Hi we re trying to deploy flyte via the flyte binary helm ch

Question

Hi we re trying to deploy flyte via the flyte binary helm chart in an EKS cluster So far we connected to our RDS database and tried to connect to our Keycloak instance and now we re getting a fatal error `Flyte native scheduler failed to start due to async future was canceled` The `oidc client secret` and `client secret` are written to secret and used via `clientSecretsExternalSecretRef` We can t see any relevant logs in Keycloak so the requests don t seem to arrive When I disable auth everything seems to be working well I ve also tested the client credentials for the client and they are working fine and I see the manual requests in the Keycloak logs Here is the relevant section in the values ```auth enabled true enableAuthServer true oidc baseUrl keycloak svc keycloak auth realms test clientId flyte authorizedUris internal clientSecretHash hash of client secret in client secrets clientSecretsExternalSecretRef client secrets``` I found this in the flyte forum but the suggestions aren t helping so far haven t found the traefik settings for proxy buffer size

David Espejo (he/him) · Answer

< Luis Dunkum> There s a need to update auth docs for Keycloak But in order to confirm I wanted to see what s the behaviour in your env when You use `https lt keycloak url gt realms lt keycloak realm gt ` as the structure for the baseUrl Also what are you using for Ingress What do you plan to use for SSL

Luis Dunkum · Answer

I added `https ` to the baseUrl and the message in question disappears but I can t see any flyte logs in Keycloak and the pod is still failing so there may be some other problem as well We are using traefik for ingress and SSL Once I disable auth I can navigate to the dashboard just fine and also connect via CLI We checked flyte the hard way but sadly there are lots of differences in the stack used so some things aren t that relevant to us

Luis Dunkum · Answer

Ah sorry I think I was mistaken the error message disappeared but apparently only because Keycloak can t be reached now see here ```Error creating auth context AUTH CONTEXT SETUP FAILED Error creating oidc provider w issuer caused by Get context deadline exceeded```

David Espejo (he/him) · Answer

< Luis Dunkum> apparently in recent versions of Keycloak the baseURL doesn t use ` auth` anymore That s what I mean with using this structure `https lt keycloak url gt realms lt keycloak realm gt ` It comes from this thread

Luis Dunkum · Answer

Aah sorry my mistake I ll take a look

Luis Dunkum · Answer

Hmm it seems as if there is still a problem with the connection There are some more log entries but I still can t see any requests for the flyte client in Keycloak ```flyte json src client go 63 level info msg Initialized Admin client ts 2023 11 15T10 54 55Z flyte json src start go 54 level info msg Successfully initialized a native flyte scheduler ts 2023 11 15T10 54 55Z flyte json src schedule executor go 38 level info msg Flyte native scheduler started successfully ts 2023 11 15T10 54 55Z flyte json src schedule executor go 58 level info msg Number of schedules retrieved 0 ts 2023 11 15T10 54 55Z flyte json src schedule executor go 88 level error msg failed to get future value for catchup due to async future was canceled ts 2023 11 15T10 54 55Z flyte json src schedule executor go 89 level info msg Flyte native scheduler shutdown ts 2023 11 15T10 54 55Z flyte json src start go 58 level fatal msg Flyte native scheduler failed to start due to async future was canceled ts 2023 11 15T10 54 55Z ```

David Espejo (he/him) · Answer

anything interesting in the Traefik logs

Luis Dunkum · Answer

I doubt it since this is all still cluster internal traffic as `baseUrl` points to the Keycloak service inside the cluster but I ll check