I'm following the single cluster deployment accord...
# flyte-deploymentc
Cody Scandore
04/25/2023, 3:42 PMI'm following the single cluster deployment according to this link. Cloud is AWS, db is RDS, and I'm using eks managed nodes (amazon AMI). My pod almost immediately enters crashloopbackoff. I have confirmed node <> database connectivity by ssh'ing into the node and querying the RDS database. One area of suspicion is the
serviceAccountcreate: false Copy code
serviceAccount:
create: false
annotations:
<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: "arn:aws:iam::<id-redacted>:role/eksctl-flyte-cluster-cluster-ServiceRole"Cody Scandore
04/25/2023, 4:00 PM Copy code
2023/04/25 15:57:49 /go/pkg/mod/gorm.io/gorm@v1.24.1-0.20221019064659-5dd2bb482755/callbacks.go:134
[3.789ms] [rows:0] CREATE INDEX IF NOT EXISTS "artifacts_dataset_uuid_idx" ON "artifacts" ("dataset_uuid")
{"json":{"src":"start.go:169"},"level":"panic","msg":"Failed to start Propeller, err: failed to create FlyteWorkflow CRD: <http://customresourcedefinitions.apiextensions.k8s.io|customresourcedefinitions.apiextensions.k8s.io> is forbidden: User \"system:serviceaccount:flyte:default\" cannot create resource \"customresourcedefinitions\" in API group \"<http://apiextensions.k8s.io|apiextensions.k8s.io>\" at the cluster scope","ts":"2023-04-25T15:57:54Z"}
panic: (*logrus.Entry) 0xc0008ec540
goroutine 53 [running]:
<http://github.com/sirupsen/logrus.(*Entry).log(0xc0008ec4d0|github.com/sirupsen/logrus.(*Entry).log(0xc0008ec4d0>, 0x0, {0xc010f68d80, 0x117})
/go/pkg/mod/github.com/sirupsen/logrus@v1.8.1/entry.go:259 +0x45b
<http://github.com/sirupsen/logrus.(*Entry).Log(0xc0008ec4d0|github.com/sirupsen/logrus.(*Entry).Log(0xc0008ec4d0>, 0x0, {0xc00121be68?, 0x1?, 0x1?})
/go/pkg/mod/github.com/sirupsen/logrus@v1.8.1/entry.go:293 +0x4f
<http://github.com/sirupsen/logrus.(*Entry).Logf(0xc0008ec4d0|github.com/sirupsen/logrus.(*Entry).Logf(0xc0008ec4d0>, 0x0, {0x305c298?, 0x0?}, {0xc0084d87a0?, 0x0?, 0x0?})
/go/pkg/mod/github.com/sirupsen/logrus@v1.8.1/entry.go:338 +0x85
<http://github.com/sirupsen/logrus.(*Entry).Panicf(0x3e83040|github.com/sirupsen/logrus.(*Entry).Panicf(0x3e83040>?, {0x305c298?, 0x416667?}, {0xc0084d87a0?, 0x29975a0?, 0x1?})
/go/pkg/mod/github.com/sirupsen/logrus@v1.8.1/entry.go:376 +0x34
<http://github.com/flyteorg/flytestdlib/logger.Panicf({0x3e83040|github.com/flyteorg/flytestdlib/logger.Panicf({0x3e83040>?, 0xc000943080?}, {0x305c298, 0x22}, {0xc0084d87a0, 0x1, 0x1})
/go/pkg/mod/github.com/flyteorg/flytestdlib@v1.0.16/logger/logger.go:188 +0x64
<http://github.com/flyteorg/flyte/cmd/single.glob..func4.2()|github.com/flyteorg/flyte/cmd/single.glob..func4.2()>
/flyteorg/build/cmd/single/start.go:169 +0xbe
<http://golang.org/x/sync/errgroup.(*Group).Go.func1()|golang.org/x/sync/errgroup.(*Group).Go.func1()>
/go/pkg/mod/golang.org/x/sync@v0.0.0-20220722155255-886fb9371eb4/errgroup/errgroup.go:75 +0x64
created by <http://golang.org/x/sync/errgroup.(*Group).Go|golang.org/x/sync/errgroup.(*Group).Go>
/go/pkg/mod/golang.org/x/sync@v0.0.0-20220722155255-886fb9371eb4/errgroup/errgroup.go:72 +0xa5m
Mike Ossareh
04/25/2023, 4:44 PM@Cody Scandore the
eksctl-flyte-cluster-cluster-ServiceRolecreate: falseMike Ossareh
04/25/2023, 4:47 PMhttps://github.com/flyteorg/flyte/blob/master/charts/flyte-binary/templates/clusterrolebinding.yaml <- this binding is what allows the flyte service account to act with these permissions: https://github.com/flyteorg/flyte/blob/master/charts/flyte-binary/templates/clusterrole.yaml
Mike Ossareh
04/25/2023, 4:52 PMthe ClusterRole is created though, so in theory you could provide your default service account permissions to that role.
In general, however,
defaultc
Cody Scandore
04/25/2023, 5:01 PMThanks Mike, this is really helpful
m
Mike Ossareh
04/25/2023, 5:04 PMOh, also, it wasn't clear above. If you do continue to use the
defaultc
Cody Scandore
04/25/2023, 5:05 PMI opted to use the
create: true196 Views