Release: Name: userSettings: googleProjectId: dbHost: dbPassword: # These two storage buckets could be the same or you could specify different buckets if required. Both keys are required. # Learn more https://docs.flyte.org/en/latest/concepts/data_management.html#understand-how-flyte-handles-data bucketName: rawDataBucketName: hostName: # # FLYTEADMIN # flyteadmin: replicaCount: 1 serviceMonitor: enabled: false serviceAccount: # -- If the service account is created by you, make this false, else a new service account will be created and the flyteadmin role will be added # you can change the name of this role create: true annotations: # Needed for gcp workload identity to function # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity iam.gke.io/gcp-service-account: gsa-flyteadmin@{{ .Values.userSettings.googleProjectId }}.iam.gserviceaccount.com resources: limits: ephemeral-storage: 2Gi requests: cpu: 500m ephemeral-storage: 2Gi memory: 1G service: annotations: # Required for the ingress to properly route grpc traffic to grpc port cloud.google.com/app-protocols: '{"grpc":"HTTP2"}' affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: flyteadmin topologyKey: kubernetes.io/hostname # # DATACATALOG # datacatalog: replicaCount: 1 serviceAccount: # -- If the service account is created by you, make this false, else a new service account will be created and the iam-role-flyte will be added # you can change the name of this role create: true annotations: # Needed for gcp workload identity to function # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity iam.gke.io/gcp-service-account: gsa-datacatalog@{{ .Values.userSettings.googleProjectId }}.iam.gserviceaccount.com resources: limits: cpu: 500m ephemeral-storage: 2Gi requests: cpu: 50m ephemeral-storage: 2Gi memory: 200Mi service: annotations: # Required for the ingress to properly route grpc traffic to grpc port cloud.google.com/app-protocols: '{"grpc":"HTTP2"}' affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: datacatalog topologyKey: kubernetes.io/hostname # # FLYTEPROPELLER # flytepropeller: replicaCount: 1 manager: false serviceMonitor: enabled: false service: enabled: false serviceAccount: # -- If the service account is created by you, make this false, else a new service account will be created and the iam-role-flyte will be added # you can change the name of this role create: true annotations: # Needed for gcp workload identity to function # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity iam.gke.io/gcp-service-account: gsa-flytepropeller@{{ .Values.userSettings.googleProjectId }}.iam.gserviceaccount.com resources: limits: cpu: 500m ephemeral-storage: 2Gi memory: 1Gi requests: cpu: 50m ephemeral-storage: 2Gi memory: 1Gi cacheSizeMbs: 1024 affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: flytepropeller topologyKey: kubernetes.io/hostname # # FLYTE_AGENT # flyteagent: enabled: false # # FLYTECONSOLE # flyteconsole: replicaCount: 1 resources: limits: cpu: 250m affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: flyteconsole topologyKey: kubernetes.io/hostname # -- # Flyte uses a cloud hosted Cron scheduler to run workflows on a schedule. The following module is optional. Without, # this module, you will not have scheduled launchplans/workflows. workflow_scheduler: enabled: true type: native # -- # Workflow notifications module is an optional dependency. Flyte uses cloud native pub-sub systems to notify users of # various events in their workflows workflow_notifications: enabled: false # # COMMON # common: ingress: host: "{{ .Values.userSettings.hostName }}" tls: enabled: true annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "true" cert-manager.io/issuer: "letsencrypt-production" # --- separateGrpcIngress puts GRPC routes into a separate ingress if true. Required for certain ingress controllers like nginx. separateGrpcIngress: true # --- Extra Ingress annotations applied only to the GRPC ingress. Only makes sense if `separateGrpcIngress` is enabled. separateGrpcIngressAnnotations: nginx.ingress.kubernetes.io/backend-protocol: "GRPC" databaseSecret: name: db-pass secretManifest: # -- Leave it empty if your secret already exists # Else you can create your own secret object. You can use Kubernetes secrets, else you can configure external secrets # For external secrets please install Necessary dependencies, like, of your choice # - https://github.com/hashicorp/vault # - https://github.com/godaddy/kubernetes-external-secrets apiVersion: v1 kind: Secret metadata: name: db-pass type: Opaque stringData: # -- If using plain text you can provide the password here pass.txt: "{{ .Values.userSettings.dbPassword }}" # ----------------------------------------------------- # Core dependencies that should be configured for Flyte to work on any platform # Specifically 2 - Storage (s3, gcs etc), Production RDBMS - Aurora, CloudSQL etc # ------------------------------------------------------ # # STORAGE SETTINGS # storage: # -- Sets the storage type. Supported values are sandbox, s3, gcs and custom. type: gcs # -- bucketName defines the storage bucket flyte will use. Required for all types except for sandbox. bucketName: "{{ .Values.userSettings.bucketName }}" # -- settings for storage type s3 gcs: # -- GCP project ID. Required for storage type gcs. projectId: "{{ .Values.userSettings.googleProjectId }}" db: datacatalog: database: port: 5432 # -- Create a user called flyteadmin username: flyteadmin host: "{{ .Values.userSettings.dbHost }}" # -- Create a DB called datacatalog (OR change the name here) dbname: flyteadmin passwordPath: /etc/db/pass.txt admin: database: port: 5432 # -- Create a user called flyteadmin username: flyteadmin host: "{{ .Values.userSettings.dbHost }}" # -- Create a DB called flyteadmin (OR change the name here) dbname: flyteadmin passwordPath: /etc/db/pass.txt # # CONFIGMAPS # configmap: adminServer: server: httpPort: 8088 grpc: port: 8089 security: secure: false useAuth: false allowCors: true allowedOrigins: # Accepting all domains for Sandbox installation - "*" allowedHeaders: - "Content-Type" task_resource_defaults: task_resources: defaults: cpu: 500m memory: 500Mi storage: 500Mi limits: storage: 2000Mi # Adds the remoteData config setting remoteData: remoteData: region: scheme: "gcs" signedUrls: durationMinutes: 3 # Adds the namespace mapping to default to only domain name instead of project-domain in case of GCP namespace_config: namespace_mapping: template: "{{ domain }}" core: propeller: rawoutput-prefix: "gs://{{ .Values.userSettings.rawDataBucketName }}/" workers: 40 gc-interval: 12h max-workflow-retries: 50 kube-client-config: qps: 100 burst: 25 timeout: 30s queue: sub-queue: type: bucket rate: 100 capacity: 1000 enabled_plugins: # -- Tasks specific configuration [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#GetConfig) tasks: # -- Plugins configuration, [structure](https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/config#TaskPluginConfig) task-plugins: # -- [Enabled Plugins](https://pkg.go.dev/github.com/lyft/flyteplugins/go/tasks/config#Config). Enable sagemaker*, athena if you install the backend # plugins enabled-plugins: - container - sidecar - k8s-array - agent-service default-for-task-types: container: container sidecar: sidecar container_array: k8s-array # -- Section that configures how the Task logs are displayed on the UI. This has to be changed based on your actual logging provider. # Refer to [structure](https://pkg.go.dev/github.com/lyft/flyteplugins/go/tasks/logs#LogConfig) to understand how to configure various # logging engines task_logs: plugins: logs: kubernetes-enabled: false # Enable GCP stackdriver integration for log display stackdriver-enabled: true stackdriver-logresourcename: k8s_container k8s-array: logs: config: stackdriver-enabled: true stackdriver-logresourcename: k8s_container # ---------------------------------------------------------------- # Optional Modules # Flyte built extensions that enable various additional features in Flyte. # All these features are optional, but are critical to run certain features # ------------------------------------------------------------------------ # -- Configuration for the Cluster resource manager component. This is an optional component, that enables automatic # cluster configuration. This is useful to set default quotas, manage namespaces etc that map to a project/domain cluster_resource_manager: # -- Enables the Cluster resource manager component enabled: true # -- Starts the cluster resource manager in standalone mode with requisite auth credentials to call flyteadmin service endpoints standalone_deploy: false config: cluster_resources: customData: - production: - projectQuotaCpu: value: "5" - projectQuotaMemory: value: "4000Mi" - gsa: value: gsa-production@{{ .Values.userSettings.googleProjectId }}.iam.gserviceaccount.com - staging: - projectQuotaCpu: value: "2" - projectQuotaMemory: value: "3000Mi" - gsa: value: gsa-staging@{{ .Values.userSettings.googleProjectId }}.iam.gserviceaccount.com - development: - projectQuotaCpu: value: "2" - projectQuotaMemory: value: "3000Mi" - gsa: value: gsa-development@{{ .Values.userSettings.googleProjectId }}.iam.gserviceaccount.com templates: # -- Template for namespaces resources - key: aa_namespace value: | apiVersion: v1 kind: Namespace metadata: name: {{ namespace }} spec: finalizers: - kubernetes # -- Patch default service account - key: aab_default_service_account value: | apiVersion: v1 kind: ServiceAccount metadata: name: default namespace: {{ namespace }} annotations: # Needed for gcp workload identity to function # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity iam.gke.io/gcp-service-account: {{ gsa }} - key: ab_project_resource_quota value: | apiVersion: v1 kind: ResourceQuota metadata: name: project-quota namespace: {{ namespace }} spec: hard: limits.cpu: {{ projectQuotaCpu }} limits.memory: {{ projectQuotaMemory }} # # SPARKOPERATOR # sparkoperator: enabled: false