Hello, How to configure S3 and Postgres from Envir...
# ask-the-community
a
Hello, How to configure S3 and Postgres from Environment variables in Kubernetes cluster?
s
Are you trying to deploy Flyte on EKS?
a
Yes Samhita
I am trying to run flyte in single binary mode on Kubernetes with Postgres and AWS S3 config. Is there any sample config available to test it?
Is there a way to run it on a ec2 instance instead of container?
s
d
@Abhinay Dronavally there's also a community-maintained guide for the process: https://github.com/davidmirror-ops/flyte-the-hard-way/
a
@David Espejo (he/him) - was following the same.
@Samhita Alla - I have tried the link you have shared, I see no error and container is crashing.
s
Are you still seeing issues, Abhinay?
a
Yes @Samhita Alla. We are unable to bring up cluster yet. We are seeing this issue now.
Copy code
{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-05-17T10:14:52Z"}

{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-05-17T10:14:55Z"}

{"json":{},"level":"warning","msg":"Failed to create cluster resources for namespace [flytesnacks-development] with err: Failed to read config template dir [flytesnacks-development] for namespace [] with err: open : no such file or directory","ts":"2023-05-17T10:14:55Z"}
{"json":{},"level":"warning","msg":"Failed to create cluster resources for namespace [flytesnacks-staging] with err: Failed to read config template dir [flytesnacks-staging] for namespace [] with err: open : no such file or directory","ts":"2023-05-17T10:14:55Z"}
{"json":{},"level":"warning","msg":"Failed to create cluster resources for namespace [flytesnacks-production] with err: Failed to read config template dir [flytesnacks-production] for namespace [] with err: open : no such file or directory","ts":"2023-05-17T10:14:55Z"}
{"json":{},"level":"warning","msg":"Failed cluster resource creation loop with: Failed to read config template dir [flytesnacks-development] for namespace [] with err: open : no such file or directory, Failed to read config template dir [flytesnacks-staging] for namespace [] with err: open : no such file or directory, Failed to read config template dir [flytesnacks-production] for namespace [] with err: open : no such file or directory","ts":"2023-05-17T10:14:55Z"}

{"json":{},"level":"error","msg":"Failed to initialize certificates for Secrets Webhook. client rate limiter Wait returned an error: context canceled","ts":"2023-05-17T10:14:57Z"}
{"json":{},"level":"panic","msg":"Failed to start Propeller, err: failed to create FlyteWorkflow CRD: <http://customresourcedefinitions.apiextensions.k8s.io|customresourcedefinitions.apiextensions.k8s.io> is forbidden: User \"system:serviceaccount:<workspace_name>:flyte\" cannot create resource \"customresourcedefinitions\" in API group \"<http://apiextensions.k8s.io|apiextensions.k8s.io>\" at the cluster scope","ts":"2023-05-17T10:14:57Z"}
s
Are you following the guide that @David Espejo (he/him) shared?
a
Yeah.
Helm is working, but single binary seems not to be working.
Can you share environment variables or config file with dummy values to connect to aws s3 and aws rds postgres instance.
s
a
We tried this, this worked. But we want to simplify this even further with env variables injection.
Also, what is the significance of
Copy code
annotations:
    <http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: "arn:aws:iam::<aws-account-id>:role/flyte-system-role"
We tried this, this worked. But we want to simplify this even further with env variables injection.
@David Espejo (he/him), do you know how to do this?
a
Is there a way to configure flyte without giving role ARN, by giving access to EKS host and port?
d
Is there a way to configure flyte without giving role ARN, by giving access to EKS host and port?
@Abhinay Dronavally IAM Roles for Service Accounts is the recommended approach, and as far as I can tell the chart itself is designed to accept a Service Account annotated with an IAM role. What's your use case here?
a
We are running light weight data processing pipeline. We already have EKS with decent capacity. So, we are checking if there is a way to ignore ARN as we already provide Kubernetes config.
d
Typically Flyte is deployed on a dedicated EKS cluster, and an IAM role can be used by multiple EKS clusters
a
Okay.
In a single EKS cluster setups, is that optional?
d
Absolutely!
You mean, single worker node?
a
No, I mean multiple nodes in a single EKS cluster.
d
yes, it's totally fine. The example guide uses two compute (worker) nodes in a cluster
a
Can you share a holy bible of flight which I can follow for config management?
Also, is there a way to inject env variables for AWS S3 and Postgres like the way we do for Kubernetes config?
d
Can you share a holy bible of flight which I can follow for config management?
Sure but, in this context, what do you mean by
configuration management
?
a
AWS S3 bucket specific access, and RDS configuration etc.
d
Also, is there a way to inject env variables for AWS S3 and Postgres like the way we do for Kubernetes config?
All the env vars that I see accepted by the chart are in
values
or under
extraEnvVars
(again in
values
) There is a way to inject env vars but at the task level (using Pod Templates), not that I know for the backend
a
I am looking to run Flyte on a single binary setup, with postgres and S3 credentials injected in env variables.
Thank you for podtemplate link @David Espejo (he/him)
I am looking to run Flyte on a single binary setup, with postgres and S3 credentials injected in env variables. - Is there a way to do this?
d
oh credentials
you could put them ina K8s secret and mount the secret
inject credentials via env vars is not recommended in general
see here how a Flyte user uses the ExternalSecrets operator to store and inject credentials: https://github.com/alexifm/flyte-eks-deployment
a
Okay, thank you @David Espejo (he/him).
223 Views