From e760bc9e353770a9743223f12c65b939e4270c82 Mon Sep 17 00:00:00 2001 From: Kevin Su Date: Fri, 1 May 2026 14:00:35 -0700 Subject: [PATCH 1/2] fix(devbox-bundled): remove leftover istio refs from knative manifests The bundled Knative install shipped with the upstream net-istio defaults: a Service `knative-local-gateway` in the `istio-system` namespace, two istio `Gateway` CRs, and a `config-istio` ConfigMap pointing the local gateway at istio. Devbox uses kourier as the ingress and never creates the `istio-system` namespace, so k3s logged `namespaces "istio-system" not found` on every startup and the istio Gateway CRs silently failed to apply. Add kustomize patches that delete the istio-only resources and repoint `config-istio`'s local-gateway entry at `kourier-internal.kourier-system.svc.cluster.local`, then regenerate the rendered manifests. Signed-off-by: Kevin Su --- .../kustomize/complete/kustomization.yaml | 29 ++ .../kustomize/dev/kustomization.yaml | 29 ++ docker/devbox-bundled/manifests/complete.yaml | 403 +++++++++++++++--- docker/devbox-bundled/manifests/dev.yaml | 403 +++++++++++++++--- 4 files changed, 732 insertions(+), 132 deletions(-) diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index f6ec725238..9a14fff867 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -83,4 +83,33 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete +- patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: config-istio + namespace: knative-serving + data: + local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local +- patch: |- + apiVersion: v1 + kind: Service + metadata: + name: knative-local-gateway + namespace: istio-system + $patch: delete +- patch: |- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: knative-local-gateway + namespace: knative-serving + $patch: delete +- patch: |- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: knative-ingress-gateway + namespace: knative-serving + $patch: delete diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index d705e2ba71..c94fa452ce 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -73,4 +73,33 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete +- patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: config-istio + namespace: knative-serving + data: + local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local +- patch: |- + apiVersion: v1 + kind: Service + metadata: + name: knative-local-gateway + namespace: istio-system + $patch: delete +- patch: |- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: knative-local-gateway + namespace: knative-serving + $patch: delete +- patch: |- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: knative-ingress-gateway + namespace: knative-serving + $patch: delete diff --git a/docker/devbox-bundled/manifests/complete.yaml b/docker/devbox-bundled/manifests/complete.yaml index b592d22f82..a8fb8b996d 100644 --- a/docker/devbox-bundled/manifests/complete.yaml +++ b/docker/devbox-bundled/manifests/complete.yaml @@ -7068,6 +7068,19 @@ metadata: namespace: flyte --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs + namespace: flyte +--- +apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7831,6 +7844,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: http://flyte-devbox-rustfs-{0...3}.flyte-devbox-rustfs-headless.flyte.svc.cluster.local:9000/data/rustfs{0...3} +kind: ConfigMap +metadata: + labels: {} + name: flyte-devbox-rustfs-config + namespace: flyte +--- +apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -7932,7 +7961,7 @@ metadata: --- apiVersion: v1 data: - local-gateway.knative-serving.knative-local-gateway: knative-local-gateway.istio-system.svc.cluster.local + local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local kind: ConfigMap metadata: labels: @@ -8050,6 +8079,17 @@ stringData: type: Opaque --- apiVersion: v1 +data: + RUSTFS_ACCESS_KEY: cnVzdGZzYWRtaW4= + RUSTFS_SECRET_KEY: cnVzdGZzYWRtaW4= +kind: Secret +metadata: + labels: {} + name: flyte-devbox-rustfs-secret + namespace: flyte +type: Opaque +--- +apiVersion: v1 data: access-key: cnVzdGZz secret-key: cnVzdGZzc3RvcmFnZQ== @@ -8189,6 +8229,53 @@ spec: --- apiVersion: v1 kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs-headless + namespace: flyte +spec: + clusterIP: None + ports: + - name: endpoint + port: 9000 + - name: console + port: 9001 + publishNotReadyAddresses: true + selector: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/name: rustfs +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs-svc + namespace: flyte +spec: + ports: + - name: endpoint + port: 9000 + targetPort: 9000 + - name: console + port: 9001 + targetPort: 9001 + selector: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/name: rustfs + type: ClusterIP +--- +apiVersion: v1 +kind: Service metadata: labels: app.kubernetes.io/name: embedded-postgresql @@ -8226,29 +8313,6 @@ spec: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - experimental.istio.io/disable-gateway-port-translation: "true" - networking.knative.dev/ingress-provider: istio - name: knative-local-gateway - namespace: istio-system -spec: - ports: - - name: http2 - port: 80 - targetPort: 8081 - - name: https - port: 443 - targetPort: 8444 - selector: - istio: ingressgateway - type: ClusterIP ---- -apiVersion: v1 -kind: Service metadata: labels: app: activator @@ -9199,6 +9263,197 @@ spec: serviceAccountName: controller terminationGracePeriodSeconds: 300 --- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs + namespace: flyte +spec: + podManagementPolicy: Parallel + replicas: 4 + selector: + matchLabels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/name: rustfs + serviceName: flyte-devbox-rustfs-headless + template: + metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/name: rustfs + spec: + affinity: + nodeAffinity: {} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - rustfs + topologyKey: kubernetes.io/hostname + containers: + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: flyte-devbox-rustfs-config + - secretRef: + name: flyte-devbox-rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: endpoint + initialDelaySeconds: 10 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + name: rustfs + ports: + - containerPort: 9000 + name: endpoint + - containerPort: 9001 + name: console + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /logs + name: logs + subPath: logs + - mountPath: /data/rustfs0 + name: data-rustfs-0 + - mountPath: /data/rustfs1 + name: data-rustfs-1 + - mountPath: /data/rustfs2 + name: data-rustfs-2 + - mountPath: /data/rustfs3 + name: data-rustfs-3 + enableServiceLinks: false + imagePullSecrets: [] + initContainers: + - command: + - sh + - -c + - | + if [ "$REPLICA_COUNT" -eq 4 ]; then + for i in $(seq 0 $(($REPLICA_COUNT - 1))); do + mkdir -p /data/rustfs$i + done; + elif [ "$REPLICA_COUNT" -eq 16 ]; then + mkdir -p /data + fi + mkdir -p /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + env: + - name: REPLICA_COUNT + value: "4" + image: busybox:stable + imagePullPolicy: IfNotPresent + name: init-step + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data/rustfs0 + name: data-rustfs-0 + - mountPath: /data/rustfs1 + name: data-rustfs-1 + - mountPath: /data/rustfs2 + name: data-rustfs-2 + - mountPath: /data/rustfs3 + name: data-rustfs-3 + - mountPath: /mnt/rustfs + name: logs + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 + volumeClaimTemplates: + - metadata: + annotations: null + labels: {} + name: logs + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path + - metadata: + annotations: null + labels: {} + name: data-rustfs-0 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path + - metadata: + annotations: null + labels: {} + name: data-rustfs-1 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path + - metadata: + annotations: null + labels: {} + name: data-rustfs-2 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path + - metadata: + annotations: null + labels: {} + name: data-rustfs-3 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path +--- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: @@ -9303,48 +9558,6 @@ spec: - data-plane.knative.dev secretName: routing-serving-certs --- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: knative-ingress-gateway - namespace: knative-serving -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 80 - protocol: HTTP ---- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: knative-local-gateway - namespace: knative-serving -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 8081 - protocol: HTTP ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -9405,6 +9618,38 @@ spec: path: /flyteidl2. pathType: Prefix --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs + namespace: flyte +spec: + ingressClassName: nginx + rules: + - host: example.rustfs.com + http: + paths: + - backend: + service: + name: flyte-devbox-rustfs-svc + port: + name: console + path: / + pathType: Prefix +--- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: @@ -9441,6 +9686,32 @@ spec: matchLabels: app: webhook --- +apiVersion: v1 +kind: Pod +metadata: + annotations: + helm.sh/hook: test + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs-test-connection + namespace: flyte +spec: + containers: + - args: + - -O + - /dev/null + - flyte-devbox-rustfs-svc:9000/health + command: + - wget + image: busybox:stable + imagePullPolicy: IfNotPresent + name: wget + restartPolicy: Never +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index 2e66f5c7dd..5ce8f009ef 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -7057,6 +7057,19 @@ spec: status: {} --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs + namespace: flyte +--- +apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7547,6 +7560,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: http://flyte-devbox-rustfs-{0...3}.flyte-devbox-rustfs-headless.flyte.svc.cluster.local:9000/data/rustfs{0...3} +kind: ConfigMap +metadata: + labels: {} + name: flyte-devbox-rustfs-config + namespace: flyte +--- +apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -7648,7 +7677,7 @@ metadata: --- apiVersion: v1 data: - local-gateway.knative-serving.knative-local-gateway: knative-local-gateway.istio-system.svc.cluster.local + local-gateway.knative-serving.knative-local-gateway: kourier-internal.kourier-system.svc.cluster.local kind: ConfigMap metadata: labels: @@ -7743,6 +7772,17 @@ metadata: type: Opaque --- apiVersion: v1 +data: + RUSTFS_ACCESS_KEY: cnVzdGZzYWRtaW4= + RUSTFS_SECRET_KEY: cnVzdGZzYWRtaW4= +kind: Secret +metadata: + labels: {} + name: flyte-devbox-rustfs-secret + namespace: flyte +type: Opaque +--- +apiVersion: v1 data: access-key: cnVzdGZz secret-key: cnVzdGZzc3RvcmFnZQ== @@ -7882,6 +7922,53 @@ spec: --- apiVersion: v1 kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs-headless + namespace: flyte +spec: + clusterIP: None + ports: + - name: endpoint + port: 9000 + - name: console + port: 9001 + publishNotReadyAddresses: true + selector: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/name: rustfs +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs-svc + namespace: flyte +spec: + ports: + - name: endpoint + port: 9000 + targetPort: 9000 + - name: console + port: 9001 + targetPort: 9001 + selector: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/name: rustfs + type: ClusterIP +--- +apiVersion: v1 +kind: Service metadata: labels: app.kubernetes.io/name: embedded-postgresql @@ -7919,29 +8006,6 @@ spec: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - experimental.istio.io/disable-gateway-port-translation: "true" - networking.knative.dev/ingress-provider: istio - name: knative-local-gateway - namespace: istio-system -spec: - ports: - - name: http2 - port: 80 - targetPort: 8081 - - name: https - port: 443 - targetPort: 8444 - selector: - istio: ingressgateway - type: ClusterIP ---- -apiVersion: v1 -kind: Service metadata: labels: app: activator @@ -8794,6 +8858,197 @@ spec: serviceAccountName: controller terminationGracePeriodSeconds: 300 --- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs + namespace: flyte +spec: + podManagementPolicy: Parallel + replicas: 4 + selector: + matchLabels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/name: rustfs + serviceName: flyte-devbox-rustfs-headless + template: + metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/name: rustfs + spec: + affinity: + nodeAffinity: {} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - rustfs + topologyKey: kubernetes.io/hostname + containers: + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: flyte-devbox-rustfs-config + - secretRef: + name: flyte-devbox-rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: endpoint + initialDelaySeconds: 10 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + name: rustfs + ports: + - containerPort: 9000 + name: endpoint + - containerPort: 9001 + name: console + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /logs + name: logs + subPath: logs + - mountPath: /data/rustfs0 + name: data-rustfs-0 + - mountPath: /data/rustfs1 + name: data-rustfs-1 + - mountPath: /data/rustfs2 + name: data-rustfs-2 + - mountPath: /data/rustfs3 + name: data-rustfs-3 + enableServiceLinks: false + imagePullSecrets: [] + initContainers: + - command: + - sh + - -c + - | + if [ "$REPLICA_COUNT" -eq 4 ]; then + for i in $(seq 0 $(($REPLICA_COUNT - 1))); do + mkdir -p /data/rustfs$i + done; + elif [ "$REPLICA_COUNT" -eq 16 ]; then + mkdir -p /data + fi + mkdir -p /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + env: + - name: REPLICA_COUNT + value: "4" + image: busybox:stable + imagePullPolicy: IfNotPresent + name: init-step + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data/rustfs0 + name: data-rustfs-0 + - mountPath: /data/rustfs1 + name: data-rustfs-1 + - mountPath: /data/rustfs2 + name: data-rustfs-2 + - mountPath: /data/rustfs3 + name: data-rustfs-3 + - mountPath: /mnt/rustfs + name: logs + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 + volumeClaimTemplates: + - metadata: + annotations: null + labels: {} + name: logs + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path + - metadata: + annotations: null + labels: {} + name: data-rustfs-0 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path + - metadata: + annotations: null + labels: {} + name: data-rustfs-1 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path + - metadata: + annotations: null + labels: {} + name: data-rustfs-2 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path + - metadata: + annotations: null + labels: {} + name: data-rustfs-3 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path +--- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: @@ -8898,48 +9153,6 @@ spec: - data-plane.knative.dev secretName: routing-serving-certs --- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: knative-ingress-gateway - namespace: knative-serving -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 80 - protocol: HTTP ---- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: 1.18.1 - networking.knative.dev/ingress-provider: istio - name: knative-local-gateway - namespace: knative-serving -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 8081 - protocol: HTTP ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -9000,6 +9213,38 @@ spec: path: /flyteidl2. pathType: Prefix --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs + namespace: flyte +spec: + ingressClassName: nginx + rules: + - host: example.rustfs.com + http: + paths: + - backend: + service: + name: flyte-devbox-rustfs-svc + port: + name: console + path: / + pathType: Prefix +--- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: @@ -9036,6 +9281,32 @@ spec: matchLabels: app: webhook --- +apiVersion: v1 +kind: Pod +metadata: + annotations: + helm.sh/hook: test + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: flyte-devbox-rustfs-test-connection + namespace: flyte +spec: + containers: + - args: + - -O + - /dev/null + - flyte-devbox-rustfs-svc:9000/health + command: + - wget + image: busybox:stable + imagePullPolicy: IfNotPresent + name: wget + restartPolicy: Never +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: From dbb7ffbe03aa91cad50ef7458328b7c990129c2c Mon Sep 17 00:00:00 2001 From: Kevin Su Date: Fri, 1 May 2026 14:03:37 -0700 Subject: [PATCH 2/2] nit Signed-off-by: Kevin Su --- docker/devbox-bundled/manifests/complete.yaml | 336 ------------------ docker/devbox-bundled/manifests/dev.yaml | 336 ------------------ 2 files changed, 672 deletions(-) diff --git a/docker/devbox-bundled/manifests/complete.yaml b/docker/devbox-bundled/manifests/complete.yaml index a8fb8b996d..524f48f82f 100644 --- a/docker/devbox-bundled/manifests/complete.yaml +++ b/docker/devbox-bundled/manifests/complete.yaml @@ -7068,19 +7068,6 @@ metadata: namespace: flyte --- apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs - namespace: flyte ---- -apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7844,22 +7831,6 @@ metadata: namespace: flyte --- apiVersion: v1 -data: - RUSTFS_ADDRESS: :9000 - RUSTFS_CONSOLE_ADDRESS: :9001 - RUSTFS_CONSOLE_ENABLE: "true" - RUSTFS_OBS_ENVIRONMENT: development - RUSTFS_OBS_LOG_DIRECTORY: /logs - RUSTFS_OBS_LOGGER_LEVEL: info - RUSTFS_REGION: us-east-1 - RUSTFS_VOLUMES: http://flyte-devbox-rustfs-{0...3}.flyte-devbox-rustfs-headless.flyte.svc.cluster.local:9000/data/rustfs{0...3} -kind: ConfigMap -metadata: - labels: {} - name: flyte-devbox-rustfs-config - namespace: flyte ---- -apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -8079,17 +8050,6 @@ stringData: type: Opaque --- apiVersion: v1 -data: - RUSTFS_ACCESS_KEY: cnVzdGZzYWRtaW4= - RUSTFS_SECRET_KEY: cnVzdGZzYWRtaW4= -kind: Secret -metadata: - labels: {} - name: flyte-devbox-rustfs-secret - namespace: flyte -type: Opaque ---- -apiVersion: v1 data: access-key: cnVzdGZz secret-key: cnVzdGZzc3RvcmFnZQ== @@ -8229,53 +8189,6 @@ spec: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs-headless - namespace: flyte -spec: - clusterIP: None - ports: - - name: endpoint - port: 9000 - - name: console - port: 9001 - publishNotReadyAddresses: true - selector: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/name: rustfs ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs-svc - namespace: flyte -spec: - ports: - - name: endpoint - port: 9000 - targetPort: 9000 - - name: console - port: 9001 - targetPort: 9001 - selector: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/name: rustfs - type: ClusterIP ---- -apiVersion: v1 -kind: Service metadata: labels: app.kubernetes.io/name: embedded-postgresql @@ -9263,197 +9176,6 @@ spec: serviceAccountName: controller terminationGracePeriodSeconds: 300 --- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs - namespace: flyte -spec: - podManagementPolicy: Parallel - replicas: 4 - selector: - matchLabels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/name: rustfs - serviceName: flyte-devbox-rustfs-headless - template: - metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/name: rustfs - spec: - affinity: - nodeAffinity: {} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - rustfs - topologyKey: kubernetes.io/hostname - containers: - - command: - - /usr/bin/rustfs - envFrom: - - configMapRef: - name: flyte-devbox-rustfs-config - - secretRef: - name: flyte-devbox-rustfs-secret - image: rustfs/rustfs:1.0.0-alpha.94 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: endpoint - initialDelaySeconds: 10 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 3 - name: rustfs - ports: - - containerPort: 9000 - name: endpoint - - containerPort: 9001 - name: console - readinessProbe: - failureThreshold: 3 - httpGet: - path: /health/ready - port: endpoint - initialDelaySeconds: 30 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 3 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /logs - name: logs - subPath: logs - - mountPath: /data/rustfs0 - name: data-rustfs-0 - - mountPath: /data/rustfs1 - name: data-rustfs-1 - - mountPath: /data/rustfs2 - name: data-rustfs-2 - - mountPath: /data/rustfs3 - name: data-rustfs-3 - enableServiceLinks: false - imagePullSecrets: [] - initContainers: - - command: - - sh - - -c - - | - if [ "$REPLICA_COUNT" -eq 4 ]; then - for i in $(seq 0 $(($REPLICA_COUNT - 1))); do - mkdir -p /data/rustfs$i - done; - elif [ "$REPLICA_COUNT" -eq 16 ]; then - mkdir -p /data - fi - mkdir -p /mnt/rustfs/logs - chmod 755 /mnt/rustfs/logs - env: - - name: REPLICA_COUNT - value: "4" - image: busybox:stable - imagePullPolicy: IfNotPresent - name: init-step - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /data/rustfs0 - name: data-rustfs-0 - - mountPath: /data/rustfs1 - name: data-rustfs-1 - - mountPath: /data/rustfs2 - name: data-rustfs-2 - - mountPath: /data/rustfs3 - name: data-rustfs-3 - - mountPath: /mnt/rustfs - name: logs - securityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsUser: 10001 - volumeClaimTemplates: - - metadata: - annotations: null - labels: {} - name: logs - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path - - metadata: - annotations: null - labels: {} - name: data-rustfs-0 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path - - metadata: - annotations: null - labels: {} - name: data-rustfs-1 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path - - metadata: - annotations: null - labels: {} - name: data-rustfs-2 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path - - metadata: - annotations: null - labels: {} - name: data-rustfs-3 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path ---- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: @@ -9618,38 +9340,6 @@ spec: path: /flyteidl2. pathType: Prefix --- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/affinity: cookie - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/session-cookie-expires: "3600" - nginx.ingress.kubernetes.io/session-cookie-hash: sha1 - nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" - nginx.ingress.kubernetes.io/session-cookie-name: rustfs - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs - namespace: flyte -spec: - ingressClassName: nginx - rules: - - host: example.rustfs.com - http: - paths: - - backend: - service: - name: flyte-devbox-rustfs-svc - port: - name: console - path: / - pathType: Prefix ---- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: @@ -9686,32 +9376,6 @@ spec: matchLabels: app: webhook --- -apiVersion: v1 -kind: Pod -metadata: - annotations: - helm.sh/hook: test - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs-test-connection - namespace: flyte -spec: - containers: - - args: - - -O - - /dev/null - - flyte-devbox-rustfs-svc:9000/health - command: - - wget - image: busybox:stable - imagePullPolicy: IfNotPresent - name: wget - restartPolicy: Never ---- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index 5ce8f009ef..c5259baa93 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -7057,19 +7057,6 @@ spec: status: {} --- apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs - namespace: flyte ---- -apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7560,22 +7547,6 @@ metadata: namespace: flyte --- apiVersion: v1 -data: - RUSTFS_ADDRESS: :9000 - RUSTFS_CONSOLE_ADDRESS: :9001 - RUSTFS_CONSOLE_ENABLE: "true" - RUSTFS_OBS_ENVIRONMENT: development - RUSTFS_OBS_LOG_DIRECTORY: /logs - RUSTFS_OBS_LOGGER_LEVEL: info - RUSTFS_REGION: us-east-1 - RUSTFS_VOLUMES: http://flyte-devbox-rustfs-{0...3}.flyte-devbox-rustfs-headless.flyte.svc.cluster.local:9000/data/rustfs{0...3} -kind: ConfigMap -metadata: - labels: {} - name: flyte-devbox-rustfs-config - namespace: flyte ---- -apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -7772,17 +7743,6 @@ metadata: type: Opaque --- apiVersion: v1 -data: - RUSTFS_ACCESS_KEY: cnVzdGZzYWRtaW4= - RUSTFS_SECRET_KEY: cnVzdGZzYWRtaW4= -kind: Secret -metadata: - labels: {} - name: flyte-devbox-rustfs-secret - namespace: flyte -type: Opaque ---- -apiVersion: v1 data: access-key: cnVzdGZz secret-key: cnVzdGZzc3RvcmFnZQ== @@ -7922,53 +7882,6 @@ spec: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs-headless - namespace: flyte -spec: - clusterIP: None - ports: - - name: endpoint - port: 9000 - - name: console - port: 9001 - publishNotReadyAddresses: true - selector: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/name: rustfs ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs-svc - namespace: flyte -spec: - ports: - - name: endpoint - port: 9000 - targetPort: 9000 - - name: console - port: 9001 - targetPort: 9001 - selector: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/name: rustfs - type: ClusterIP ---- -apiVersion: v1 -kind: Service metadata: labels: app.kubernetes.io/name: embedded-postgresql @@ -8858,197 +8771,6 @@ spec: serviceAccountName: controller terminationGracePeriodSeconds: 300 --- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs - namespace: flyte -spec: - podManagementPolicy: Parallel - replicas: 4 - selector: - matchLabels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/name: rustfs - serviceName: flyte-devbox-rustfs-headless - template: - metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/name: rustfs - spec: - affinity: - nodeAffinity: {} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - rustfs - topologyKey: kubernetes.io/hostname - containers: - - command: - - /usr/bin/rustfs - envFrom: - - configMapRef: - name: flyte-devbox-rustfs-config - - secretRef: - name: flyte-devbox-rustfs-secret - image: rustfs/rustfs:1.0.0-alpha.94 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: endpoint - initialDelaySeconds: 10 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 3 - name: rustfs - ports: - - containerPort: 9000 - name: endpoint - - containerPort: 9001 - name: console - readinessProbe: - failureThreshold: 3 - httpGet: - path: /health/ready - port: endpoint - initialDelaySeconds: 30 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 3 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /logs - name: logs - subPath: logs - - mountPath: /data/rustfs0 - name: data-rustfs-0 - - mountPath: /data/rustfs1 - name: data-rustfs-1 - - mountPath: /data/rustfs2 - name: data-rustfs-2 - - mountPath: /data/rustfs3 - name: data-rustfs-3 - enableServiceLinks: false - imagePullSecrets: [] - initContainers: - - command: - - sh - - -c - - | - if [ "$REPLICA_COUNT" -eq 4 ]; then - for i in $(seq 0 $(($REPLICA_COUNT - 1))); do - mkdir -p /data/rustfs$i - done; - elif [ "$REPLICA_COUNT" -eq 16 ]; then - mkdir -p /data - fi - mkdir -p /mnt/rustfs/logs - chmod 755 /mnt/rustfs/logs - env: - - name: REPLICA_COUNT - value: "4" - image: busybox:stable - imagePullPolicy: IfNotPresent - name: init-step - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /data/rustfs0 - name: data-rustfs-0 - - mountPath: /data/rustfs1 - name: data-rustfs-1 - - mountPath: /data/rustfs2 - name: data-rustfs-2 - - mountPath: /data/rustfs3 - name: data-rustfs-3 - - mountPath: /mnt/rustfs - name: logs - securityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsUser: 10001 - volumeClaimTemplates: - - metadata: - annotations: null - labels: {} - name: logs - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path - - metadata: - annotations: null - labels: {} - name: data-rustfs-0 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path - - metadata: - annotations: null - labels: {} - name: data-rustfs-1 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path - - metadata: - annotations: null - labels: {} - name: data-rustfs-2 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path - - metadata: - annotations: null - labels: {} - name: data-rustfs-3 - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 256Mi - storageClassName: local-path ---- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: @@ -9213,38 +8935,6 @@ spec: path: /flyteidl2. pathType: Prefix --- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/affinity: cookie - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/session-cookie-expires: "3600" - nginx.ingress.kubernetes.io/session-cookie-hash: sha1 - nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" - nginx.ingress.kubernetes.io/session-cookie-name: rustfs - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs - namespace: flyte -spec: - ingressClassName: nginx - rules: - - host: example.rustfs.com - http: - paths: - - backend: - service: - name: flyte-devbox-rustfs-svc - port: - name: console - path: / - pathType: Prefix ---- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: @@ -9281,32 +8971,6 @@ spec: matchLabels: app: webhook --- -apiVersion: v1 -kind: Pod -metadata: - annotations: - helm.sh/hook: test - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rustfs - app.kubernetes.io/version: 1.0.0-alpha.94 - helm.sh/chart: rustfs-0.0.94 - name: flyte-devbox-rustfs-test-connection - namespace: flyte -spec: - containers: - - args: - - -O - - /dev/null - - flyte-devbox-rustfs-svc:9000/health - command: - - wget - image: busybox:stable - imagePullPolicy: IfNotPresent - name: wget - restartPolicy: Never ---- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: