🤕 Issue: Flyte auth. 🤕 Hi community 🙌 We have deployed our Flyte in a private VPC and we want to deploy user authentication with okta. We have followed this section on how to implement Identity Management layer : OIDC. We are able to deploy Flyte and our pods are running with no issue. But when we visit our Flyte DNS, no authentication is required. Also if we go to login in the UI

https://<our flyte dns>.com/login

a Not Found message is thrown. How can we see any logs for the authentication? Does authentication work within a private VPC? Thank youu 🫶

cc: @David Espejo (he/him)

@Marti Jorda Roca you mean a VPC with private-only subnets? If SG configuration allows it, it should be able to connect to your IdP (I haven't tried it yet). I don't think

/login

is implementd in flyteconsole. Can you share your anonymized values file?

Hi thank you for your help 🫶. Yes our flyte is deployed in private subnets. I attach my values chart file.

@Marti Jorda Roca anything interesting in the

flyteadmin

logs?

Nop anything special : (

(base) ➜  ~ kubectl logs flyteadmin-6f549c94bb-rmsqj -n flyte
Defaulted container "flyteadmin" out of: flyteadmin, run-migrations (init), seed-projects (init), sync-cluster-resources (init), generate-secrets (init)
time="2023-11-08T09:22:09Z" level=info msg="Using config file: [/etc/flyte/config/cluster_resources.yaml /etc/flyte/config/clusters.yaml /etc/flyte/config/db.yaml /etc/flyte/config/domain.yaml /etc/flyte/config/notifications.yaml /etc/flyte/config/remoteData.yaml /etc/flyte/config/server.yaml /etc/flyte/config/storage.yaml /etc/flyte/config/task_resource_defaults.yaml]"
{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-11-08T09:22:10Z"}
{"json":{},"level":"warning","msg":"Starting notifications processor","ts":"2023-11-08T09:22:11Z"}

(base) ➜  ~ kubectl logs flyteadmin-6f549c94bb-glh2q -n flyte
Defaulted container "flyteadmin" out of: flyteadmin, run-migrations (init), seed-projects (init), sync-cluster-resources (init), generate-secrets (init)
time="2023-11-08T09:23:00Z" level=info msg="Using config file: [/etc/flyte/config/cluster_resources.yaml /etc/flyte/config/clusters.yaml /etc/flyte/config/db.yaml /etc/flyte/config/domain.yaml /etc/flyte/config/notifications.yaml /etc/flyte/config/remoteData.yaml /etc/flyte/config/server.yaml /etc/flyte/config/storage.yaml /etc/flyte/config/task_resource_defaults.yaml]"
{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-11-08T09:23:01Z"}
{"json":{},"level":"warning","msg":"Starting notifications processor","ts":"2023-11-08T09:23:02Z"}

@Marti Jorda Roca Did you have any luck with this? I’m getting the same “Not Found” page, but trying to use Google Identity for auth

@Andrew I don't think

/login

is implemented. What about

/console

?

the console works fine, but it doesn’t require any login. the docs say

It should now be possible to go to Flyte UI and be prompted for authentication.

, so I was hoping for it to route to a login page

it should do so. in Marti's case, there was an indentation issue on the config. can you double check or share here the -anonymized- auth config you're using?

Yeah, here it is. are the configmap and secrets sections supposed to be under anything else?

I see

configmap.adminServer.server.security.useAuth

set to false. Could you try with

true

?

Good call, looks like that worked! should

secure

right next to that also be true?

that should be the case if you're using SSL