Self-hosted deployment docs, auth config, and selfmanaged naming cleanup#762
Merged
Self-hosted deployment docs, auth config, and selfmanaged naming cleanup#762
Conversation
mhotan
requested review from
cosmicBboy,
kumare3,
nelsonjr and
ppiegaze
as code owners
Contributor
Author
|
/aviator merge |
jmonty42
approved these changes
Feb 24, 2026
Contributor
Author
|
/aviator merge |
mhotan
requested review from
EngHabu,
jpvotta and
samhita-alla
as code owners
Deploying docs with
|
| Latest commit: |
709994b
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://c8569032.docs-dog.pages.dev |
| Branch Preview URL: | https://mike-self-onboarding-doc-upd.docs-dog.pages.dev |
mhotan
changed the title
Contributor
Author
|
/aviator cancel |
mhotan
force-pushed
the
mike/self-onboarding-doc-updates
branch
from
77be26f to
8dd12b4
Compare
mhotan
changed the title
mhotan
force-pushed
the
mike/self-onboarding-doc-updates
branch
from
39452cf to
db06cf5
Compare
mhotan
changed the title
4 tasks
Contributor
Author
|
/aviator cancel |
Points Claude Code sessions to the canonical Notion doc for selfmanaged and selfhosted project context. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rename all data plane setup documentation files from the outdated "byok" (Bring Your Own Kubernetes) naming to "selfmanaged" to align with the Hugo variant system naming convention. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create comprehensive documentation for self-hosted (intra-cluster) deployments where both control plane and data plane run in the same Kubernetes cluster. Includes: - Overview with architecture diagram and prerequisites - Control plane guides for AWS and GCP - Data plane guides for AWS and GCP - Authentication guide documenting all 5 OAuth apps required for self-hosted deployments, with comparison to self-managed where app provisioning is automated via uctl Migrated from helm-charts SELFHOSTED_INTRA_CLUSTER docs with Hugo shortcode conversion and shared authentication section. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add link card for the self-hosted deployment guides under the selfmanaged variant, giving users a clear entry point to the intra-cluster deployment documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Points to mike/exclude-legacy-oci-redirect branch which excludes the legacy uppercase byok-data-plane-setup-on-OCI.md from the redirect check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rename selfmanaged-data-plane-setup-on-* to selfmanaged-* for cleaner URLs and reduced redundancy. Update internal cross-references in the generic and GCP guides. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…GitHub Rename example values file from selfhosted-customer to selfhosted-overrides across all selfhosted docs. Add GitHub links to repo-hosted values files (selfhosted-intracluster, registry) in prose references. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Define key deployment terminology: self-managed vs self-hosted, control plane, data plane, intra-cluster, IRSA, Workload Identity. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Self-hosted intra-cluster deployment is officially supported on AWS only. Mark GCP guides as preview with notices linking to AWS guides, and add (Preview) labels to GCP link cards on the overview page. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds comprehensive authentication documentation for the selfmanaged variant covering: - OIDC browser auth flow with sequence diagram - Okta configuration (automated via Terraform and manual) - Control plane Helm values (flyteadmin OIDC, service-to-service auth, trustedIdentityClaims, ingress auth annotations) - Secret delivery via External Secrets Operator - Dataplane auth (operator + eager mode) - SDK/CLI PKCE auth and CI/CD client credentials - Troubleshooting guide Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Abstract union_extension module specifics to generic IdP requirements. Replace Okta-specific references with provider-agnostic language. Add multiple secret delivery options (ESO + direct K8s secret). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Consolidate OAuth apps from 5 to 3 (matching actual values files) - Add complete control plane config (flyteadmin OIDC, admin SDK client, scheduler secrets, service-to-service auth, executions auth, ingress) - Add complete dataplane config (CRS, operator, propeller, secrets, executor) - Add comprehensive secret delivery table with all K8s secrets - Remove disableForGrpc configuration - Remove Okta-specific references, use generic OIDC/OAuth2 language - Fix incorrect service terminology (no "monolith" in selfhosted) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
mhotan
force-pushed
the
mike/self-onboarding-doc-updates
branch
from
2136101 to
e6cb909
Compare
Contributor
Author
|
@ppiegaze I am looking at this docs as they are rendered. I think renaming byok to selfmanaged makes sense for files. selfhosted and selfmanaged are finalized now. We are kind of forcing selfhosted awkwardly into selfmanaged here. I am not convinced it's the right long term structure. It may make sense to discuss should we consider breaking out selfhosted into it's own variant or restructure selfmanaged and selfhosted platform deployment pages? |
ctxswitch
approved these changes
Mar 3, 2026
3 tasks
* Add namespace mapping configuration docs Documents the namespace_mapping Helm value for customizing how project-domain pairs map to Kubernetes namespaces. Covers dataplane configuration, self-hosted control plane requirements (V1 only), template syntax, and the cascade to downstream services. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix namespace mapping docs: correct nesting, V1-only CP config - Fix double nesting: namespace_config.namespace_config → namespace_config - Clarify V2 does not need CP namespace_mapping (resolves on DP) - Add note that V2 namespace resolution happens on data plane Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Collaborator
|
@mhotan I think that making self-hosted a separate variant is the correct thing to do given our current set up. Hwoever, I am not sure that we want to publically publish docs that talk about self-hosted yet. I'll talk to Votta. I will take a look at how this PR mixes self-hosted and self-managed. |
# Conflicts: # unionai-docs-infra
Replace absolute https://www.union.ai/docs URL with relative link to fix Cloudflare build pre-check failure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
4 tasks
# Conflicts: # unionai-docs-infra
Collaborator
|
@mhotan Would it make sense to separate out the self-hosted parts ofthis PR into separate PR? Then I could merge the other parts and leave the self-hosted for when we actually publically release that as a deployment option for the product. I can do this and then you can just review. WDYT? |
Resolve submodule conflict by taking main's infra pointer. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- unionai-docs-infra: 6673d5e (pydantic models: show actual fields) - unionai-examples: 12005fd (update-jsonl with missing fragments) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Self-hosted deployment guides, glossary, and link card moved to peeter/selfhosted-docs branch to hold for product announcement. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Moved to peeter/selfhosted-docs branch with selfhosted variant tag. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Points to unionai-docs-infra#43 (2f329df). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 task
Points to unionai-docs-infra#44. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
byok-data-plane-setup-on-*files toselfmanaged-*with shorter, cleaner URLs (e.g.selfmanaged-awsinstead ofselfmanaged-data-plane-setup-on-aws)content/deployment/selfhosted-deployment/section with control plane, data plane, and authentication guides for deploying both planes in the same Kubernetes clusterNew pages
content/deployment/selfhosted-deployment/_index.md— Overview with architecture diagramcontent/deployment/selfhosted-deployment/control-plane-aws.md— AWS control plane deploymentcontent/deployment/selfhosted-deployment/control-plane-gcp.md— GCP control plane deployment (Preview)content/deployment/selfhosted-deployment/data-plane-aws.md— AWS data plane deploymentcontent/deployment/selfhosted-deployment/data-plane-gcp.md— GCP data plane deployment (Preview)content/deployment/selfhosted-deployment/authentication.md— OIDC auth with all 5 OAuth appscontent/deployment/configuration/authentication.md— OIDC auth configuration (Okta, Helm values, troubleshooting)content/deployment/glossary.md— Deployment terminologyRenamed pages
byok-data-plane-setup-on-aws/→selfmanaged-aws/byok-data-plane-setup-on-azure.md→selfmanaged-azure.mdbyok-data-plane-setup-on-gcp.md→selfmanaged-gcp.mdbyok-data-plane-setup-on-generic.md→selfmanaged-generic.mdbyok-data-plane-setup-on-oci.md→selfmanaged-oci.mdTest plan
make devrenders selfmanaged variant correctly/deployment/configuration/authentication/🤖 Generated with Claude Code