Hi team, I need to set some env variables (e.g. PATH/PYTHONPATH/LD_LIBRARY_PATH) in an image, but I cannot do so when building the docker image since their values are dynamically determined when building the image, and docker does not allow that. How can I source those env variables on a worker pod before

pyflyte-fast-execute

gets invoked? Or is there any other recommended way of doing this?

Hi! How can I configure a default service account for tasks? So that users don't have to set them when executing tasks/workflows.

Hey Flyte team, we (at Woven Planet) are hoping to start making good use of Flyte map tasks. I went through the Flyte OSS roadmap issues and saw that a lot of recent work has been done to get them up to speed (such as https://github.com/flyteorg/flyte/issues/1838 to propagate the status of subtasks). However, I can see on the latest

flyteconsole:v0.41.0

that in the console, there are no log links to subtasks or any UI to show the status of subtasks. Can I ask how soon you plan to land these features in flyteconsole and if there are GitHub issues or PRs that I can follow / contribute to?

Hi all. I'm trying to run a demo.py on a remote Flyte installed in Kubernetes, but I'm encountering an error: "Failed to get signed url for script_mode.tar.gz, reason: SYSTEMUnknown error=None, cause=<_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAVAILABLE details = "failed to connect to all addresses; last error: UNAVAILABLE: ipv4ip adress443: End of TCP stream" debug_error_string = "UNKNOWN:Error received from peer {grpc_message:"failed to connect to all addresses; last error: UNAVAILABLE: ipv4ip adress443: End of TCP stream", grpc_status:14, created_time:"2024-03-18T13175 9.9860503+00:00"}" I run the command: pyflyte run --remote demo.py wf Config for flytectl: admin: endpoint: dns:///my-dns authType: Pkce insecure: true logger: show-source: true level: 0 What could be the problem?

Hi, I am seeing this error when trying to register my workflow -

Failed with Unknown Exception <class 'AssertionError'> Reason: Cannot pass output from task n3 that produces no outputs to a downstream task

How do I find more information about this. Which task is this referring to?

Hello, I need to send slack notification upon workflow failure, aborted, etc. by the Flyte framework. The notifications provided by https://docs.flyte.org/projects/cookbook/en/latest/auto/deployment/lp_notifications.html#sphx-glr-auto-deployment-lp-notifications-py would have worked for me. I need to have a Slack email ID generated through Slack email integration. However, our company policy doesn’t allow Slack email integration. The allowed slack notification is through Incoming webhook. It provides me with a webhook URL. Does anyone know if Flyte can use webhook URL to automatically send a slack notification when the flyte workflow / task failed or aborted?

Question regarding the `limit-namespace` option for propeller: I've tried to reverse engineer the semantics from the code, but I've wanted to verify. Is it possible to pass a list of allowed namespaces here, or is it limited to just

all

or a single namespace? Based on how the information is used in `controller.go` , line 516, I fear that only a single namespace is allowed, right? If so, would you consider using something like xns-informer (Github) to allow a list instead? My use case: I'm trying to deploy multiple instances of the Flyte control plane in a single cluster for review during CI runs of a deployment configuration. Having multiple propellers configured with

limit-namespace=all

causes a race condition between them. Limiting each propeller instance to a single workflow namespace is too narrow OTOH, since in my understanding it precludes the use of k8s namespaces to separate Flyte projects (please correct me if I'm wrong here). Thanks for your help! 🙏

Hi! I have a single cluster deployment of Flyte. For authorization I am trying to setup OpenID with Azure AD. I have followed Authenticating in Flyte - Flyte, and the relevant part of my configuration currently looks like this:

server: 
      security:
        secure: false
        useAuth: true
auth:
      authorizedUris:
        - https://<my public domain>
        - <http://flyteadmin:80>
        - <http://flyteadmin.mlops-services.svc.cluster.local:80>
      userAuth:
        redirectUrl: https://<my app url>/callback # Also added to redirect URI:s in Azure portal
        openId:
          baseUrl: <https://login.microsoftonline.com/><my tenant>/v2.0
          scopes:
            - email
            - openid
          clientId: <My client id from Azure portal>

I have the client secret in flyte-admin-secrets:

data:
    oidc_client_secret: <base64 encoded client_secret from Azure portal>

Ingress rule looks like this:

- backend:
    service:
      name: flyteadmin
      port:
        number: 80
    path: /callback
    pathType: ImplementationSpecific
- backend:
    service:
      name: flyteadmin
      port: 
        number: 80
    path: /callback/*
    pathType: ImplementationSpecific

Trying to access the public domain, the response is:

Access to <my domain> was denied
You don't have the user rights to view this page
HTTP error 403

Looking at the logs from flyte admin it seems to be failing during the callback:

{"json":{},"level":"error","msg":"Failed to retrieve tokens from request, redirecting to login handler. Error: [EMPTY_OAUTH_TOKEN] Failure to retrieve cookie [flyte_idt], caused by: http: named cookie not present","ts":"2023-02-17T13:04:21Z"}

{"json":{},"level":"error","msg":"Error generating encrypted accesstoken cookie [SECURE_COOKIE_ERROR] Error creating secure cookie, caused by: securecookie: the value is too long","ts":"2023-02-17T13:04:22Z"}

{"json":{},"level":"error","msg":"Error setting encrypted JWT cookie [SECURE_COOKIE_ERROR] Error creating secure cookie, caused by: securecookie: the value is too long","ts":"2023-02-17T13:04:22Z"}

It seems the generated cookie only is of length ~1400 I have tried different changes in the flyteadmin configmap, with the same result. Any advice on how to continue here?

Hey guys, Trying to set up auth with the flyte-binary and having some issues with the secrets. What I have so far in my values:

auth:
    enabled: true
    oidc:
      baseUrl: "<azureAD oidc application>"
      clientId: "<oidc id>"
      clientSecret: <base64 encoded oicd secret>
    internal:
      clientSecret: <base64 encoded secret>
      clientSecretHash: "<bcrypt hash of above>"

I guess that may not be terribly informative? Point being, I'm quite confident that the

oidc.baseUrl

and

oidc.clientID

are correct. However, when I install the chart, the

gen-admin-auth-secret

container errors out with:

* error decoding 'appAuth.selfAuthServer.staticClients[flytepropeller].client_secret': illegal base64 data at input byte 0

Couple of questions: • Which client secret is this? • I've tried base64 encoding locally with python and here • Is it possible to store these values in a k8s secret? • Is this really all the auth setup needed? I'm migrating from a pre-binary setup to the binary and there's a lot of complexity in the former chart which is not present in the latter Any pointers would be much appreciated ☺️

Is this line in the docs correct? https://docs.flyte.org/en/latest/deployment/cluster_config/general.html

In the absence of an override, the global default values in the FlyteAdmin config are used.

https://github.com/flyteorg/flyte/blob/1e3d515550cb338c2edb3919d79c6fa1f0da5a19/charts/flyte-core/values.yaml#L35,L43 this looked like the resource requests/limits for the flyteadmin pods themselves, is flyte actually using those as the defaults for tasks? I just tried updating

task_resource_defaults

in the helm chart w/ new limits and I didn't see the change reflected in the configmap after applying the changes to the cluster