• s

    Shahwar Saleem

    2 months ago
    I was wondering if Auth is required to register workflows? I have a Flyte deployment without Auth and I am trying to create a project and register a workflow without any Auth. Should I be able to do that? Right now I see this Network Error on project dashboard which makes me wonder if my deployment has an issue:
    s
    k
    5 replies
    Copy to Clipboard
  • Matheus Moreno

    Matheus Moreno

    2 months ago
    Hey, everyone. Still struggling a bit trying to deploy Flyte in our cluster. While trying to execute
    helm install
    in an isolated namespace, I got these two errors:
    Error: UPGRADE FAILED: failed to create resource: <http://customresourcedefinitions.apiextensions.k8s.io|customresourcedefinitions.apiextensions.k8s.io> is forbidden: User "..." cannot create resource "customresourcedefinitions" in API group "<http://apiextensions.k8s.io|apiextensions.k8s.io>" at the cluster scope: requires one of ["container.customResourceDefinitions.create"] permission(s).
    Error: UPGRADE FAILED: failed to create resource: <http://clusterroles.rbac.authorization.k8s.io|clusterroles.rbac.authorization.k8s.io> is forbidden: User "..." cannot create resource "clusterroles" in API group "<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>" at the cluster scope: requires one of ["container.clusterRoles.create"] permission(s).
    Ok, permission errors. The first one I was able to resolve by disabling the custom resource definition, but I'm still curious about what exactly I just disabled. I noticed that there's a resource called "FlyteWorkflow", so I thought that workflows were actually Kubernetes resources. But when I deploy an example project on the sandbox environment, there's no FlyteWorkflow resource anywhere. So why does this resource exists? Can I disable it without performance issues in our server? The other error was easier to understand, but it worries me more. I'm trying to deploy the server on a "flyte" namespace and set every project to the same "flyte-projects" namespace. Is there a way to deploy the system without creating these ClusterRoles?
  • Ketan (kumare3)

    Ketan (kumare3)

    2 months ago
    Crds are required
  • Ketan (kumare3)

    Ketan (kumare3)

    2 months ago
    That's how flyteworkflows are executed
    Ketan (kumare3)
    Matheus Moreno
    3 replies
    Copy to Clipboard
  • s

    Slackbot

    2 months ago
    This message was deleted.
  • Fredrick

    Fredrick

    2 months ago
    Hello, Is there a config to specify per project/domain secrets to be read by the tasks/workflows in that project/domain using
    flytekit.Secret
    ?
    Fredrick
    Haytham Abuelfutuh
    +3
    17 replies
    Copy to Clipboard
  • n

    Nada Saiyed

    2 months ago
    Hello, I have a flyte cluster running in eks with all
    flyte-*
    pods running in
    test-flyte
    namespace instead of default
    flyte
    namespace. I am able to create projects and register workflows, but when i try to execute the workflow from the console it goes into an
    Unknown
    state.
    n
    k
    +1
    9 replies
    Copy to Clipboard
  • k

    Katrina P

    2 months ago
    Anyone have a good way of testing the grpc end points (maybe with grpcurl) to debug networking issues? I upped the admin logging level, and hoping to see more logs to see if we're hitting admin correctly but can't tell if there's just no logs or if we're not hitting it 😅
    k
    k
    10 replies
    Copy to Clipboard
  • Anna Cunningham

    Anna Cunningham

    2 months ago
    hello! I’m planning do adjust the timeouts for nodes/workflows (https://github.com/flyteorg/flytepropeller/blob/17c53ed1b9ee85f3ed8c8b8bae1d8fa574d02920/pkg/controller/config/config.go#L92-L97) and I was wondering if the times I set will include time spent queued, or only time spent running?
    Anna Cunningham
    Dan Rammer (hamersaw)
    +1
    4 replies
    Copy to Clipboard
  • k

    Katrina P

    2 months ago
    Anyone know what the minimal s3 policy required for flyte is? security at our company is pretty tight and by default our pods are only allowed:
    "s3:DeleteObject*",
    "s3:GetObject*",
    "s3:PutObject*",
    "s3:GetBucketLocation",
    "s3:ListBucket",
    k
    Ketan (kumare3)
    6 replies
    Copy to Clipboard