configuration: database: username: postgres password: host: dbname: flyteadmin storage: #Learn more about how Flyte handles data: https://docs.flyte.org/en/latest/concepts/data_management.html metadataContainer: userDataContainer: provider: s3 providerConfig: s3: region: "" authType: "iam" #For logging to work, you need to setup an agent. # Learn more: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-EKS-logs.html logging: level: 5 plugins: cloudwatch: enabled: true templateUri: |- https://console.aws.amazon.com/cloudwatch/home?region=#logEventViewer:group=/aws/eks//cluster;stream=var.log.containers.{{ .podName }}_{{ .namespace }}_{{ .containerName }}-{{ .containerId }}.log # To configure auth, refer to https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html auth: enabled: false oidc: baseUrl: clientId: clientSecret: internal: clientSecret: clientSecretHash: authorizedUris: - https://flyte.company.com #change to your authorized URI inline: #This section automates the IAM Role annotation for the default KSA on each project namespace to enable IRSA #Learn more: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html cluster_resources: customData: - production: - defaultIamRole: value: - staging: - defaultIamRole: value: - development: - defaultIamRole: value: flyteadmin: roleNameKey: "iam.amazonaws.com/role" plugins: k8s: inject-finalizer: true default-env-vars: - AWS_METADATA_SERVICE_TIMEOUT: 5 - AWS_METADATA_SERVICE_NUM_ATTEMPTS: 20 # Configuration for the Datacatalog engine, used when caching is enabled # Learn more: https://docs.flyte.org/en/latest/deployment/configuration/generated/datacatalog_config.html storage: cache: max_size_mbs: 10 target_gc_percent: 100 tasks: task-plugins: enabled-plugins: - container - sidecar - K8S-ARRAY #used for MapTasks - connector-service - echo default-for-task-types: - container: container - container_array: K8S-ARRAY clusterResourceTemplates: inline: #This section automates the creation of the project-domain namespaces 001_namespace.yaml: | apiVersion: v1 kind: Namespace metadata: name: '{{ namespace }}' # This block performs the automated annotation of KSAs across all project-domain namespaces 002_serviceaccount.yaml: | apiVersion: v1 kind: ServiceAccount metadata: name: default namespace: '{{ namespace }}' annotations: eks.amazonaws.com/role-arn: '{{ defaultIamRole }}' ingress: create: true ##-- Uncomment the following section if you plan to use NGINX Ingress Controller #ingressClassName: nginx #commonAnnotations: # ingress.kubernetes.io/rewrite-target: / # nginx.ingress.kubernetes.io/ssl-redirect: "true" #httpAnnotations: # nginx.ingress.kubernetes.io/app-root: /console #grpcAnnotations: # nginx.ingress.kubernetes.io/backend-protocol: GRPC #host: # change for the URL you'll use to connect to Flyte ## --- #This section assumes you are using the ALB Ingress controller. ingressClassName: alb commonAnnotations: alb.ingress.kubernetes.io/certificate-arn: 'arn:aws:acm:::certificate/' alb.ingress.kubernetes.io/group.name: flyte alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/ssl-redirect: '443' alb.ingress.kubernetes.io/target-type: ip httpAnnotations: alb.ingress.kubernetes.io/actions.app-root: '{"Type": "redirect", "RedirectConfig": {"Path": "/console", "StatusCode": "HTTP_302"}}' grpcAnnotations: alb.ingress.kubernetes.io/backend-protocol-version: GRPC host: flyte.mydomain.com #replace with your fully-qualified domain name serviceAccount: create: true annotations: eks.amazonaws.com/role-arn: ""