Hello, How to configure S3 and Postgres from Environment variables in Kubernetes cluster?

Are you trying to deploy Flyte on EKS?

Yes Samhita

Have you looked at https://github.com/flyteorg/flyte/blob/master/charts/flyte-binary/eks-starter.yaml file?

@Abhinay Dronavally there's also a community-maintained guide for the process: https://github.com/davidmirror-ops/flyte-the-hard-way/

@David Espejo (he/him) - was following the same.

Are you still seeing issues, Abhinay?

Yes @Samhita Alla. We are unable to bring up cluster yet. We are seeing this issue now.

{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-05-17T10:14:52Z"}

{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-05-17T10:14:55Z"}

{"json":{},"level":"warning","msg":"Failed to create cluster resources for namespace [flytesnacks-development] with err: Failed to read config template dir [flytesnacks-development] for namespace [] with err: open : no such file or directory","ts":"2023-05-17T10:14:55Z"}
{"json":{},"level":"warning","msg":"Failed to create cluster resources for namespace [flytesnacks-staging] with err: Failed to read config template dir [flytesnacks-staging] for namespace [] with err: open : no such file or directory","ts":"2023-05-17T10:14:55Z"}
{"json":{},"level":"warning","msg":"Failed to create cluster resources for namespace [flytesnacks-production] with err: Failed to read config template dir [flytesnacks-production] for namespace [] with err: open : no such file or directory","ts":"2023-05-17T10:14:55Z"}
{"json":{},"level":"warning","msg":"Failed cluster resource creation loop with: Failed to read config template dir [flytesnacks-development] for namespace [] with err: open : no such file or directory, Failed to read config template dir [flytesnacks-staging] for namespace [] with err: open : no such file or directory, Failed to read config template dir [flytesnacks-production] for namespace [] with err: open : no such file or directory","ts":"2023-05-17T10:14:55Z"}

{"json":{},"level":"error","msg":"Failed to initialize certificates for Secrets Webhook. client rate limiter Wait returned an error: context canceled","ts":"2023-05-17T10:14:57Z"}
{"json":{},"level":"panic","msg":"Failed to start Propeller, err: failed to create FlyteWorkflow CRD: <http://customresourcedefinitions.apiextensions.k8s.io|customresourcedefinitions.apiextensions.k8s.io> is forbidden: User \"system:serviceaccount:<workspace_name>:flyte\" cannot create resource \"customresourcedefinitions\" in API group \"<http://apiextensions.k8s.io|apiextensions.k8s.io>\" at the cluster scope","ts":"2023-05-17T10:14:57Z"}

Are you following the guide that @David Espejo (he/him) shared?

Yeah.

https://github.com/davidmirror-ops/flyte-the-hard-way/blob/main/docs/05-deploy-with-helm.md is working for you or not working for you?

We tried this, this worked. But we want to simplify this even further with env variables injection.

It's for the flyte components. https://github.com/davidmirror-ops/flyte-the-hard-way/blob/7a1c5be3522272f0f0c83fda258f33b5a7f2f9b0/docs/03-roles-service-accounts.md

Is there a way to configure flyte without giving role ARN, by giving access to EKS host and port?

Is there a way to configure flyte without giving role ARN, by giving access to EKS host and port?

@Abhinay Dronavally IAM Roles for Service Accounts is the recommended approach, and as far as I can tell the chart itself is designed to accept a Service Account annotated with an IAM role. What's your use case here?

We are running light weight data processing pipeline. We already have EKS with decent capacity. So, we are checking if there is a way to ignore ARN as we already provide Kubernetes config.

Typically Flyte is deployed on a dedicated EKS cluster, and an IAM role can be used by multiple EKS clusters

Okay.

Absolutely!

No, I mean multiple nodes in a single EKS cluster.

yes, it's totally fine. The example guide uses two compute (worker) nodes in a cluster

Can you share a holy bible of flight which I can follow for config management?

Can you share a holy bible of flight which I can follow for config management?

Sure but, in this context, what do you mean by

configuration management

?

AWS S3 bucket specific access, and RDS configuration etc.

Also, is there a way to inject env variables for AWS S3 and Postgres like the way we do for Kubernetes config?

All the env vars that I see accepted by the chart are in

values

or under

extraEnvVars

(again in

values

) There is a way to inject env vars but at the task level (using Pod Templates), not that I know for the backend

I am looking to run Flyte on a single binary setup, with postgres and S3 credentials injected in env variables.

oh credentials

Okay, thank you @David Espejo (he/him).