:face_with_head_bandage: Issue: Flyte auth. :face_...
# ask-the-community
m
🤕 Issue: Flyte auth. 🤕 Hi community 🙌 We have deployed our Flyte in a private VPC and we want to deploy user authentication with okta. We have followed this section on how to implement Identity Management layer : OIDC. We are able to deploy Flyte and our pods are running with no issue. But when we visit our Flyte DNS, no authentication is required. Also if we go to login in the UI
https://<our flyte dns>.com/login
a Not Found message is thrown. How can we see any logs for the authentication? Does authentication work within a private VPC? Thank youu 🫶
s
cc: @David Espejo (he/him)
d
@Marti Jorda Roca you mean a VPC with private-only subnets? If SG configuration allows it, it should be able to connect to your IdP (I haven't tried it yet). I don't think
/login
is implementd in flyteconsole. Can you share your anonymized values file?
m
Hi thank you for your help 🫶. Yes our flyte is deployed in private subnets. I attach my values chart file.
d
@Marti Jorda Roca anything interesting in the
flyteadmin
logs?
m
Nop anything special : (
Copy code
(base) ➜  ~ kubectl logs flyteadmin-6f549c94bb-rmsqj -n flyte
Defaulted container "flyteadmin" out of: flyteadmin, run-migrations (init), seed-projects (init), sync-cluster-resources (init), generate-secrets (init)
time="2023-11-08T09:22:09Z" level=info msg="Using config file: [/etc/flyte/config/cluster_resources.yaml /etc/flyte/config/clusters.yaml /etc/flyte/config/db.yaml /etc/flyte/config/domain.yaml /etc/flyte/config/notifications.yaml /etc/flyte/config/remoteData.yaml /etc/flyte/config/server.yaml /etc/flyte/config/storage.yaml /etc/flyte/config/task_resource_defaults.yaml]"
{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-11-08T09:22:10Z"}
{"json":{},"level":"warning","msg":"Starting notifications processor","ts":"2023-11-08T09:22:11Z"}
Copy code
(base) ➜  ~ kubectl logs flyteadmin-6f549c94bb-glh2q -n flyte
Defaulted container "flyteadmin" out of: flyteadmin, run-migrations (init), seed-projects (init), sync-cluster-resources (init), generate-secrets (init)
time="2023-11-08T09:23:00Z" level=info msg="Using config file: [/etc/flyte/config/cluster_resources.yaml /etc/flyte/config/clusters.yaml /etc/flyte/config/db.yaml /etc/flyte/config/domain.yaml /etc/flyte/config/notifications.yaml /etc/flyte/config/remoteData.yaml /etc/flyte/config/server.yaml /etc/flyte/config/storage.yaml /etc/flyte/config/task_resource_defaults.yaml]"
{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-11-08T09:23:01Z"}
{"json":{},"level":"warning","msg":"Starting notifications processor","ts":"2023-11-08T09:23:02Z"}
a
@Marti Jorda Roca Did you have any luck with this? I’m getting the same “Not Found” page, but trying to use Google Identity for auth
d
@Andrew I don't think
/login
is implemented. What about
/console
?
a
the console works fine, but it doesn’t require any login. the docs say
It should now be possible to go to Flyte UI and be prompted for authentication.
, so I was hoping for it to route to a login page
d
it should do so. in Marti's case, there was an indentation issue on the config. can you double check or share here the -anonymized- auth config you're using?
a
Yeah, here it is. are the configmap and secrets sections supposed to be under anything else?
d
I see
configmap.adminServer.server.security.useAuth
set to false. Could you try with
true
?
a
Good call, looks like that worked! should
secure
right next to that also be true?
d
that should be the case if you're using SSL