Inject INTERNAL_APP_ENDPOINT_PATTERN into KService pods for in-cluster app discovery

[AdilFayyaz]

Why are the changes needed?

When multiple Flyte apps run in the same cluster (e.g. a Gradio app calling a vLLM model-serving app), apps need to call each other via the internal Kubernetes service URL (*.flyte.svc.cluster.local). Previouly the INTERNAL_APP_ENDPOINT_PATTERN env var — which the Flyte SDK's AppEndpoint uses to resolve internal URLs — was never injected into KService pods. This meant AppEndpoint(app_name="...") had no pattern to resolve against, and developers had to manually construct and hardcode the full internal cluster URL.

What changes were proposed in this pull request?

• Inject INTERNAL_APP_ENDPOINT_PATTERN into every KService container at deploy time in buildKService. The value is a URL template with an {app_fqdn} placeholder that the SDK substitutes at runtime with the target app's name:

http://{app_fqdn}-{project}-{domain}.flyte.svc.cluster.local

• The project and domain are baked in as a suffix to match Flyte's KService naming convention ({name}-{project}-{domain}). When the SDK resolves AppEndpoint(app_name="gemma4-26b") in project flytesnacks / domain development, it produces:

http://gemma4-26b-flytesnacks-development.flyte.svc.cluster.local

• No auth is required on this path (bypasses ingress), and traffic stays in-cluster

Code Changes

• app/config/config.go — adds NamespacedNamePrefixTemplate field to InternalAppConfig
• app/internal/k8s/app_client.go — injects INTERNAL_APP_ENDPOINT_PATTERN in buildKService

How was this patch tested?

Verified using the app_calling_app SDK example (examples/apps/app_calling_app/app.py). After this change, hitting app2-calls-app1.../greeting/world correctly proxies through to app1 via the internal cluster URL

This is important to improve the readability of release notes.

Setup process

Screenshots

Check all the applicable boxes

• I updated the documentation accordingly.
• All new and existing tests passed.
• All commits are signed-off.

Related PRs

Stack

If you do use git town to manage PR Stacks, the stack relevant to this PR
will show below. Otherwise, you can ignore this section.

Docs link

[Copilot]

Pull request overview

This PR aims to enable in-cluster Flyte app-to-app discovery by injecting an INTERNAL_APP_ENDPOINT_PATTERN environment variable into Knative Service (KService) pods at deploy time, so SDK code can resolve internal service URLs without hardcoding full cluster DNS names.

Changes:

• Inject INTERNAL_APP_ENDPOINT_PATTERN into the first container of each deployed KService pod.
• Add NamespacedNamePrefixTemplate to InternalAppConfig (intended to support templated internal endpoint patterns).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
app/internal/k8s/app_client.go	Injects INTERNAL_APP_ENDPOINT_PATTERN into KService pod env during manifest construction.
app/config/config.go	Adds a new InternalAppConfig field intended for templating the internal endpoint pattern.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The generated INTERNAL_APP_ENDPOINT_PATTERN does not match the actual KService naming logic for apps with mixed-case or long names. KServiceName() lowercases the full name and, when >63 chars, truncates and appends a SHA256 suffix; this pattern assumes the service name is always "{app_fqdn}-{project}-{domain}". For long app names, AppEndpoint resolution will produce a hostname that can never exist. Consider aligning the pattern/placeholder with KServiceName() semantics (e.g., have the SDK compute the KServiceName and substitute that), or enforce/reject names that would trigger hashing so the pattern remains valid.

[Copilot]

This unconditionally appends INTERNAL_APP_ENDPOINT_PATTERN to container env. If users previously worked around this by setting the same env var in their app spec (or via DefaultEnvVars), the resulting duplicate env var name will cause KService validation to fail. Suggest checking for an existing env var with this name and updating/overwriting it (or skipping injection if already set) instead of always appending a new entry.

[Copilot]

There are existing unit tests in this package covering Deploy/Stop/KServiceName, but no test asserting INTERNAL_APP_ENDPOINT_PATTERN injection/value. Add a test that deploys an app and verifies the env var is present and matches the expected in-cluster URL template (and ideally cover the long-name hashing edge case if that behavior is supported).

[Copilot]

NamespacedNamePrefixTemplate is introduced with comments implying it is used to generate INTERNAL_APP_ENDPOINT_PATTERN, but there is no code path that reads this field. This makes the config misleading and risks bitrot. Either wire it into buildKService (and document the actual templating implementation), or remove/adjust the field and comment until it's supported.

Suggested change

	// NamespacedNamePrefixTemplate is the template for generating the INTERNAL_APP_ENDPOINT_PATTERN env var.
	// Supported variables: {{ project }}, {{ domain }}, {{ org }}.
	// Example: "{{ project }}-{{ domain }}-"
	NamespacedNamePrefixTemplate string `json:"namespacedNamePrefixTemplate" pflag:",Template for internal app endpoint pattern (e.g., {{ project }}-{{ domain }}-)"`

[pingsutw]

It's for dev mode (running manager locally) right? Could we add a default here https://github.com/flyteorg/flyte/pull/7323/files#diff-2a2301646ea40f7638775b9a0cfbd0cb8c9f081b5f8732a73f44767aeae95e9dL23-L26

[AdilFayyaz]

this isnt only for the dev mode, it should work in both

[pingsutw]

Got it. Is it supposed to be used in app_client.go? I didn’t see any files using it