs/rustfs:sandbox=rustfs/rustfs:latest diff --git a/docker/demo-bundled/manifests/complete.yaml b/docker/demo-bundled/manifests/complete.yaml index a452dabf7c..dedd4d3c24 100644 --- a/docker/demo-bundled/manifests/complete.yaml +++ b/docker/demo-bundled/manifests/complete.yaml @@ -301,6 +301,19 @@ metadata: name: flyte-binary namespace: flyte --- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 + name: rustfs + namespace: flyte +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -532,14 +545,14 @@ data: region: us-east-1 disable_ssl: true v2_signing: true - endpoint: http://rustfs.flyte:9000 + endpoint: http://rustfs-svc:9000 auth_type: accesskey container: flyte-data 100-inline-config.yaml: | plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs.flyte:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: flyte-binary-http.flyte:8090 @@ -591,6 +604,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: /data +kind: ConfigMap +metadata: + labels: {} + name: rustfs-config + namespace: flyte +--- +apiVersion: v1 data: haSharedSecret: Zmx5dGVzYW5kYm94c2VjcmV0 proxyPassword: "" @@ -631,17 +660,12 @@ type: Opaque --- apiVersion: v1 data: - access-key: cnVzdGZz - secret-key: cnVzdGZzc3RvcmFnZQ== + RUSTFS_ACCESS_KEY: cnVzdGZz + RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: - labels: - app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: rustfs + labels: {} + name: rustfs-secret namespace: flyte type: Opaque --- @@ -767,61 +791,61 @@ metadata: labels: app.kubernetes.io/instance: flyte-demo app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: rustfs + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 + name: rustfs-svc namespace: flyte spec: ports: - - name: rustfs-api + - name: endpoint nodePort: 30002 port: 9000 - targetPort: rustfs-api + targetPort: 9000 + - name: console + nodePort: 32001 + port: 9001 + targetPort: 9001 selector: app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/name: rustfs + app.kubernetes.io/name: rustfsupstream + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 type: NodePort --- apiVersion: v1 -kind: PersistentVolume +kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: flyte-demo-rustfs-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-data namespace: flyte spec: accessModes: - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/rustfs - storageClassName: manual + resources: + requests: + storage: 256Mi + storageClassName: local-path --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: flyte-demo-rustfs-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-logs namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-demo-rustfs-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: apps/v1 kind: Deployment @@ -913,7 +937,7 @@ spec: template: metadata: annotations: - checksum/configuration: 7086d439a183c1c3cf2549a609143ac5e81a9f4dddd67c7059b969f8c6615a7e + checksum/configuration: d69cb80df3d1df51b412e17e4404539cae41dee8c1403713e2ba407ad01641f5 checksum/configuration-secret: 4bd6625ca25de370120c59fb11b5f6d5fb70b1314b13d18f3850d76d2e452869 labels: app.kubernetes.io/component: flyte-binary @@ -1041,87 +1065,150 @@ metadata: labels: app.kubernetes.io/instance: flyte-demo app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 name: rustfs namespace: flyte spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/name: rustfs + app.kubernetes.io/name: rustfsupstream strategy: - type: Recreate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/name: rustfs + app.kubernetes.io/name: rustfsupstream spec: + affinity: null containers: - - env: - - name: RUSTFS_ADDRESS - value: 0.0.0.0:9000 - - name: RUSTFS_VOLUMES - value: /data - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access-key - name: rustfs - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - key: secret-key - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: rustfs-config + - secretRef: + name: rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent livenessProbe: - failureThreshold: 5 + failureThreshold: 3 + httpGet: + path: /health + port: endpoint initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: rustfs-api - name: rustfs + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + name: rustfsupstream ports: - containerPort: 9000 - name: rustfs-api - protocol: TCP + name: endpoint + - containerPort: 9001 + name: console readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 periodSeconds: 5 - tcpSocket: - port: rustfs-api + successThreshold: 1 + timeoutSeconds: 3 + resources: {} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 10001 volumeMounts: + - mountPath: /logs + name: logs + subPath: logs - mountPath: /data name: data + imagePullSecrets: [] initContainers: - command: - - /bin/sh - - -ec + - sh + - -c - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - image: busybox:latest + mkdir -p /data /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + image: busybox:stable imagePullPolicy: IfNotPresent - name: volume-permissions + name: init-step securityContext: - runAsUser: 0 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - mountPath: /data name: data + - mountPath: /mnt/rustfs + name: logs securityContext: fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 volumes: + - name: logs + persistentVolumeClaim: + claimName: rustfs-logs - name: data persistentVolumeClaim: - claimName: flyte-demo-rustfs-storage + claimName: rustfs-data +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "10" + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-demo + app.kubernetes.io/version: 1.16.1 + helm.sh/chart: flyte-demo-0.1.0 + name: flyte-demo-rustfs-bucket-init + namespace: flyte +spec: + backoffLimit: 6 + template: + metadata: + labels: + app.kubernetes.io/component: rustfs-bucket-init + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/name: flyte-demo + spec: + containers: + - command: + - /bin/sh + - -ec + - | + until mc alias set local 'http://rustfs-svc:9000' 'rustfs' 'rustfsstorage'; do + echo "waiting for rustfs endpoint..." + sleep 2 + done + mc mb --ignore-existing local/flyte-data + image: minio/mc:latest + imagePullPolicy: IfNotPresent + name: bucket-init + restartPolicy: OnFailure --- apiVersion: helm.cattle.io/v1 kind: HelmChartConfig @@ -1206,3 +1293,61 @@ spec: number: 8090 path: /flyteidl2. pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 + name: rustfs + namespace: flyte +spec: + ingressClassName: nginx + rules: + - host: example.rustfs.com + http: + paths: + - backend: + service: + name: rustfs-svc + port: + name: console + path: / + pathType: Prefix +--- +apiVersion: v1 +kind: Pod +metadata: + annotations: + helm.sh/hook: test + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 + name: rustfs-test-connection + namespace: flyte +spec: + containers: + - args: + - -O + - /dev/null + - rustfs-svc:9000/health + command: + - wget + image: busybox:stable + imagePullPolicy: IfNotPresent + name: wget + restartPolicy: Never diff --git a/docker/demo-bundled/manifests/dev.yaml b/docker/demo-bundled/manifests/dev.yaml index 55e645545f..5412ad808a 100644 --- a/docker/demo-bundled/manifests/dev.yaml +++ b/docker/demo-bundled/manifests/dev.yaml @@ -291,6 +291,19 @@ spec: status: {} --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 + name: rustfs + namespace: flyte +--- +apiVersion: v1 data: config.yml: |- health: @@ -326,6 +339,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: /data +kind: ConfigMap +metadata: + labels: {} + name: rustfs-config + namespace: flyte +--- +apiVersion: v1 data: haSharedSecret: Zmx5dGVzYW5kYm94c2VjcmV0 proxyPassword: "" @@ -343,17 +372,12 @@ type: Opaque --- apiVersion: v1 data: - access-key: cnVzdGZz - secret-key: cnVzdGZzc3RvcmFnZQ== + RUSTFS_ACCESS_KEY: cnVzdGZz + RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: - labels: - app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: rustfs + labels: {} + name: rustfs-secret namespace: flyte type: Opaque --- @@ -479,61 +503,61 @@ metadata: labels: app.kubernetes.io/instance: flyte-demo app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: rustfs + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 + name: rustfs-svc namespace: flyte spec: ports: - - name: rustfs-api + - name: endpoint nodePort: 30002 port: 9000 - targetPort: rustfs-api + targetPort: 9000 + - name: console + nodePort: 32001 + port: 9001 + targetPort: 9001 selector: app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/name: rustfs + app.kubernetes.io/name: rustfsupstream + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 type: NodePort --- apiVersion: v1 -kind: PersistentVolume +kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: flyte-demo-rustfs-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-data namespace: flyte spec: accessModes: - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /var/lib/flyte/storage/rustfs - storageClassName: manual + resources: + requests: + storage: 256Mi + storageClassName: local-path --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 - name: flyte-demo-rustfs-storage + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-logs namespace: flyte spec: accessModes: - ReadWriteOnce resources: requests: - storage: 1Gi - storageClassName: manual - volumeName: flyte-demo-rustfs-storage + storage: 256Mi + storageClassName: local-path --- apiVersion: apps/v1 kind: Deployment @@ -655,87 +679,150 @@ metadata: labels: app.kubernetes.io/instance: flyte-demo app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-demo - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-demo-0.1.0 + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 name: rustfs namespace: flyte spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/name: rustfs + app.kubernetes.io/name: rustfsupstream strategy: - type: Recreate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: app.kubernetes.io/instance: flyte-demo - app.kubernetes.io/name: rustfs + app.kubernetes.io/name: rustfsupstream spec: + affinity: null containers: - - env: - - name: RUSTFS_ADDRESS - value: 0.0.0.0:9000 - - name: RUSTFS_VOLUMES - value: /data - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access-key - name: rustfs - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - key: secret-key - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: rustfs-config + - secretRef: + name: rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent livenessProbe: - failureThreshold: 5 + failureThreshold: 3 + httpGet: + path: /health + port: endpoint initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: rustfs-api - name: rustfs + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + name: rustfsupstream ports: - containerPort: 9000 - name: rustfs-api - protocol: TCP + name: endpoint + - containerPort: 9001 + name: console readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 periodSeconds: 5 - tcpSocket: - port: rustfs-api + successThreshold: 1 + timeoutSeconds: 3 + resources: {} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 10001 volumeMounts: + - mountPath: /logs + name: logs + subPath: logs - mountPath: /data name: data + imagePullSecrets: [] initContainers: - command: - - /bin/sh - - -ec + - sh + - -c - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - image: busybox:latest + mkdir -p /data /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + image: busybox:stable imagePullPolicy: IfNotPresent - name: volume-permissions + name: init-step securityContext: - runAsUser: 0 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true volumeMounts: - mountPath: /data name: data + - mountPath: /mnt/rustfs + name: logs securityContext: fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 volumes: + - name: logs + persistentVolumeClaim: + claimName: rustfs-logs - name: data persistentVolumeClaim: - claimName: flyte-demo-rustfs-storage + claimName: rustfs-data +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "10" + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: flyte-demo + app.kubernetes.io/version: 1.16.1 + helm.sh/chart: flyte-demo-0.1.0 + name: flyte-demo-rustfs-bucket-init + namespace: flyte +spec: + backoffLimit: 6 + template: + metadata: + labels: + app.kubernetes.io/component: rustfs-bucket-init + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/name: flyte-demo + spec: + containers: + - command: + - /bin/sh + - -ec + - | + until mc alias set local 'http://rustfs-svc:9000' 'rustfs' 'rustfsstorage'; do + echo "waiting for rustfs endpoint..." + sleep 2 + done + mc mb --ignore-existing local/flyte-data + image: minio/mc:latest + imagePullPolicy: IfNotPresent + name: bucket-init + restartPolicy: OnFailure --- apiVersion: helm.cattle.io/v1 kind: HelmChartConfig @@ -820,3 +907,61 @@ spec: number: 8090 path: /flyteidl2. pathType: Prefix +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 + name: rustfs + namespace: flyte +spec: + ingressClassName: nginx + rules: + - host: example.rustfs.com + http: + paths: + - backend: + service: + name: rustfs-svc + port: + name: console + path: / + pathType: Prefix +--- +apiVersion: v1 +kind: Pod +metadata: + annotations: + helm.sh/hook: test + labels: + app.kubernetes.io/instance: flyte-demo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfsupstream + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfsupstream-0.0.94 + name: rustfs-test-connection + namespace: flyte +spec: + containers: + - args: + - -O + - /dev/null + - rustfs-svc:9000/health + command: + - wget + image: busybox:stable + imagePullPolicy: IfNotPresent + name: wget + restartPolicy: Never