flat-exabyte-79377
08/10/2023, 4:09 PMflytesnacks
now, but in the UI I see the following error for my execution:
FlyteAssertion: Failed to get data from
<abfs://flyte/flytesnacks/development/A46TBP35TISQ2EVJVNOGLJTARM======/script_mod>
e.tar.gz to /root/ (recursive=False).
Original exception: unable to connect to account for Must provide either a
connection_string or account_name with credentials!!
Here's my storage config in the helm chart:
storage:
type: custom
bucketName: "flyte"
custom:
container: "flyte"
enable-multicontainer: true
connection: {}
type: stow
stow:
kind: azure
config:
account: "<storage_account_name>"
key: "<storage_account_key>"
limits:
maxDownloadMBs: 10
Does anyone know what would cause this? My first intuition would be that this URI is wrong: <abfs://flyte/flytesnacks/development/A46TBP35TISQ2EVJVNOGLJTARM======/script_mode.tar.gz>
because in Azure the path should look like this: abfs://<CONTAINER>@<STORAGE_ACCOUNT>.<http://dfs.core.windows.net/flytesnacks/development/A46TBP35TISQ2EVJVNOGLJTARM======/script_mode.tar.gz|dfs.core.windows.net/flytesnacks/development/A46TBP35TISQ2EVJVNOGLJTARM======/script_mode.tar.gz>
flat-exabyte-79377
08/10/2023, 4:10 PMflat-exabyte-79377
08/10/2023, 4:21 PMfsspec
is supposed to handle. So somehow it cannot find my credentialsglamorous-carpet-83516
08/10/2023, 5:17 PMfreezing-airport-6809
flat-exabyte-79377
08/10/2023, 10:55 PMcalm-zoo-68637
08/11/2023, 2:53 AMenv:
- name: AZURE_STORAGE_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: flyteruntimesecret
calm-zoo-68637
08/11/2023, 2:53 AMAZURE_STORAGE_CONNECTION_STRING
value came from the source code you linked abovefreezing-airport-6809
flat-exabyte-79377
08/11/2023, 6:56 AMflat-exabyte-79377
08/11/2023, 7:00 AMflat-exabyte-79377
08/11/2023, 7:01 AMflat-exabyte-79377
08/11/2023, 8:20 AMflat-exabyte-79377
08/11/2023, 12:22 PMflyteadmin
via a role binding beforehand. That probably means I need to set up workload identity in my cluster, so I'll give that a goflat-exabyte-79377
08/11/2023, 3:52 PMPodTemplate
despite me giving permissions to the flyteadmin
service account
{
"json": {},
"level": "warning",
"msg": "Failed to create kubernetes object from config template [pod_template.yaml] for namespace [flytesnacks-development] with err: podtemplates is forbidden: User \"system:serviceaccount:flyte:flyteadmin\" cannot create resource \"podtemplates\" in API group \"\" in the namespace \"flytesnacks-development\"",
"ts": "2023-08-11T15:41:02Z"
}
{
"json": {},
"level": "warning",
"msg": "Failed to create cluster resources for namespace [flytesnacks-development] with err: Failed to create kubernetes object from config template [pod_template.yaml] for namespace [flytesnacks-development] with err: podtemplates is forbidden: User \"system:serviceaccount:flyte:flyteadmin\" cannot create resource \"podtemplates\" in API group \"\" in the namespace \"flytesnacks-development\"",
"ts": "2023-08-11T15:41:02Z"
}
flat-exabyte-79377
08/11/2023, 4:10 PMflytek8s
which has everything it needs to create resources in the cluster.
The issues I'm having are related to a chicken and egg problem I have with terraform. The helm chart creates the flyteadmin service account, but instead I should create it via terraform and do the role assignments before the helm chart is applied.
Sorry if I'm rambling 😅freezing-airport-6809
flat-exabyte-79377
08/12/2023, 6:03 AMbig-refrigerator-80863
09/20/2023, 10:57 PMAZURE_STORAGE_CONNECTION_STRING
env var to all task pods will definitely work, it's not the only path.
Adding AZURE_STORAGE_ACCOUNT_NAME
to all pods will also work, as long as the credentials can be loaded from the usual spots which you can find here.fierce-australia-55871
02/19/2024, 6:23 PM