From 7e4183877150ffb808d7d157b6f96acf97bee130 Mon Sep 17 00:00:00 2001 From: "yini.gao@schibsted.com" Date: Fri, 15 Mar 2024 13:55:09 +0100 Subject: [PATCH] Update README.md --- charts/flyte-core/README.md | 3 ++- ...keycloak-idp-flyteclients-without-browser.yaml | 7 +++++-- charts/flyte-core/values.yaml | 4 ++-- docs/deployment/configuration/auth_setup.rst | 15 +++++++++++---- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 5a18f902cba..da38e5ac87b 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -273,7 +273,8 @@ helm install gateway bitnami/contour -n flyte | flytescheduler.tolerations | list | `[]` | tolerations for Flytescheduler deployment | | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | | | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | | -| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. If enabled is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | +| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will mount `flyte-secret-auth`. If enabled is false, helm will not mount `flyte-secret-auth` | + | secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server | | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration | diff --git a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml index edfd9478bcd..b1361492987 100644 --- a/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml +++ b/charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml @@ -298,10 +298,13 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. - # If enabled is false, it's up to the user to create `flyte-secret-auth` as described in + # If enabled is true, helm will mount `flyte-secret-auth`. + # If enabled is false, helm will not mount `flyte-secret-auth`. + # If create is true, helm will create the `flyte-secret-auth`. + # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server enabled: true + create: true clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP clientId: "flytepropeller" #use this client id and secret in the flytectl config with ClientSecret option diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index fb40a402b59..a368305fcb4 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -430,8 +430,8 @@ deployRedoc: false secrets: adminOauthClientCredentials: - # -- If enabled is true, helm will populate `flyte-secret-auth` with `clientSecret`. - # If enabled is false, helm will not populate `flyte-secret-auth`. + # If enabled is true, helm will mount `flyte-secret-auth`. + # If enabled is false, helm will not mount `flyte-secret-auth`. # If create is true, helm will create the `flyte-secret-auth`. # If create is false, it's up to the user to create `flyte-secret-auth` as described in # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index 2887e830ede..89cb61dba0a 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -345,9 +345,13 @@ Apply OIDC Configuration secrets: adminOauthClientCredentials: - # -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. - # If enabled is false, it's up to the user to create `flyte-secret-auth` + # If enabled is true, helm will mount `flyte-secret-auth`. + # If enabled is false, helm will not mount `flyte-secret-auth`. + # If create is true, helm will create the `flyte-secret-auth`. + # If create is false, it's up to the user to create `flyte-secret-auth` as described in + # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server enabled: true + create: true # Use the non-encoded version of the random password clientSecret: "" clientId: flytepropeller @@ -597,7 +601,8 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: - enabled: true # see the section "Disable Helm secret management" if you require to do so + enabled: true + create: true # see the section "Disable Helm secret management" if you require to do so # Replace with the client_secret provided by your IdP for flytepropeller. clientSecret: # Replace with the client_id provided by provided by your IdP for flytepropeller. @@ -617,6 +622,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au secrets: adminOauthClientCredentials: enabled: true + create: true clientSecret: clientId: --- @@ -673,7 +679,8 @@ Alternatively, you can instruct Helm not to create and manage the secret for ``f secrets: adminOauthClientCredentials: - enabled: false #set to false + enabled: true # mount the flyte-secret-auth secret to the flytepropeller. + create: false # set to false # Replace with the client_id provided by provided by your IdP for flytepropeller. clientId: