feat: path based ingress routing for Flyte apps via Traefik + Knative

[AdilFayyaz]

Why are the changes needed?

• Deploys each Flyte app with a deterministic public URL at http://localhost:30080/// by
  creating Traefik IngressRoute + Middleware CRDs alongside each KService
• Adds InternalAppService to the unified manager binary, wiring the data plane app service into the existing HTTP
  mux
• Injects cluster-internal env vars (minio endpoint, Flyte manager endpoint) into every KService pod so fserve can
  download code bundles and connect back to the manager
• Fixes sandbox-run to correctly forward FLYTE_DEV to the sub-make

What changes were proposed in this pull request?

App service wiring (app/, manager/)

• app/config/config.go: Add InternalAppConfig (consolidated from app/internal/config) with ingress and default env
  var fields
• app/internal/config/config.go: Thin type alias to the public config to avoid circular imports
• app/setup.go: Add SetupInternal entry point for registering InternalAppService on the mux
• manager/config/config.go: Add Apps and InternalApps fields to manager Config
• manager/cmd/main.go: Register Knative scheme, wire up SetupInternal + Setup in the right order (internal before
  external so the proxy can reach /internal/...)

Ingress routing (app/internal/k8s/app_client.go)

• deployIngress: creates three Traefik resources per app using unstructured.Unstructured (no Traefik Go dependency):
  strip- Middleware (strip path prefix), host- Middleware (rewrite Host header to Knative hostname so
  Kourier routes correctly), app- IngressRoute
• deleteIngress: cleans up all three resources on app deletion
• publicIngress: returns path-based URL when ingress is enabled, falls back to Knative host-based URL
• buildPodSpec: adds Command, port mapping, resource requirements; injects DefaultEnvVars before user env vars
• kserviceToStatus: derives public URL from the app ID annotation rather than ksvc.Status.URL so the URL is
  consistent before Knative route readiness

Public URL (app/internal/service/internal_app_service.go)

• publicIngress: returns {IngressBaseURL}/{project}/{domain}/{app} when IngressEnabled, falling back to Knative host
  pattern with configurable scheme

Sandbox (charts/, docker/sandbox-bundled/, Makefile)

• charts/flyte-sandbox/templates/proxy/traefik-config.yaml: Add allowExternalNameServices: true — required because
  Knative creates ExternalName K8s services pointing to Kourier, which Traefik blocks by default
• charts/flyte-sandbox/values.yaml: Add manager.internalApps inline config including defaultEnvVars (minio endpoint + _U_EP_OVERRIDE) so KService pods can reach minio and the Flyte manager
• docker/sandbox-bundled/Makefile: Add setup-knative target (installs Knative Serving + Kourier, configures domain
  template and domain)
• Makefile: sandbox-run now forwards FLYTE_DEV and calls setup-knative

Runtime (flytestdlib/app/app.go)

• Add requestGzipDecompressMiddleware: pre-decompresses Content-Encoding: gzip request bodies before the connect-rpc handler sees them, fixing a chunked-transfer + gzip interaction with the Python SDK

How was this patch tested?

1. make sandbox-run FLYTE_DEV=True — started the sandbox with Knative installed
2. make -C manager run — ran the manager locally (dev mode)
3. uv run python examples/apps/basic_app.py — deployed the streamlit-hello-v2 app via the SDK
4. curl -sI http://localhost:30080/flytesnacks/development/streamlit-hello-v2 — confirmed HTTP/1.1 200 OK
5. Tested via browser as well

Setup process

Screenshots

Check all the applicable boxes

• I updated the documentation accordingly.
• All new and existing tests passed.
• All commits are signed-off.

Related PRs

Docs link

• main
  • Flyte 2 WIP #6583
    • feat: add AppK8sClient for KService lifecycle management #7166
      • feat: implement InternalAppService for Knative app lifecycle #7175
        • feat: implement AppService control plane proxy with TTL cache #7176
          • feat: resilient Watch RPC with reconnect and resourceVersion tracking #7188
            • feat: path based ingress routing for Flyte apps via Traefik + Knative 👈