userSettings: accountNumber: accountRegion: certificateArn: dbPassword: rdsHost: # These two storage buckets could be the same or you could specify different buckets if required. Both keys are required. # Learn more https://docs.flyte.org/en/latest/concepts/data_management.html#understand-how-flyte-handles-data bucketName: rawDataBucketName: logGroup: redisHostUrl: redisHostKey: # # FLYTEADMIN # flyteadmin: replicaCount: 2 # -- IAM role for SA: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html serviceAccount: # -- If the service account is created by you, make this false, else a new service account will be created and the iam-role-flyte will be added # you can change the name of this role create: true annotations: eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.userSettings.accountNumber }}:role/iam-role-flyte serviceMonitor: enabled: false resources: limits: ephemeral-storage: 200Mi requests: cpu: 50m ephemeral-storage: 200Mi memory: 200Mi affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: flyteadmin topologyKey: kubernetes.io/hostname # # FLYTESCHEDULER # flytescheduler: {} # # DATACATALOG # datacatalog: replicaCount: 2 serviceAccount: # -- If the service account is created by you, make this false create: true annotations: eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.userSettings.accountNumber }}:role/iam-role-flyte resources: limits: cpu: 1 ephemeral-storage: 200Mi requests: cpu: 500m ephemeral-storage: 200Mi memory: 200Mi affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: datacatalog topologyKey: kubernetes.io/hostname # # FLYTEPROPELLER # flytepropeller: replicaCount: 2 manager: false serviceMonitor: enabled: false service: enabled: false serviceAccount: # -- If the service account is created by you, make this false create: true annotations: eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.userSettings.accountNumber }}:role/iam-role-flyte resources: limits: cpu: 1 ephemeral-storage: 1Gi memory: 2Gi requests: cpu: 1 ephemeral-storage: 1Gi memory: 2Gi # -- Sets priorityClassName for propeller pod(s). priorityClassName: "system-cluster-critical" affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: flytepropeller topologyKey: kubernetes.io/hostname # # FLYTE_AGENT # flyteconnector: enabled: false # # FLYTECONSOLE # flyteconsole: replicaCount: 2 resources: limits: cpu: 250m affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: flyteconsole topologyKey: kubernetes.io/hostname # # COMMON # common: ingress: albSSLRedirect: true separateGrpcIngress: true annotations: # -- aws-load-balancer-controller v2.1 or higher is required - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.1/ # For EKS if using [ALB](https://kubernetes-sigs.github.io/aws-load-balancer-controller/guide/ingress/annotations/), these annotations are set kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/tags: service_instance=production alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip # -- This is the certificate arn of the cert imported in AWS certificate manager. alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.userSettings.certificateArn }}" alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' # -- Instruct ALB Controller to not create multiple load balancers (and hence maintain a single endpoint for both GRPC and Http) alb.ingress.kubernetes.io/group.name: flyte separateGrpcIngressAnnotations: alb.ingress.kubernetes.io/backend-protocol-version: GRPC databaseSecret: name: db-pass secretManifest: # -- Leave it empty if your secret already exists # Else you can create your own secret object. You can use Kubernetes secrets, else you can configure external secrets # For external secrets please install Necessary dependencies, like, of your choice # - https://github.com/hashicorp/vault # - https://github.com/godaddy/kubernetes-external-secrets apiVersion: v1 kind: Secret metadata: name: db-pass type: Opaque stringData: # -- If using plain text you can provide the password here pass.txt: "{{ .Values.userSettings.dbPassword }}" # ----------------------------------------------------- # Core dependencies that should be configured for Flyte to work on any platform # Specifically 2 - Storage (s3, gcs etc), Production RDBMS - Aurora, CloudSQL etc # ------------------------------------------------------ # # STORAGE SETTINGS # storage: # -- Sets the storage type. Supported values are sandbox, s3, gcs and custom. type: s3 # -- bucketName defines the storage bucket flyte will use. Required for all types except for sandbox. bucketName: "{{ .Values.userSettings.bucketName }}" s3: region: "{{ .Values.userSettings.accountRegion }}" cache: maxSizeMBs: 1024 db: datacatalog: database: port: 5432 # -- Create a user called flyteadmin username: flyteadmin host: "{{ .Values.userSettings.rdsHost }}" # -- Create a DB called datacatalog (OR change the name here) dbname: flyteadmin passwordPath: /etc/db/pass.txt admin: database: port: 5432 # -- Create a user called flyteadmin username: flyteadmin host: "{{ .Values.userSettings.rdsHost }}" # -- Create a DB called flyteadmin (OR change the name here) dbname: flyteadmin passwordPath: /etc/db/pass.txt # # CONFIGMAPS # configmap: adminServer: server: httpPort: 8088 grpc: port: 8089 security: secure: false useAuth: false allowCors: true allowedOrigins: # Accepting all domains for Sandbox installation - "*" allowedHeaders: - "Content-Type" task_resource_defaults: task_resources: defaults: cpu: 1000m memory: 1000Mi storage: 1000Mi limits: storage: 2000Mi core: propeller: rawoutput-prefix: "s3://{{ .Values.userSettings.rawDataBucketName }}/" workers: 40 gc-interval: 12h max-workflow-retries: 50 kube-client-config: qps: 100 burst: 25 timeout: 30s queue: sub-queue: type: bucket rate: 100 capacity: 1000 # -- Resource manager configuration resource_manager: # -- resource manager configuration propeller: resourcemanager: type: noop # Note: By default resource manager is disabled for propeller, Please use `type: redis` to enable # type: redis # resourceMaxQuota: 10000 # redis: # hostPath: "{{ .Values.userSettings.redisHostUrl }}" # hostKey: "{{ .Values.userSettings.redisHostKey }}" enabled_plugins: # -- Tasks specific configuration [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#GetConfig) tasks: # -- Plugins configuration, [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#TaskPluginConfig) task-plugins: # -- [Enabled Plugins](https://pkg.go.dev/github.com/lyft/flyteplugins/go/tasks/config#Config). Enable sagemaker*, athena if you install the backend # plugins enabled-plugins: - container - sidecar - k8s-array - connector-service - echo # - sagemaker_hyperparameter_tuning # - sagemaker_custom_training # - sagemaker_training default-for-task-types: container: container sidecar: sidecar container_array: k8s-array # sagemaker_custom_training_task: sagemaker_custom_training # sagemaker_custom_training_job_task: sagemaker_custom_training # -- Section that configures how the Task logs are displayed on the UI. This has to be changed based on your actual logging provider. # Refer to [structure](https://pkg.go.dev/github.com/lyft/flyteplugins/go/tasks/logs#LogConfig) to understand how to configure various # logging engines task_logs: plugins: logs: kubernetes-enabled: false # -- One option is to enable cloudwatch logging for EKS, update the region and log group accordingly # You can even disable this cloudwatch-enabled: true # -- region where logs are hosted cloudwatch-region: "{{ .Values.userSettings.accountRegion }}" # -- cloudwatch log-group cloudwatch-log-group: "{{ .Values.userSettings.logGroup }}" # ---------------------------------------------------------------- # Optional Modules # Flyte built extensions that enable various additional features in Flyte. # All these features are optional, but are critical to run certain features # ------------------------------------------------------------------------ # -- # Flyte uses a cloud hosted Cron scheduler to run workflows on a schedule. The following module is optional. Without, # this module, you will not have scheduled launchplans/workflows. # by default aws use flyte native scheduler i.e flytescheduler # To use aws native scheduler please override the eks values workflow_scheduler: enabled: true type: native # -- # Workflow notifications module is an optional dependency. Flyte uses cloud native pub-sub systems to notify users of # various events in their workflows workflow_notifications: enabled: false config: notifications: type: aws region: "{{ .Values.userSettings.accountRegion }}" publisher: topicName: "arn:aws:sns:{{ .Values.userSettings.accountRegion }}:{{ .Values.userSettings.accountNumber }}:flyte-notifications-topic" processor: queueName: flyte-notifications-queue accountId: "{{ .Values.userSettings.accountNumber }}" emailer: subject: "Flyte: {{ project }}/{{ domain }}/{{ launch_plan.name }} has {{ phase }}" sender: "flyte@example.com" body: | "Execution {{ workflow.project }}/{{ workflow.domain }}/{{ workflow.name }}/{{ name }} has {{ phase }}. Details: https://flyte.example.com/console/projects/{{ project }}/domains/{{ domain }}/executions/{{ name }}. {{ error }}" # -- Configuration for the Cluster resource manager component. This is an optional component, that enables automatic # cluster configuration. This is useful to set default quotas, manage namespaces etc that map to a project/domain cluster_resource_manager: # -- Enables the Cluster resource manager component enabled: true # -- Starts the cluster resource manager in standalone mode with requisite auth credentials to call flyteadmin service endpoints standalone_deploy: false config: cluster_resources: customData: - production: - projectQuotaCpu: value: "5" - projectQuotaMemory: value: "4000Mi" - defaultIamRole: value: "arn:aws:iam::{{ .Values.userSettings.accountNumber }}:role/flyte-user-role" - staging: - projectQuotaCpu: value: "2" - projectQuotaMemory: value: "3000Mi" - defaultIamRole: value: "arn:aws:iam::{{ .Values.userSettings.accountNumber }}:role/flyte-user-role" - development: - projectQuotaCpu: value: "4" - projectQuotaMemory: value: "3000Mi" - defaultIamRole: value: "arn:aws:iam::{{ .Values.userSettings.accountNumber }}:role/flyte-user-role" templates: # -- Template for namespaces resources - key: aa_namespace value: | apiVersion: v1 kind: Namespace metadata: name: {{ namespace }} spec: finalizers: - kubernetes # -- Patch default service account - key: aab_default_service_account value: | apiVersion: v1 kind: ServiceAccount metadata: name: default namespace: {{ namespace }} annotations: eks.amazonaws.com/role-arn: {{ defaultIamRole }} - key: ab_project_resource_quota value: | apiVersion: v1 kind: ResourceQuota metadata: name: project-quota namespace: {{ namespace }} spec: hard: limits.cpu: {{ projectQuotaCpu }} limits.memory: {{ projectQuotaMemory }} # # SPARKOPERATOR # sparkoperator: enabled: false