Hi, I'm currently debugging some issue on our multi cluster setup. Basically I seem to miss the

flyteadmin-token

secret from this step

kubectl get secrets -n flyte | grep flyteadmin-token

in https://docs.flyte.org/en/latest/deployment/deployment/multicluster.html#user-and-control-plane-deployment. I deployed the clusters using helm with v1.9.0 From the logs I didn't see any real hinting errors to why it would be missing:

helm upgrade flyte flyteorg/flyte-core --version $FLYTE_VERSION -f $FLYTE_BASE_CONFIG_FILE -f $FLYTE_EKS_CONFIG_FILE -f $FLYTE_DATA_PLANE_CONFIG_FILE --install --create-namespace -n $FLYTE_NAMESPACE \
--set userSettings.accountId=$ACCOUNT_ID --set userSettings.accountRegion=$REGION --set userSettings.certificateArn=$ACM_CERTIFICATE_ARN --set userSettings.bucketName=$S3_CLUSTER_BUCKET \
--set userSettings.dbPassword=$RDS_PASSWORD --set userSettings.rdsHost=$RDS_HOST --set userSettings.rdsDb=$RDS_DATABASE --set userSettings.rdsUsername=$RDS_USERNAME \
--set userSettings.iamSystemRole=$FLYTE_SYSTEM_ROLE --set configmap.admin.admin.endpoint=$CONTROL_PLANE_ENDPOINT_ADDRESS \
--set configmap.admin.admin.insecure=false --set secrets.adminOauthClientCredentials.clientSecret=$CONTROL_PLANE_OAUTH_CLIENT_SECRET

Release "flyte" does not exist. Installing it now.
coalesce.go:223: warning: destination for flyte-core.flyteadmin.additionalContainers is a table. Ignoring non-table value ([])
NAME: flyte
LAST DEPLOYED: Wed Oct  4 05:05:06 2023
NAMESPACE: flyte
STATUS: deployed
REVISION: 1
TEST SUITE: None

Hi, I also struggled. There are some issues with those docs and is currently being updated. Please follow these WIP doc: https://flyte--3994.org.readthedocs.build/en/3994/deployment/deployment/multicluster.html#scaling-beyond-kubernetes

Ah I see, that bit was missing for me:

In order to verify requests, the Kubernetes API Server expects a signed bearer token attached to the Service Account. As of Kubernetes 1.24 and above, the bearer token has to be generated manually.

Thanks for the help!