uctl get workflow-execution-config

Gets matchable resources of workflow execution config.

Synopsis

Retrieve workflow execution config for the given project and domain, in combination with the workflow name.

For project flytesnacks and development domain:

$ uctl get workflow-execution-config -p flytesnacks -d development

Example: output from the command:

{
   "project": "flytesnacks",
   "domain": "development",
   "max_parallelism": 5
}

Retrieve workflow execution config for the project, domain, and workflow. For project flytesnacks, development domain and workflow core.control_flow.merge_sort.merge_sort:

$ uctl get workflow-execution-config -p flytesnacks -d development core.control_flow.merge_sort.merge_sort

Example: output from the command:

{
   "project": "flytesnacks",
   "domain": "development",
   "workflow": "core.control_flow.merge_sort.merge_sort"
   "max_parallelism": 5
}

Write the workflow execution config to a file. If there are no workflow execution config, the command throws an error. The config file is written to wec.yaml file. Example: content of wec.yaml:

$ uctl get workflow-execution-config -p flytesnacks -d development --attrFile wec.yaml
domain: development
project: flytesnacks
max_parallelism: 5

Generate a sample workflow execution config file to be used for creating a new workflow execution config at project domain

::

uctl get workflow-execution-config -p flytesnacks -d development –attrFile wec.yaml –gen

annotations:
  values:
    cliAnnotationKey: cliAnnotationValue
domain: development
labels:
  values:
    cliLabelKey: cliLabelValue
max_parallelism: 10
project: flytesnacks
raw_output_data_config:
  output_location_prefix: cliOutputLocationPrefix
security_context:
  run_as:
    k8s_service_account: default

Generate a sample workflow execution config file to be used for creating a new workflow execution config at project domain workflow level

::

uctl get workflow-execution-config -p flytesnacks -d development –attrFile wec.yaml uctl get workflow-execution-config –gen

annotations:
  values:
    cliAnnotationKey: cliAnnotationValue
domain: development
labels:
  values:
    cliLabelKey: cliLabelValue
max_parallelism: 10
project: flytesnacks
workflow: k8s_spark.dataframe_passing.my_smart_structured_dataset
raw_output_data_config:
  output_location_prefix: cliOutputLocationPrefix
security_context:
  run_as:
    k8s_service_account: default

Usage:

$ uctl get workflow-execution-config [flags]

Options

Option Type Description
--attrFile string attribute file name to be used for generating attribute for the resource type.
--gen generates an empty workflow execution config file with conformance to the api format.
-h, --help help for workflow-execution-config

Options inherited from parent commands

Option Type Description
--admin.audience string Audience to use when initiating OAuth2 authorization requests.
--admin.authType string Type of OAuth2 flow used for communicating with admin.ClientSecret, Pkce, ExternalCommand are valid values (default “ClientSecret”)
--admin.authorizationHeader string Custom metadata header to pass JWT
--admin.authorizationServerUrl string This is the URL to your IdP’s authorization server. It’ll default to Endpoint
--admin.caCertFilePath string Use specified certificate file to verify the admin server peer.
--admin.clientId string Client ID (default “flytepropeller”)
--admin.clientSecretEnvVar string Environment variable containing the client secret
--admin.clientSecretLocation string File containing the client secret (default “/etc/secrets/client_secret”)
--admin.command strings Command for external authentication token generation
--admin.defaultOrg string OPTIONAL: Default org to use to support non-org based cli’s.'.
--admin.defaultServiceConfig string
--admin.deviceFlowConfig.pollInterval string amount of time the device flow would poll the token endpoint if auth server doesn’t return a polling interval. Okta and google IDP do return an interval’ (default “5s”)
--admin.deviceFlowConfig.refreshTime string grace period from the token expiry after which it would refresh the token. (default “5m0s”)
--admin.deviceFlowConfig.timeout string amount of time the device flow should complete or else it will be cancelled. (default “10m0s”)
--admin.endpoint string For admin types, specify where the uri of the service is located.
--admin.httpProxyURL string OPTIONAL: HTTP Proxy to be used for OAuth requests.
--admin.insecure Use insecure connection.
--admin.insecureSkipVerify InsecureSkipVerify controls whether a client verifies the server’s certificate chain and host name.Caution: shouldn’t be use for production usecases'
--admin.maxBackoffDelay string Max delay for grpc backoff (default “8s”)
--admin.maxMessageSizeBytes int The max size in bytes for incoming gRPC messages
--admin.maxRetries int Max number of gRPC retries (default 4)
--admin.perRetryTimeout string gRPC per retry timeout (default “15s”)
--admin.pkceConfig.refreshTime string grace period from the token expiry after which it would refresh the token. (default “5m0s”)
--admin.pkceConfig.timeout string Amount of time the browser session would be active for authentication from client app. (default “2m0s”)
--admin.proxyCommand strings Command for external proxy-authorization token generation
--admin.scopes strings List of scopes to request
--admin.tokenRefreshWindow string Max duration between token refresh attempt and token expiry. (default “0s”)
--admin.tokenUrl string OPTIONAL: Your IdP’s token endpoint. It’ll be discovered from flyte admin’s OAuth Metadata endpoint if not provided.
--admin.useAudienceFromAdmin Use Audience configured from admins public endpoint config.
--admin.useAuth Deprecated: Auth will be enabled/disabled based on admin’s dynamically discovered information.
--auth.appAuth.externalAuthServer.allowedAudience strings Optional: A list of allowed audiences. If not provided, the audience is expected to be the public Uri of the service.
--auth.appAuth.externalAuthServer.baseUrl string This should be the base url of the authorization server that you are trying to hit. With Okta for instance, it will look something like https://company.okta.com/oauth2/abcdef123456789/
--auth.appAuth.externalAuthServer.httpProxyURL string OPTIONAL: HTTP Proxy to be used for OAuth requests.
--auth.appAuth.externalAuthServer.metadataUrl string Optional: If the server doesn’t support /.well-known/oauth-authorization-server, you can set a custom metadata url here.'
--auth.appAuth.externalAuthServer.retryAttempts int Optional: The number of attempted retries on a transient failure to get the OAuth metadata (default 5)
--auth.appAuth.externalAuthServer.retryDelay string Optional, Duration to wait between retries (default “1s”)
--auth.appAuth.selfAuthServer.accessTokenLifespan string Defines the lifespan of issued access tokens. (default “30m0s”)
--auth.appAuth.selfAuthServer.authorizationCodeLifespan string Defines the lifespan of issued access tokens. (default “5m0s”)
--auth.appAuth.selfAuthServer.claimSymmetricEncryptionKeySecretName string OPTIONAL: Secret name to use to encrypt claims in authcode token. (default “claim_symmetric_key”)
--auth.appAuth.selfAuthServer.issuer string Defines the issuer to use when issuing and validating tokens. The default value is https://{requestUri.HostAndPort}/
--auth.appAuth.selfAuthServer.oldTokenSigningRSAKeySecretName string OPTIONAL: Secret name to use to retrieve Old RSA Signing Key. This can be useful during key rotation to continue to accept older tokens. (default “token_rsa_key_old.pem”)
--auth.appAuth.selfAuthServer.refreshTokenLifespan string Defines the lifespan of issued access tokens. (default “1h0m0s”)
--auth.appAuth.selfAuthServer.tokenSigningRSAKeySecretName string OPTIONAL: Secret name to use to retrieve RSA Signing Key. (default “token_rsa_key.pem”)
--auth.appAuth.thirdPartyConfig.flyteClient.audience string Audience to use when initiating OAuth2 authorization requests.
--auth.appAuth.thirdPartyConfig.flyteClient.clientId string public identifier for the app which handles authorization for a Flyte deployment (default “uctl”)
--auth.appAuth.thirdPartyConfig.flyteClient.redirectUri string This is the callback uri registered with the app which handles authorization for a Flyte deployment (default “http://localhost:53593/callback”)
--auth.appAuth.thirdPartyConfig.flyteClient.scopes strings Recommended scopes for the client to request. (default [all,offline])
--auth.disableForGrpc Disables auth enforcement on Grpc Endpoints.
--auth.disableForHttp Disables auth enforcement on HTTP Endpoints.
--auth.grpcAuthorizationHeader string (default “flyte-authorization”)
--auth.httpAuthorizationHeader string (default “flyte-authorization”)
--auth.httpProxyURL string OPTIONAL: HTTP Proxy to be used for OAuth requests.
--auth.tokenEndpointProxyPath string The path used to proxy calls to the TokenURL
--auth.userAuth.cookieBlockKeySecretName string OPTIONAL: Secret name to use for cookie block key. (default “cookie_block_key”)
--auth.userAuth.cookieHashKeySecretName string OPTIONAL: Secret name to use for cookie hash key. (default “cookie_hash_key”)
--auth.userAuth.cookieSetting.domain string OPTIONAL: Allows you to set the domain attribute on the auth cookies.
--auth.userAuth.cookieSetting.sameSitePolicy string OPTIONAL: Allows you to declare if your cookie should be restricted to a first-party or same-site context.Wrapper around http.SameSite. (default “DefaultMode”)
--auth.userAuth.httpProxyURL string OPTIONAL: HTTP Proxy to be used for OAuth requests.
--auth.userAuth.idpQueryParameter string idp query parameter used for selecting a particular IDP for doing user authentication. Eg: for Okta passing idp={IDP-ID} forces the authentication to happen with IDP-ID
--auth.userAuth.openId.baseUrl string
--auth.userAuth.openId.clientId string
--auth.userAuth.openId.clientSecretFile string
--auth.userAuth.openId.clientSecretName string (default “oidc_client_secret”)
--auth.userAuth.openId.scopes strings (default [openid,profile])
--auth.userAuth.redirectUrl string (default “/console”)
--authorizer.internalCommunicationConfig.enabled Enables authorization decisions for internal communication. (default true)
--authorizer.internalCommunicationConfig.ingressIdentity string IngressIdentity used in the cluster. Needed to exclude the communication coming from ingress. (default “ingress-nginx.ingress-nginx.serviceaccount.identity.linkerd.cluster.local”)
--authorizer.internalCommunicationConfig.tenantUrlPatternIdentity string UrlPatternIdentity of the internal tenant service endpoint identities. (default “{{ service }}.{{ org }}.serviceaccount.identity.linkerd.cluster.local”)
--authorizer.internalCommunicationConfig.urlPatternIdentity string UrlPatternIdentity of the internal service endpoint identities. (default “{{ service }}-helmchart.{{ service }}.serviceaccount.identity.linkerd.cluster.local”)
--authorizer.mode string (default “Active”)
--authorizer.organizationConfig.PolicyConfig.adminPolicyDescription string description for the boilerplate admin policy (default “Contributor permissions and full admin permissions to manage users and view usage dashboards”)
--authorizer.organizationConfig.PolicyConfig.contributorPolicyDescription string description for the boilerplate contributor policy (default “Viewer permissions and permissions to create workflows, tasks, launch plans, and executions”)
--authorizer.organizationConfig.PolicyConfig.defaultUserPolicyRoleType string name of the role type to determine which default policy new users added to the organization should be assigned (default “Viewer”)
--authorizer.organizationConfig.PolicyConfig.serverlessContributorPolicyDescription string description for the boilerplate serverless contributor policy (default “Viewer permissions and permissions to create workflows, tasks, launch plans, and executions”)
--authorizer.organizationConfig.PolicyConfig.serverlessViewerPolicyDescription string description for the boilerplate serverless viewer policy (default “Permissions to view Flyte entities”)
--authorizer.organizationConfig.PolicyConfig.viewerPolicyDescription string description for the boilerplate viewer policy (default “Permissions to view Flyte entities”)
--authorizer.organizationConfig.defaultPolicyCacheDuration string Cache entry duration for the store of the default policy per organization (default “10m0s”)
--authorizer.syncRuleRefreshInterval string (default “1m0s”)
--authorizer.type string (default “UserClouds”)
--authorizer.userCloudsClient.cache.redis.ttl.edgeTypes string Specifies how long edge types remain in the cache.. (default “30m0s”)
--authorizer.userCloudsClient.cache.redis.ttl.edges string Specifies how long edges remain in the cache. (default “30m0s”)
--authorizer.userCloudsClient.cache.redis.ttl.objectTypes string Specifies how long object types remain in the cache. (default “30m0s”)
--authorizer.userCloudsClient.cache.redis.ttl.objects string Specifies how long objects remain in the cache. (default “30m0s”)
--authorizer.userCloudsClient.cache.type string Cache type to use. (default “none”)
--authorizer.userCloudsClient.clientID string UserClouds client id
--authorizer.userCloudsClient.clientSecretName string UserCloud client secret name to read from the secret manager. (default “userclouds-client-secret”)
--authorizer.userCloudsClient.enableLogging Enable userclouds client’s internal logging. Calls to post logs take 250-350 ms and will impact p99 latency, enable with caution.
--authorizer.userCloudsClient.tenantID string UserClouds tenant id. Should be a UUID.
--authorizer.userCloudsClient.tenantUrl string Something like https://{yourtenant}.tenant.userclouds.com
--config string config file (default is /Users/andrew/.union/config.yaml)
--connection.environment string
--connection.region string
--connection.rootTenantURLPattern string Pattern for tenant url. (default “dns:///{{ organization }}.cloud-staging.union.ai”)
--console.endpoint string Endpoint of console, if different than flyte admin
--database.connMaxLifeTime string sets the maximum amount of time a connection may be reused (default “1h0m0s”)
--database.enableForeignKeyConstraintWhenMigrating Whether to enable gorm foreign keys when migrating the db
--database.maxIdleConnections int maxIdleConnections sets the maximum number of connections in the idle connection pool. (default 10)
--database.maxOpenConnections int maxOpenConnections sets the maximum number of open connections to the database. (default 100)
--database.postgres.dbname string The database name (default “postgres”)
--database.postgres.debug
--database.postgres.host string The host name of the database server (default “localhost”)
--database.postgres.options string See http://gorm.io/docs/connecting_to_the_database.html for available options passed, in addition to the above. (default “sslmode=disable”)
--database.postgres.password string The database password. (default “postgres”)
--database.postgres.passwordPath string Points to the file containing the database password.
--database.postgres.port int The port name of the database server (default 30001)
--database.postgres.readReplicaHost string The host name of the read replica database server (default “localhost”)
--database.postgres.username string The database user who is connecting to the server. (default “postgres”)
--database.sqlite.file string The path to the file (existing or new) where the DB should be created / stored. If existing, then this will be re-used, else a new will be created
--db.connectionPool.maxConnectionLifetime string (default “0s”)
--db.connectionPool.maxIdleConnections int
--db.connectionPool.maxOpenConnections int
--db.dbname string (default “postgres”)
--db.debug
--db.host string (default “postgres”)
--db.log_level int (default 4)
--db.options string (default “sslmode=disable”)
--db.password string
--db.passwordPath string
--db.port int (default 5432)
--db.username string (default “postgres”)
-d, --domain string Specifies the Flyte project’s domain.
--files.archive Pass in archive file either an http link or local path.
--files.assumableIamRole string Custom assumable iam auth role to register launch plans with.
--files.continueOnError Continue on error when registering files.
--files.destinationDirectory string Location of source code in container.
--files.dryRun Execute command without making any modifications.
--files.enableSchedule Enable the schedule if the files contain schedulable launchplan.
--files.force Force use of version number on entities registered with flyte.
--files.k8ServiceAccount string Deprecated. Please use --K8sServiceAccount
--files.k8sServiceAccount string Custom kubernetes service account auth role to register launch plans with.
--files.outputLocationPrefix string Custom output location prefix for offloaded types (files/schemas).
--files.sourceUploadPath string Deprecated: Update flyte admin to avoid having to configure storage access from uctl.
--files.version string Version of the entity to be registered with flyte which are un-versioned after serialization.
--logger.formatter.type string Sets logging format type. (default “json”)
--logger.level int Sets the minimum logging level. (default 3)
--logger.mute Mutes all logs regardless of severity. Intended for benchmarks/tests only.
--logger.show-source Includes source code location in logs.
--org string Organization to work on. If not set, default to user’s org.
--otel.file.filename string Filename to store exported telemetry traces (default “/tmp/trace.txt”)
--otel.jaeger.endpoint string Endpoint for the jaeger telemetry trace ingestor (default “http://localhost:14268/api/traces”)
--otel.otlpgrpc.endpoint string Endpoint for the OTLP telemetry trace collector (default “http://localhost:4317”)
--otel.otlphttp.endpoint string Endpoint for the OTLP telemetry trace collector (default “http://localhost:4318/v1/traces”)
--otel.sampler.parentSampler string Sets the parent sampler to use for the tracer (default “always”)
--otel.type string Sets the type of exporter to configure [noop/file/jaeger/otlpgrpc/otlphttp]. (default “noop”)
-o, --output string Specifies the output type - supported formats [TABLE JSON YAML DOT DOTURL]. NOTE: dot, doturl are only supported for Workflow (default “table”)
--plugins.catalogcache.reader.maxItems int Maximum number of entries to keep in the index. (default 10000)
--plugins.catalogcache.reader.maxRetries int Maximum number of retries per item. (default 3)
--plugins.catalogcache.reader.workers int Number of concurrent workers to start processing the queue. (default 10)
--plugins.catalogcache.writer.maxItems int Maximum number of entries to keep in the index. (default 10000)
--plugins.catalogcache.writer.maxRetries int Maximum number of retries per item. (default 3)
--plugins.catalogcache.writer.workers int Number of concurrent workers to start processing the queue. (default 10)
-p, --project string Specifies the Flyte project.
--rediscache.passwordSecretName string Name of secret with Redis password.
--rediscache.primaryEndpoint string Primary endpoint for the redis cache that can be used for both reads and writes.
--rediscache.replicaEndpoint string Replica endpoint for the redis cache that can be used for reads.
--secrets.env-prefix string Prefix for environment variables (default “FLYTE_SECRET_”)
--secrets.secrets-prefix string Prefix where to look for secrets file (default “/etc/secrets”)
--secrets.type string Sets the type of storage to configure [local]. (default “local”)
--server.dataProxy.download.maxExpiresIn string Maximum allowed expiration duration. (default “1h0m0s”)
--server.dataProxy.upload.defaultFileNameLength int Default length for the generated file name if not provided in the request. (default 20)
--server.dataProxy.upload.maxExpiresIn string Maximum allowed expiration duration. (default “1h0m0s”)
--server.dataProxy.upload.maxSize string Maximum allowed upload size. (default “6Mi”)
--server.dataProxy.upload.storagePrefix string Storage prefix to use for all upload requests.
--server.grpc.enableGrpcLatencyMetrics Enable grpc latency metrics. Note Histograms metrics can be expensive on Prometheus servers.
--server.grpc.maxMessageSizeBytes int The max size in bytes for incoming gRPC messages
--server.grpc.port int On which grpc port to serve admin (default 8089)
--server.grpc.serverReflection Enable GRPC Server Reflection (default true)
--server.grpcPort int deprecated
--server.grpcServerReflection deprecated
--server.httpPort int On which http port to serve admin (default 8088)
--server.kube-config string Path to kubernetes client config file, default is empty, useful for incluster config.
--server.kubeClientConfig.burst int Max burst rate for throttle. 0 defaults to 10 (default 25)
--server.kubeClientConfig.qps int32 Max QPS to the master for requests to KubeAPI. 0 defaults to 5. (default 100)
--server.kubeClientConfig.timeout string Max duration allowed for every request to KubeAPI before giving up. 0 implies no timeout. (default “30s”)
--server.master string The address of the Kubernetes API server.
--server.readHeaderTimeoutSeconds int The amount of time allowed to read request headers. (default 32)
--server.security.allowCors (default true)
--server.security.allowedHeaders strings (default [Content-Type,flyte-authorization])
--server.security.allowedOrigins strings (default [*])
--server.security.auditAccess
--server.security.secure
--server.security.ssl.certificateFile string
--server.security.ssl.keyFile string
--server.security.useAuth
--server.thirdPartyConfig.flyteClient.audience string Audience to use when initiating OAuth2 authorization requests.
--server.thirdPartyConfig.flyteClient.clientId string public identifier for the app which handles authorization for a Flyte deployment
--server.thirdPartyConfig.flyteClient.redirectUri string This is the callback uri registered with the app which handles authorization for a Flyte deployment
--server.thirdPartyConfig.flyteClient.scopes strings Recommended scopes for the client to request.
--server.watchService.maxActiveClusterConnections int (default 5)
--server.watchService.maxPageSize int (default 50000)
--server.watchService.nonTerminalStatusUpdatesInterval string (default “1m0s”)
--server.watchService.pollInterval string (default “1s”)
--sharedservice.connectPort string On which connect port to serve admin (default “8080”)
--sharedservice.grpc.grpcMaxResponseStatusBytes int32 specifies the maximum (uncompressed) size of header list that the client is prepared to accept on grpc calls (default 32000)
--sharedservice.grpc.maxConcurrentStreams int Limit on the number of concurrent streams to each ServerTransport. (default 100)
--sharedservice.grpc.maxMessageSizeBytes int Limit on the size of message that can be received on the server. (default 10485760)
--sharedservice.grpcServerReflection Enable GRPC Server Reflection (default true)
--sharedservice.httpPort string On which http port to serve admin (default “8089”)
--sharedservice.kubeConfig string Path to kubernetes client config file.
--sharedservice.master string The address of the Kubernetes API server.
--sharedservice.metrics.enableClientGrpcHistograms Enable client grpc histograms (default true)
--sharedservice.metrics.enableGrpcHistograms Enable grpc histograms (default true)
--sharedservice.metrics.scope string Scope to emit metrics under (default “service:”)
--sharedservice.port string On which grpc port to serve admin (default “8080”)
--sharedservice.profiler.enabled Enable Profiler on server
--sharedservice.profilerPort string Profile port to start listen for pprof and metric handlers on. (default “10254”)
--sharedservice.security.allowCors
--sharedservice.security.allowLocalhostAccess Whether to permit localhost unauthenticated access to the server
--sharedservice.security.allowedHeaders strings
--sharedservice.security.allowedOrigins strings
--sharedservice.security.auditAccess
--sharedservice.security.orgOverride string Override org in identity context if localhost access enabled
--sharedservice.security.secure
--sharedservice.security.ssl.certificateAuthorityFile string
--sharedservice.security.ssl.certificateFile string
--sharedservice.security.ssl.keyFile string
--sharedservice.security.useAuth
--sharedservice.sync.syncInterval string Time interval to sync (default “5m0s”)
--storage.cache.max_size_mbs int Maximum size of the cache where the Blob store data is cached in-memory. If not specified or set to 0, cache is not used
--storage.cache.target_gc_percent int Sets the garbage collection target percentage.
--storage.connection.access-key string Access key to use. Only required when authtype is set to accesskey.
--storage.connection.auth-type string Auth Type to use [iam, accesskey]. (default “iam”)
--storage.connection.disable-ssl Disables SSL connection. Should only be used for development.
--storage.connection.endpoint string URL for storage client to connect to.
--storage.connection.region string Region to connect to. (default “us-east-1”)
--storage.connection.secret-key string Secret to use when accesskey is set.
--storage.container string Initial container (in s3 a bucket) to create -if it doesn’t exist-.'
--storage.defaultHttpClient.timeout string Sets time out on the http client. (default “0s”)
--storage.enable-multicontainer If this is true, then the container argument is overlooked and redundant. This config will automatically open new connections to new containers/buckets as they are encountered
--storage.limits.maxDownloadMBs int Maximum allowed download size (in MBs) per call. (default 2)
--storage.stow.config stringToString Configuration for stow backend. Refer to github/flyteorg/stow (default [])
--storage.stow.kind string Kind of Stow backend to use. Refer to github/flyteorg/stow
--storage.type string Sets the type of storage to configure [s3/minio/local/mem/stow]. (default “s3”)
--union.auth.authorizationMetadataKey string Authorization Header to use when passing Access Tokens to the server (default “flyte-authorization”)
--union.auth.clientId string Client ID
--union.auth.clientSecretEnvVar string Environment variable containing the client secret
--union.auth.clientSecretLocation string File containing the client secret
--union.auth.deviceFlow.pollInterval string amount of time the device flow would poll the token endpoint if auth server doesn’t return a polling interval. Okta and google IDP do return an interval’ (default “5s”)
--union.auth.deviceFlow.refreshTime string grace period from the token expiry after which it would refresh the token. (default “5m0s”)
--union.auth.deviceFlow.timeout string amount of time the device flow should complete or else it will be cancelled. (default “10m0s”)
--union.auth.enable Whether to enable an authenticated conenction when communicating with admin. (default true)
--union.auth.externalAuth.command strings Command for external authentication token generation
--union.auth.pkce.refreshTime string grace period from the token expiry after which it would refresh the token. (default “5m0s”)
--union.auth.pkce.timeout string Amount of time the browser session would be active for authentication from client app. (default “15s”)
--union.auth.scopes strings List of scopes to request
--union.auth.tokenRefreshWindow string Max duration between token refresh attempt and token expiry. (default “1h0m0s”)
--union.auth.tokenUrl string OPTIONAL: Your IdP’s token endpoint. It’ll be discovered from flyte admin’s OAuth Metadata endpoint if not provided.
--union.auth.type string Type of OAuth2 flow used for communicating with admin. (default “Pkce”)
--union.cache.maxItemsCount int Maximum number of items to keep in the cache before evicting. (default 1000)
--union.connection.host string Host to connect to (default “dns:///utt-mgdp-stg-us-east-2.cloud-staging.union.ai”)
--union.connection.insecure Whether to connect over insecure channel
--union.connection.insecureSkipVerify InsecureSkipVerify controls whether a client verifies the server’s certificate chain and host name.Caution: shouldn’t be use for production usecases'
--union.connection.keepAliveConfig.permitWithoutStream If true, client sends keepalive pings even with no active RPCs.
--union.connection.keepAliveConfig.time string After a duration of this time if the client doesn’t see any activity it pings the server to see if the transport is still alive. (default “20s”)
--union.connection.keepAliveConfig.timeout string After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. (default “2m0s”)
--union.connection.maxBackoffDelay string Max delay for grpc backoff (default “8s”)
--union.connection.maxRecvMsgSize int Maximum size of a message in bytes of a gRPC message (default 10485760)
--union.connection.maxRetries int Max number of gRPC retries (default 4)
--union.connection.minConnectTimeout string Minimum timeout for establishing a connection (default “20s”)
--union.connection.perRetryTimeout string gRPC per retry timeout (default “15s”)
--union.connection.serviceConfig string Defines gRPC experimental JSON Service Config (default “{“loadBalancingConfig”: [{“round_robin”:{}}]}”)
--union.connection.trustedIdentityClaims.enabled Enables passing of trusted claims while making inter service calls
--union.connection.trustedIdentityClaims.externalIdentityClaim string External identity claim of the service which is authorized to make internal service call. These are verified against userclouds actions
--union.connection.trustedIdentityClaims.externalIdentityTypeClaim string External identity type claim of app or user to use for the current service identity. It should be an ‘app’ for inter service communication
--union.internalConnectionConfig.- stringToString (default [])
--union.internalConnectionConfig.enabled Enables internal service to service communication instead of going through ingress.
--union.internalConnectionConfig.urlPattern string UrlPattern of the internal service endpoints. (default “{{ service }}-helmchart.{{ service }}.svc.cluster.local:80”)
--webhook.awsSecretManager.sidecarImage string Specifies the sidecar docker image to use (default “docker.io/amazon/aws-secrets-manager-secret-sidecar:v0.1.4”)
--webhook.certDir string Certificate directory to use to write generated certs. Defaults to /etc/webhook/certs/ (default “/etc/webhook/certs”)
--webhook.embeddedSecretManagerConfig.awsConfig.region string AWS region
--webhook.embeddedSecretManagerConfig.fileMountInitContainer.image string Specifies init container image to use for mounting secrets as files. (default “busybox:1.28”)
--webhook.embeddedSecretManagerConfig.gcpConfig.project string GCP project to be used for secret manager
--webhook.embeddedSecretManagerConfig.type string (default “AWS”)
--webhook.gcpSecretManager.sidecarImage string Specifies the sidecar docker image to use (default “gcr.io/google.com/cloudsdktool/cloud-sdk:alpine”)
--webhook.listenPort int The port to use to listen to webhook calls. Defaults to 9443 (default 9443)
--webhook.localCert write certs locally. Defaults to false
--webhook.metrics-prefix string An optional prefix for all published metrics. (default “flyte:”)
--webhook.secretName string Secret name to write generated certs to. (default “flyte-pod-webhook”)
--webhook.serviceName string The name of the webhook service. (default “flyte-pod-webhook”)
--webhook.servicePort int32 The port on the service that hosting webhook. (default 443)
--webhook.vaultSecretManager.role string Specifies the vault role to use (default “flyte”)