hi team, when I run `make compile` and `./bin/fly...
# flyte-supportl
limited-raincoat-94253
06/22/2023, 10:20 PMhi team, when I run
make compile./bin/flyte start --config flyte_local.yamlt
thankful-minister-83577
06/22/2023, 11:28 PM
isn’t this respected?
thankful-minister-83577
06/22/2023, 11:28 PM
can you set it in your local yaml?
l
limited-raincoat-94253
06/22/2023, 11:29 PMin flyte_local.yaml? not sure how to do it
limited-raincoat-94253
06/22/2023, 11:30 PM Copy code
propeller:
rawoutput-prefix: "<ambry://flyte/>"
kube-config: "/Users/yubwang/.kube/config"
create-flyteworkflow-crd: true
webhook:
certDir: /tmp/k8s-webhook-server/serving-certs
serviceName: flyte-pod-webhook
localCert: true
servicePort: 9443
tasks:
task-plugins:
enabled-plugins:
- container
- sidecar
- K8S-ARRAY
default-for-task-types:
- container: container
- container_array: K8S-ARRAY
server:
kube-config: "/Users/yubwang/.kube/config"
httpPort: 30080
serviceHttpEndpoint: <http://localhost:30080/>
grpc:
port: 30081
flyteadmin:
runScheduler: false
namespace_mapping:
template: "flyte"
database:
postgres:
port: 30089
username: postgres
host: localhost
dbname: flyteadmin
options: "sslmode=disable"
storage:
type: ambry
connection:
access-key: minio
auth-type: accesskey
secret-key: miniostorage
disable-ssl: true
endpoint: "<https://ambry-frontend-main.ambry-frontend.ei-ltx1.atd.stg.linkedin.com:3183>"
region: my-region
cache:
max_size_mbs: 10
target_gc_percent: 100
container: "flyte"
Logger:
show-source: true
level: 5
admin:
endpoint: localhost:30081
insecure: true
plugins:
# All k8s plugins default configuration
k8s:
inject-finalizer: true
default-env-vars:
- AWS_METADATA_SERVICE_TIMEOUT: 5
- AWS_METADATA_SERVICE_NUM_ATTEMPTS: 20
- FLYTE_AWS_ENDPOINT: "<http://minio.flyte:9000>"
- FLYTE_AWS_ACCESS_KEY_ID: minio
- FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage
# Logging configuration
logs:
kubernetes-enabled: true
kubernetes-url: "<http://localhost:30082>"
cluster_resources:
refreshInterval: 5m
templatePath: "/etc/flyte/clusterresource/templates"
# -- Starts the cluster resource manager in standalone mode with requisite auth credentials to call flyteadmin service endpoints
standaloneDeployment: false
customData:
- production:
- projectQuotaCpu:
value: "8"
- projectQuotaMemory:
value: "16Gi"
- staging:
- projectQuotaCpu:
value: "8"
- projectQuotaMemory:
value: "16Gi"
- development:
- projectQuotaCpu:
value: "8"
- projectQuotaMemory:
value: "16Gi"
refresh: 5m
flyte:
admin:
disableClusterResourceManager: true
disableScheduler: true
propeller:
disableWebhook: true
task_resources:
defaults:
cpu: 500m
memory: 1Gi
limits:
cpu: 2
memory: 4Gi
gpu: 5
catalog-cache:
endpoint: localhost:8081
insecure: true
type: datacatalogt
thankful-minister-83577
06/22/2023, 11:33 PM
under plugins/k8s
thankful-minister-83577
06/22/2023, 11:33 PM
add
default-pod-security-contextl
limited-raincoat-94253
06/23/2023, 12:17 AMinteresting, that is not effective, I don’t see it being applied to the pod
limited-raincoat-94253
06/23/2023, 12:17 AM Copy code
plugins:
# All k8s plugins default configuration
k8s:
default-pod-security-context:
run-as-user: 0
allow-privilege-escalation: true
inject-finalizer: true
default-env-vars:
- AWS_METADATA_SERVICE_TIMEOUT: 5
- AWS_METADATA_SERVICE_NUM_ATTEMPTS: 20
- FLYTE_AWS_ENDPOINT: "<http://minio.flyte:9000>"
- FLYTE_AWS_ACCESS_KEY_ID: minio
- FLYTE_AWS_SECRET_ACCESS_KEY: miniostoraget
thankful-minister-83577
06/23/2023, 4:45 PM
oh sorry… can you try
default-security-contextthankful-minister-83577
06/23/2023, 4:47 PM
147 Views