https://flyte.org logo
#ask-the-community
Title
# ask-the-community
m

Marti Jorda Roca

11/02/2023, 10:42 AM
🤕 Issue: Flyte auth. 🤕 Hi community 🙌 We have deployed our Flyte in a private VPC and we want to deploy user authentication with okta. We have followed this section on how to implement Identity Management layer : OIDC. We are able to deploy Flyte and our pods are running with no issue. But when we visit our Flyte DNS, no authentication is required. Also if we go to login in the UI
https://<our flyte dns>.com/login
a Not Found message is thrown. How can we see any logs for the authentication? Does authentication work within a private VPC? Thank youu 🫶
s

Samhita Alla

11/03/2023, 7:07 AM
cc: @David Espejo (he/him)
d

David Espejo (he/him)

11/03/2023, 2:30 PM
@Marti Jorda Roca you mean a VPC with private-only subnets? If SG configuration allows it, it should be able to connect to your IdP (I haven't tried it yet). I don't think
/login
is implementd in flyteconsole. Can you share your anonymized values file?
m

Marti Jorda Roca

11/06/2023, 10:27 AM
Hi thank you for your help 🫶. Yes our flyte is deployed in private subnets. I attach my values chart file.
d

David Espejo (he/him)

11/07/2023, 7:00 PM
@Marti Jorda Roca anything interesting in the
flyteadmin
logs?
m

Marti Jorda Roca

11/08/2023, 9:27 AM
Nop anything special : (
Copy code
(base) ➜  ~ kubectl logs flyteadmin-6f549c94bb-rmsqj -n flyte
Defaulted container "flyteadmin" out of: flyteadmin, run-migrations (init), seed-projects (init), sync-cluster-resources (init), generate-secrets (init)
time="2023-11-08T09:22:09Z" level=info msg="Using config file: [/etc/flyte/config/cluster_resources.yaml /etc/flyte/config/clusters.yaml /etc/flyte/config/db.yaml /etc/flyte/config/domain.yaml /etc/flyte/config/notifications.yaml /etc/flyte/config/remoteData.yaml /etc/flyte/config/server.yaml /etc/flyte/config/storage.yaml /etc/flyte/config/task_resource_defaults.yaml]"
{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-11-08T09:22:10Z"}
{"json":{},"level":"warning","msg":"Starting notifications processor","ts":"2023-11-08T09:22:11Z"}
Copy code
(base) ➜  ~ kubectl logs flyteadmin-6f549c94bb-glh2q -n flyte
Defaulted container "flyteadmin" out of: flyteadmin, run-migrations (init), seed-projects (init), sync-cluster-resources (init), generate-secrets (init)
time="2023-11-08T09:23:00Z" level=info msg="Using config file: [/etc/flyte/config/cluster_resources.yaml /etc/flyte/config/clusters.yaml /etc/flyte/config/db.yaml /etc/flyte/config/domain.yaml /etc/flyte/config/notifications.yaml /etc/flyte/config/remoteData.yaml /etc/flyte/config/server.yaml /etc/flyte/config/storage.yaml /etc/flyte/config/task_resource_defaults.yaml]"
{"json":{},"level":"warning","msg":"stow configuration section missing, defaulting to legacy s3/minio connection config","ts":"2023-11-08T09:23:01Z"}
{"json":{},"level":"warning","msg":"Starting notifications processor","ts":"2023-11-08T09:23:02Z"}
a

Andrew

11/27/2023, 5:20 PM
@Marti Jorda Roca Did you have any luck with this? I’m getting the same “Not Found” page, but trying to use Google Identity for auth
d

David Espejo (he/him)

11/27/2023, 5:22 PM
@Andrew I don't think
/login
is implemented. What about
/console
?
a

Andrew

11/27/2023, 5:23 PM
the console works fine, but it doesn’t require any login. the docs say
It should now be possible to go to Flyte UI and be prompted for authentication.
, so I was hoping for it to route to a login page
d

David Espejo (he/him)

11/27/2023, 5:24 PM
it should do so. in Marti's case, there was an indentation issue on the config. can you double check or share here the -anonymized- auth config you're using?
a

Andrew

11/27/2023, 5:31 PM
Yeah, here it is. are the configmap and secrets sections supposed to be under anything else?
d

David Espejo (he/him)

11/27/2023, 5:49 PM
I see
configmap.adminServer.server.security.useAuth
set to false. Could you try with
true
?
a

Andrew

11/27/2023, 5:59 PM
Good call, looks like that worked! should
secure
right next to that also be true?
d

David Espejo (he/him)

11/27/2023, 6:13 PM
that should be the case if you're using SSL
2 Views