https://flyte.org logo
#ask-the-community
Title
# ask-the-community
m

Marti Jorda Roca

12/14/2023, 1:49 PM
🤕 Issue: Authentification inside AWS Codebuild Hi, we have implemented Flyte on EKS with the chart flyte-core. We have been able to implement authentification with Okta and works perfect locally. The problem is that we have an AWS Codebuild, that deploys a workflow (CD), which we are not able to deploy the workflow to the remote cluster. The error:
Copy code
Unauthenticated desc = Request unauthenticated with IDToken, Auth Error: failed to initialized token source provider. Err: open /etc/secrets/client_secret: no such file or directory","ts":"2023-12-14T10:35:47Z"}
When we define our client_secret in the specified path:
Copy code
{
  "json": {},
  "level": "warning",
  "msg": "failed to cache token: %!w(*fmt.wrapError=&{unable to save token. Error: Failed to execute program org.freedesktop.secrets: Operation not permitted {org.freedesktop.DBus.Error.Spawn.ExecFailed [Failed to execute program org.freedesktop.secrets: Operation not permitted]}})",
  "ts": "2023-12-14T11:59:51Z"
}
And the script that deploys the workflow gets stuck 🥲 Our current flyte config:
Copy code
admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: dns:///<our flyte dns>
  authType: Pkce
  insecure: false
logger:
  show-source: true
  level: 0
k

Ketan (kumare3)

12/14/2023, 2:44 PM
You will have to use client app id and secret - check okta docs
m

Marti Jorda Roca

12/14/2023, 2:55 PM
okay so i have my okta client id and client secret. Where I define them in my codebuild? In the same
secrets/client_secret
folder?
k

Ketan (kumare3)

12/14/2023, 3:58 PM
No you can set them in the config
m

Marti Jorda Roca

12/14/2023, 3:59 PM
can you give me an example pls?
also, we have not implemented Custom Authorization Server is this required for CICD?
k

Ketan (kumare3)

12/14/2023, 4:12 PM
We recommend, but otherwise you can use the configured app ids and secrets just like you did for propeller
m

Marti Jorda Roca

12/14/2023, 4:23 PM
Can we do a port fordward with the
flyte-core
chart as we do with the
flyte-binary
?
Copy code
kubectl -n flyte port-forward service/flyte-binary 8088:8088 8089:8089
m

Marti Jorda Roca

12/15/2023, 1:04 PM
Hi, I have solve it with the following config:
Copy code
admin:
                      endpoint: dns:///${FlyteDNS}
                      authType: ClientSecret
                      clientId: flytepropeller
                      clientSecretLocation: /etc/secrets/client_secret
                      scopes: all
                      insecure: false
                    logger:
                      show-source: true
                      level: 0
Thank youuu for your time 🫶
3 Views