Cody Scandore
04/26/2023, 10:34 PMNAME READY STATUS RESTARTS AGE
pod/flyte-backend-flyte-binary-84949bf97b-dm746 1/1 Running 0 72m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/flyte-backend-flyte-binary-grpc ClusterIP 10.100.94.188 <none> 8089/TCP 73m
service/flyte-backend-flyte-binary-http ClusterIP 10.100.61.78 <none> 8088/TCP 73m
service/flyte-backend-flyte-binary-webhook ClusterIP 10.100.80.56 <none> 443/TCP 73m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/flyte-backend-flyte-binary 1/1 1 1 72m
NAME DESIRED CURRENT READY AGE
replicaset.apps/flyte-backend-flyte-binary-84949bf97b 1 1 1 72m
I can port-forward to http and grpc independently, but my pyflyte run --remote...
call errors out with 403
.
Failed with Exception: Reason: USER:ValueError
Value error! Received: 403. Request to send data <https://indupro-flyte-metadata.s3.us-west-2.amazonaws.com/flytesnacks/><long url>... failed.
Mike Ossareh
04/26/2023, 11:38 PMaws s3 ls <s3://indupro-flyte-metadata>
from the same host you're running pyflyte on?Cody Scandore
04/27/2023, 3:40 AMKetan (kumare3)
Mike Ossareh
04/27/2023, 3:53 PMconst flyteSnacksServiceAccounts = flyteProjectDomains.map((env) => {
const namespace = new k8s.core.v1.Namespace(
`${stack}-${env}-namespace`,
{
metadata: {
name: `${env}`,
},
},
{ provider: k8sProvider }
);
// Since creating a namespace creates the service account; we're just
// patching them.
return new k8s.core.v1.ServiceAccountPatch(
`${stack}-${env}-serviceAccount`,
{
metadata: {
name: "default",
namespace: namespace.metadata.name,
annotations: {
"<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>": s3Role.arn,
},
},
},
{ provider: k8sProvider }
);
});
• for each namespace in flytesnacks-[development,staging,production]
◦ patch the default service account with the arn of the s3role
Without that we get permission failures.