late-noon-138
09/11/2023, 1:42 AMlate-noon-138
09/11/2023, 2:00 AMfreezing-airport-6809
freezing-airport-6809
late-noon-138
09/11/2023, 4:45 AMcool-lifeguard-49380
09/11/2023, 11:08 AMcool-lifeguard-49380
09/11/2023, 11:08 AMcool-lifeguard-49380
09/11/2023, 11:10 AMkind: ManagedCertificate
but instead install cert manager which is documented right below.cool-lifeguard-49380
09/11/2023, 11:12 AMcool-lifeguard-49380
09/11/2023, 11:12 AMlate-noon-138
09/12/2023, 5:44 AMcool-lifeguard-49380
09/12/2023, 7:29 AMlate-noon-138
09/12/2023, 7:45 AMcool-lifeguard-49380
09/12/2023, 7:52 AMlate-noon-138
09/12/2023, 7:54 AMcool-lifeguard-49380
09/12/2023, 7:54 AMcool-lifeguard-49380
09/12/2023, 7:54 AMcool-lifeguard-49380
09/12/2023, 7:54 AMcool-lifeguard-49380
09/12/2023, 7:54 AM~/.flyte/config.yaml
cool-lifeguard-49380
09/12/2023, 7:54 AMlate-noon-138
09/12/2023, 7:55 AMlate-noon-138
09/12/2023, 7:55 AMcool-lifeguard-49380
09/12/2023, 7:56 AMcool-lifeguard-49380
09/12/2023, 7:56 AMlate-noon-138
09/12/2023, 7:57 AMadmin:
# For GRPC endpoints you might want to use dns:///flyte.myexample.com
endpoint: dns:///127.0.0.1:8088
authType: Pkce
insecure: true
logger:
show-source: true
level: 0
late-noon-138
09/12/2023, 7:58 AMlate-noon-138
09/12/2023, 7:58 AMcool-lifeguard-49380
09/12/2023, 7:59 AMlate-noon-138
09/12/2023, 7:59 AMcool-lifeguard-49380
09/12/2023, 8:00 AMcool-lifeguard-49380
09/12/2023, 8:00 AMcool-lifeguard-49380
09/12/2023, 8:00 AMlate-noon-138
09/12/2023, 8:00 AMlate-noon-138
09/12/2023, 8:00 AMcool-lifeguard-49380
09/12/2023, 8:01 AMlate-noon-138
09/12/2023, 8:03 AMflyte-backend-flyte-binary-5876c5745b-hhtrd 1/1 Running 0 17h
cool-lifeguard-49380
09/12/2023, 8:04 AMlate-noon-138
09/12/2023, 8:04 AMcool-lifeguard-49380
09/12/2023, 8:05 AMlate-noon-138
09/12/2023, 8:05 AMcool-lifeguard-49380
09/12/2023, 8:05 AMcool-lifeguard-49380
09/12/2023, 8:06 AMlate-noon-138
09/12/2023, 8:07 AMcool-lifeguard-49380
09/12/2023, 8:07 AMcool-lifeguard-49380
09/12/2023, 8:07 AMlate-noon-138
09/12/2023, 8:09 AMcool-lifeguard-49380
09/12/2023, 8:09 AMlate-noon-138
09/12/2023, 8:09 AMlate-noon-138
09/12/2023, 8:10 AMcool-lifeguard-49380
09/12/2023, 8:10 AMcool-lifeguard-49380
09/12/2023, 8:10 AMcool-lifeguard-49380
09/12/2023, 8:10 AMcool-lifeguard-49380
09/12/2023, 8:10 AMlate-noon-138
09/12/2023, 8:11 AMcool-lifeguard-49380
09/12/2023, 8:11 AM"iam.serviceAccounts.signBlob"
to the respective sa and it should worklate-noon-138
09/12/2023, 8:52 AMcool-lifeguard-49380
09/12/2023, 8:55 AMcool-lifeguard-49380
09/12/2023, 8:56 AMkubectl -n flyte get sa
?cool-lifeguard-49380
09/12/2023, 8:56 AMget sa <name> -o yaml
.cool-lifeguard-49380
09/12/2023, 8:56 AMlate-noon-138
09/12/2023, 8:57 AMapiVersion: v1
kind: ServiceAccount
metadata:
annotations:
<http://iam.gke.io/gcp-service-account|iam.gke.io/gcp-service-account>: <mailto:dev01-flyte-poc-iam@fr-stg-datalake-k8s.iam.gserviceaccount.com|dev01-flyte-poc-iam@fr-stg-datalake-k8s.iam.gserviceaccount.com>
<http://meta.helm.sh/release-name|meta.helm.sh/release-name>: flyte-backend
<http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>: flyte
creationTimestamp: "2023-09-11T14:31:45Z"
labels:
<http://app.kubernetes.io/instance|app.kubernetes.io/instance>: flyte-backend
<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: Helm
<http://app.kubernetes.io/name|app.kubernetes.io/name>: flyte-binary
<http://app.kubernetes.io/version|app.kubernetes.io/version>: 1.16.0
<http://helm.sh/chart|helm.sh/chart>: flyte-binary-v1.9.1
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:<http://meta.helm.sh/release-name|meta.helm.sh/release-name>: {}
f:<http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>: {}
f:labels:
.: {}
f:<http://app.kubernetes.io/instance|app.kubernetes.io/instance>: {}
f:<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: {}
f:<http://app.kubernetes.io/name|app.kubernetes.io/name>: {}
f:<http://app.kubernetes.io/version|app.kubernetes.io/version>: {}
f:<http://helm.sh/chart|helm.sh/chart>: {}
manager: helm
operation: Update
time: "2023-09-11T14:31:45Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
f:<http://iam.gke.io/gcp-service-account|iam.gke.io/gcp-service-account>: {}
manager: kubectl-annotate
operation: Update
time: "2023-09-11T14:32:02Z"
name: dev01-flyte-gke-sa
namespace: flyte
resourceVersion: "227723"
uid: f0b5b2bd-b98f-43d8-8f90-bdf0e0ecf66d
cool-lifeguard-49380
09/12/2023, 9:02 AMcool-lifeguard-49380
09/12/2023, 9:02 AMkubectl get role <name> -o yaml
late-noon-138
09/12/2023, 9:08 AMcool-lifeguard-49380
09/12/2023, 9:08 AMlate-noon-138
09/12/2023, 9:11 AMcool-lifeguard-49380
09/12/2023, 9:12 AMlate-noon-138
09/12/2023, 9:13 AMlate-noon-138
09/12/2023, 9:13 AMlate-noon-138
09/12/2023, 9:14 AMcool-lifeguard-49380
09/12/2023, 9:15 AMkubectl get sa <service account name> -o yaml
cool-lifeguard-49380
09/12/2023, 9:15 AMcool-lifeguard-49380
09/12/2023, 9:15 AMlate-noon-138
09/12/2023, 11:07 AMcool-lifeguard-49380
09/12/2023, 11:37 AMdefault
kubernetes service account in the respective namespace the task pod runs in is used.cool-lifeguard-49380
09/12/2023, 11:38 AMlate-noon-138
09/12/2023, 11:40 AMgcloud iam service-accounts add-iam-policy-binding <mailto:dev01-flyte-poc-iam@fr-stg-datalake-k8s.iam.gserviceaccount.com|dev01-flyte-poc-iam@fr-stg-datalake-k8s.iam.gserviceaccount.com> \
--role roles/iam.workloadIdentityUser \
--member "serviceAccount:fr-stg-datalake-k8s.svc.id.goog[flyte/default]"
late-noon-138
09/12/2023, 11:40 AMcool-lifeguard-49380
09/12/2023, 11:40 AMcool-lifeguard-49380
09/12/2023, 11:41 AMcool-lifeguard-49380
09/12/2023, 11:41 AMcool-lifeguard-49380
09/12/2023, 11:41 AMcool-lifeguard-49380
09/12/2023, 11:41 AMcool-lifeguard-49380
09/12/2023, 11:41 AMlate-noon-138
09/12/2023, 11:45 AMkubectl annotate serviceaccount default \
--namespace flyte \
<http://iam.gke.io/gcp-service-account=dev01-flyte-poc-iam@fr-stg-datalake-k8s.iam.gserviceaccount.com|iam.gke.io/gcp-service-account=dev01-flyte-poc-iam@fr-stg-datalake-k8s.iam.gserviceaccount.com>
where "dev01-flyte-poc-iam" is the GCP IAM Service accountlate-noon-138
09/12/2023, 11:47 AMcool-lifeguard-49380
09/12/2023, 11:48 AMcool-lifeguard-49380
09/12/2023, 11:48 AMlate-noon-138
09/12/2023, 11:48 AMcool-lifeguard-49380
09/12/2023, 11:49 AMcool-lifeguard-49380
09/12/2023, 11:49 AMcool-lifeguard-49380
09/12/2023, 11:49 AMlate-noon-138
09/12/2023, 11:49 AMlate-noon-138
09/12/2023, 12:43 PMaverage-finland-92144
09/12/2023, 8:17 PMcool-lifeguard-49380
09/13/2023, 6:49 AM