Channels
#flyte-deployment
Title
# flyte-deployment
c
Cody Scandore
06/01/2023, 11:27 PMHello all, I've deployed a flyte cluster in AWS EKS following the current documentation with some help from David's "Flyte the hard way.." guide. The cluster is behind an AWS load balancer and secure domain, i.e., available at
<https://xxxx-apps.com/console>k
Ketan (kumare3)
06/02/2023, 12:12 AM
the azure ad guide was added by @Byron Hsu
b
Byron Hsu
06/02/2023, 12:12 AMhi what issue you met?
hmm i am not sure
clientSecretLocationclientIDc
Cody Scandore
06/02/2023, 4:36 PMThanks @Byron Hsu, I think my issues may be more fundamental. My deployment has the following ns
Copy code
NAME STATUS AGE
default Active 38d
flyte Active 38d
flytesnacks-development Active 36d
flytesnacks-production Active 36d
flytesnacks-staging Active 36d
kube-node-lease Active 38d
kube-public Active 38d
kube-system Active 38d Copy code
NAME READY STATUS RESTARTS AGE
pod/flyte-backend-flyte-binary-5f5465b4f7-7hmt7 1/1 Running 0 22d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/flyte-backend-flyte-binary-grpc ClusterIP 10.100.27.200 <none> 8089/TCP 22d
service/flyte-backend-flyte-binary-http ClusterIP 10.100.55.136 <none> 8088/TCP 22d
service/flyte-backend-flyte-binary-webhook ClusterIP 10.100.41.202 <none> 443/TCP 22d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/flyte-backend-flyte-binary 1/1 1 1 22d
NAME DESIRED CURRENT READY AGE
replicaset.apps/flyte-backend-flyte-binary-5f5465b4f7 1 1 1 22d Copy code
NAME DATA AGE
flyte-backend-flyte-binary-cluster-resource-templates 1 22d
flyte-backend-flyte-binary-config 5 22d
kube-root-ca.crt 1 38d
propeller-leader 0 37dflyte-admin-base-config Copy code
kubectl edit configmap -n flyte flyte-admin-base-configd
David Espejo (he/him)
06/02/2023, 5:15 PM@Cody Scandore yeah, we plan to extend the docs because what's written there assumes you're using the
flyte-coreflyte-binaryflyte-backend-flyte-binary-configkubectl describe cm flyte-backend-flyte-binary-config -n flytec
Cody Scandore
06/02/2023, 5:41 PM Copy code
Name: flyte-backend-flyte-binary-config
Namespace: flyte
Labels: <http://app.kubernetes.io/instance=flyte-backend|app.kubernetes.io/instance=flyte-backend>
<http://app.kubernetes.io/managed-by=Helm|app.kubernetes.io/managed-by=Helm>
<http://app.kubernetes.io/name=flyte-binary|app.kubernetes.io/name=flyte-binary>
<http://app.kubernetes.io/version=1.16.0|app.kubernetes.io/version=1.16.0>
<http://helm.sh/chart=flyte-binary-v1.5.0|helm.sh/chart=flyte-binary-v1.5.0>
Annotations: <http://meta.helm.sh/release-name|meta.helm.sh/release-name>: flyte-backend
<http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>: flyte
Data
====
000-core.yaml:
----
admin:
endpoint: localhost:8089
insecure: true
catalog-cache:
endpoint: localhost:8081
insecure: true
type: datacatalog
cluster_resources:
standaloneDeployment: false
templatePath: /etc/flyte/cluster-resource-templates
logger:
show-source: true
level: 5
propeller:
create-flyteworkflow-crd: true
webhook:
certDir: /var/run/flyte/certs
localCert: true
secretName: flyte-backend-flyte-binary-webhook-secret
serviceName: flyte-backend-flyte-binary-webhook
servicePort: 443
001-plugins.yaml:
----
tasks:
task-plugins:
enabled-plugins:
- container
- sidecar
- K8S-ARRAY
default-for-task-types:
- container: container
- container_array: K8S-ARRAY
plugins:
logs:
kubernetes-enabled: false
cloudwatch-enabled: false
stackdriver-enabled: false
k8s:
co-pilot:
image: "<http://cr.flyte.org/flyteorg/flytecopilot-release:v1.5.0|cr.flyte.org/flyteorg/flytecopilot-release:v1.5.0>"
k8s-array:
logs:
config:
kubernetes-enabled: false
cloudwatch-enabled: false
stackdriver-enabled: false
002-database.yaml:
----
database:
postgres:
username: xxxxx
passwordPath: /var/run/secrets/flyte/db-pass
host: <http://xxxxxxxxxrds.amazonaws.com|xxxxxxxxxrds.amazonaws.com>
port: 5432
dbname: xxxxxx
options: "sslmode=disable"
003-storage.yaml:
----
propeller:
rawoutput-prefix: <s3://xxxx-flyte-userdata/data>
storage:
type: stow
stow:
kind: s3
config:
region: us-west-2
disable_ssl: false
v2_signing: false
auth_type: iam
container: xxxxx-flyte-metadata
010-inline-config.yaml:
----
cluster_resources:
customData: null
plugins:
k8s:
default-env-vars:
- AWS_METADATA_SERVICE_TIMEOUT: 5
- AWS_METADATA_SERVICE_NUM_ATTEMPTS: 20
inject-finalizer: true
storage:
cache:
max_size_mbs: 10
target_gc_percent: 100
task_resources:
defaults:
cpu: 100m
memory: 100Mi
storage: 100Mi
limits:
memory: 2Gi
tasks:
task-plugins:
default-for-task-types:
- container: container
- container_array: K8S-ARRAY
enabled-plugins:
- container
- sidecar
- K8S-ARRAY
BinaryData
====
Events: <none>d
David Espejo (he/him)
06/02/2023, 5:50 PMisn't there a
004-auth.yamlauthc
Cody Scandore
06/02/2023, 6:06 PM Copy code
Error: INSTALLATION FAILED: execution error at (flyte-binary/templates/deployment.yaml:37:35): Internal client secret hash required when built-in authentication server is enabled Copy code
auth:
enabled: false
oidc:
baseUrl: <https://signin.hosted.unionai.cloud/oauth2/default>
clientId: <IDP_CLIENT_ID>
clientSecret: <IDP_CLIENT_SECRET>
internal:
clientSecret: <CC_PASSWD>
clientSecretHash: <HASHED_CC_PASSWD>
authorizedUris:
- <https://flyte.company.com>oidc.clientSecretSecret IDinternal.clientSecretValueinternal.clientSecretHashd
David Espejo (he/him)
06/02/2023, 8:29 PMThe FTHW guide doesn't include auth yet (coming soon)
internalc
Cody Scandore
06/02/2023, 8:30 PMOkay, sorry just found the thread a few lines above. Leaving off internal produces errors on
helm installd
David Espejo (he/him)
06/02/2023, 8:43 PMso, regarding the
authtrueflytepropellerclientSecret: <generate a random password and add it here>clientSecretHash Copy code
pip install bcrypt && python -c 'import bcrypt; import base64; print(base64.b64encode(bcrypt.hashpw("<your_client-secret>".encode("utf-8"), bcrypt.gensalt(6))))'also
authorizedUris8 Views