sparse-pizza-79993
07/26/2023, 12:13 PMflyte-binary
just not support TLS on the ingress resources? How is TLS currently being done if not using an Ingress?freezing-boots-56761
sparse-pizza-79993
07/26/2023, 6:33 PMfreezing-boots-56761
sparse-pizza-79993
07/27/2023, 9:34 AMspec:
# ...
tls:
- hosts:
- <host>
secretName: flyte-tls
calm-zoo-68637
08/08/2023, 1:13 PMcalm-zoo-68637
08/08/2023, 1:13 PMfreezing-boots-56761
freezing-boots-56761
calm-zoo-68637
08/08/2023, 2:14 PMfreezing-boots-56761
calm-zoo-68637
08/08/2023, 3:05 PM0.0-9cbd3a2a0abc0a3978460bc0eb4eb1c3e01991e0
? right? I see neither ingressClassName
nor httpTls changes reflected when doing kubectl describe ingress flyte-flyte-binary-http
calm-zoo-68637
08/08/2023, 3:06 PMingress:
host: <redacted>
# TODO - update chart once tls support lands to add this
grpcTls:
- hosts:
- <redacted>
secretName: cluster-wildcard-tls
httpTls:
- hosts:
- <redacted>
secretName: cluster-wildcard-tls
create: true
ingressClassName: nginx
commonAnnotations:
<http://nginx.ingress.kubernetes.io/ssl-redirect|nginx.ingress.kubernetes.io/ssl-redirect>: "false"
# TODO - once "ingressClassName" support lands, delete this
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
grpcAnnotations:
<http://nginx.ingress.kubernetes.io/backend-protocol|nginx.ingress.kubernetes.io/backend-protocol>: GRPC
freezing-boots-56761
freezing-boots-56761
freezing-boots-56761
calm-zoo-68637
08/08/2023, 3:27 PMapiVersion: v1
items:
- apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
annotations:
<http://field.cattle.io/publicEndpoints|field.cattle.io/publicEndpoints>: '[{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/console","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/console/*","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/api","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/api/*","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/healthcheck","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/v1/*","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/.well-known","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/.well-known/*","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/login","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/login/*","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/logout","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/logout/*","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/callback","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/callback/*","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/me","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/config","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/config/*","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/oauth2","allNodes":false},{"addresses":["10.48.3.19","10.48.3.23","52.235.149.87","52.244.67.12"],"port":80,"protocol":"HTTP","serviceName":"flyte:flyte-flyte-binary-http","ingressName":"flyte:flyte-flyte-binary-http","hostname":"<http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>","path":"/oauth2/*","allNodes":false}]'
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
<http://meta.helm.sh/release-name|meta.helm.sh/release-name>: flyte
<http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>: flyte
<http://nginx.ingress.kubernetes.io/ssl-redirect|nginx.ingress.kubernetes.io/ssl-redirect>: "false"
creationTimestamp: "2023-08-08T15:01:48Z"
generation: 1
labels:
<http://app.kubernetes.io/instance|app.kubernetes.io/instance>: flyte
<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: Helm
<http://app.kubernetes.io/name|app.kubernetes.io/name>: flyte-binary
<http://app.kubernetes.io/version|app.kubernetes.io/version>: 1.16.0
<http://helm.sh/chart|helm.sh/chart>: flyte-binary-v1.8.1
name: flyte-flyte-binary-http
namespace: flyte
resourceVersion: "553670"
uid: 42e2247e-7ded-42ba-b1d0-fb1c1dc1ad08
spec:
rules:
- host: <http://flyte.redacted.redacted.com|flyte.redacted.redacted.com>
http:
paths:
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /console
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /console/*
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /api
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /api/*
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /healthcheck
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /v1/*
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /.well-known
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /.well-known/*
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /login
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /login/*
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /logout
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /logout/*
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /callback
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /callback/*
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /me
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /config
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /config/*
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /oauth2
pathType: ImplementationSpecific
- backend:
service:
name: flyte-flyte-binary-http
port:
number: 8088
path: /oauth2/*
pathType: ImplementationSpecific
status:
loadBalancer:
ingress:
- ip: 10.48.3.19
- ip: 10.48.3.23
- ip: 52.235.149.87
- ip: 52.244.67.12
-
calm-zoo-68637
08/08/2023, 3:27 PMfreezing-boots-56761
freezing-boots-56761
@@ -202,6 +202,15 @@ ingress:
name: use-annotation
path: /
pathType: Exact
+ ingressClassName: foobar
+ httpTls:
+ - hosts:
+ - foo.bar
+ secretName: foo
+ grpcTls:
+ - hosts:
+ - foo.bar
+ secretName: foo
rbac:
extraRules:
- apiGroups:
produces:
@@ -854,6 +854,7 @@ metadata:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: alb
<http://alb.ingress.kubernetes.io/backend-protocol-version|alb.ingress.kubernetes.io/backend-protocol-version>: GRPC
spec:
+ ingressClassName: "foobar"
rules:
- http:
paths:
@@ -942,6 +943,10 @@ spec:
path: /flyteidl.service.SignalService/*
pathType: ImplementationSpecific
host: "<redacted>"
+ tls:
+ - hosts:
+ - foo.bar
+ secretName: foo
and
spec:
+ ingressClassName: "foobar"
rules:
- http:
paths:
@@ -1110,3 +1116,7 @@ spec:
path: /oauth2/*
pathType: ImplementationSpecific
host: "<redacted>"
+ tls:
+ - hosts:
+ - foo.bar
+ secretName: foo
for me.freezing-boots-56761
@@ -202,6 +202,11 @@ ingress:
name: use-annotation
path: /
pathType: Exact
+ ingressClassName: foobar
+ tls:
+ - hosts:
+ - foo.bar
+ secretName: foo
rbac:
extraRules:
- apiGroups:
freezing-boots-56761
freezing-boots-56761
helm template flyte-binary <oci://ghcr.io/flyteorg/helm-charts/flyte-binary> --namespace flyte --set deployment.image.tag=sha-9cbd3a2a0abc0a3978460bc0eb4eb1c3e01991e0 --version 0.0-9cbd3a2a0abc0a3978460bc0eb4eb1c3e01991e0 --values values.yaml > generated.yaml
and inspect it.calm-zoo-68637
08/09/2023, 1:40 PMdependencies:
- name: flyte-binary
version: "0.0-9cbd3a2a0abc0a3978460bc0eb4eb1c3e01991e0"
repository: "<oci://ghcr.io/flyteorg/helm-charts/flyte-binary>"
I get the following error from helm dependency build
Save error occurred: could not download <oci://ghcr.io/flyteorg/helm-charts/flyte-binary/flyte-binary>: failed to authorize: failed to fetch anonymous token: unexpected status from GET request to <https://ghcr.io/token?scope=repository%3Aflyteorg%2Fhelm-charts%2Fflyte-binary%2Fflyte-binary%3Apull&service=ghcr.io>: 403 Forbidden
calm-zoo-68637
08/09/2023, 1:53 PMhelm pull
. I now see:
W0809 06:50:42.034001 83117 warnings.go:70] unknown field "spec.rules[0].tls"
W0809 06:50:42.617311 83117 warnings.go:70] unknown field "spec.rules[0].tls"
looking at the docs, shouldn't "tls" be a sibling of rules, not a child?freezing-boots-56761
freezing-boots-56761
freezing-boots-56761
freezing-boots-56761
calm-zoo-68637
08/09/2023, 6:40 PMfreezing-boots-56761
calm-zoo-68637
08/10/2023, 10:48 PMcalm-zoo-68637
08/10/2023, 10:49 PMcalm-zoo-68637
08/10/2023, 10:51 PMcalm-zoo-68637
08/10/2023, 10:51 PM