https://flyte.org logo
#ask-the-community
Title
# ask-the-community
a

Alex Beach

01/18/2024, 12:18 AM
d

David Espejo (he/him)

01/18/2024, 2:52 PM
Hi @Alex Beach There's a reference implementation for GCP, which uses Terraform: https://github.com/unionai-oss/deploy-flyte/blob/main/environments/gcp/flyte-core/README.md
a

Alex Beach

01/18/2024, 9:22 PM
is there a way to get this to work without ingress enabled? i dont' have a domain
with port forwarding, the console ui tried to use the console instead of getting the admin api
kubectl -n flyte port-forward service/flyteadmin 8088:80 8089:81
I can forward the admin ports
Copy code
kubectl -n flyte port-forward service/flyteconsole 8080:80
i can forward the web console port
but the console tries to call
<http://localhost:8080/api/v1/projects>
which is 404
when it should make a call to
<http://localhost:8088/api/v1/projects>
d

David Espejo (he/him)

01/18/2024, 9:38 PM
can you share the services?
kubectl get svc -n flyte
also with this
Copy code
kubectl -n flyte port-forward service/flyteconsole 8080:80
you're forwarding the remote 80 port to 8080 locally
a

Alex Beach

01/18/2024, 9:43 PM
yeah so console works, but console web app makes api XHR calls to localhost:8080, but the projects API seems to be an admain api call
so there are 3 ports forwarded, 1 for console, 2 for admin
Screenshot 2024-01-18 at 1.47.17 PM.png
d

David Espejo (he/him)

01/18/2024, 9:58 PM
I've reproduced this behavior. Do you have an Ingress resource created? You don't need a domain to make it work, just some kind of DNS resolution (an entry in your local hosts file is enough) bc Ingress will route if it receives a request coming to your hostname and then the suffix (including /api)
a

Alex Beach

01/18/2024, 10:03 PM
yeah ingress is created, just not tls. yeah adding host to /etcs/hosts resolved it
d

David Espejo (he/him)

01/18/2024, 10:04 PM
I'll add notes to the README if that helps, other users have struggled with this
a

Alex Beach

01/18/2024, 10:09 PM
yeah it would be useful to add a section about how to set it up without a domain
now i just gotta figure out how to get auth working...
d

David Espejo (he/him)

01/18/2024, 10:12 PM
What IdP you plan to use?
a

Alex Beach

01/18/2024, 10:16 PM
okta
or gcp not sure
d

David Espejo (he/him)

01/18/2024, 10:18 PM
using the instructions here for Okta and the
flyte-core
chart should work https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#identity-management-layer-oidc
a

Alex Beach

01/19/2024, 6:46 PM
yeah so i haven't been able to get the flytectl to work with the /etc/hosts approach. The only way i can get the config to work is forwarding the port to the admin directly
I can access the console, and the console can make http requests to the admin, but it seems the grpc connection from flytectl does not work if i add the domain in /ect/hosts to the config.yaml
Copy code
Error: Connection Info: [Endpoint: dns:///flyte.example.com, InsecureConnection?: true, AuthMode: ClientSecret]: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: http2: frame too large"
{"json":{},"level":"error","msg":"Connection Info: [Endpoint: dns:///flyte.example.com, InsecureConnection?: true, AuthMode: ClientSecret]: rpc error: code = Unavailable desc = connection error: desc = \"error reading server preface: http2: frame too large\"","ts":"2024-01-19T10:47:45-08:00"}
I have
<http://flyte.example.com|flyte.example.com>
set in my /etct/hosts to the ip address of the ingress controller,
d

David Espejo (he/him)

01/19/2024, 7:17 PM
can you share the contents of your
config.yaml
?
a

Alex Beach

01/19/2024, 7:21 PM
I think this is related to the nginx ingress controller though. https://flyte-org.slack.com/archives/CP2HDHKE1/p1704457046350749?thread_ts=1704382245.087409&amp;cid=CP2HDHKE1
Copy code
admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: <dns://flyte.example.com>
  insecure: true
  insecureSkipVerify: true
d

David Espejo (he/him)

01/19/2024, 7:23 PM
set
insecureSkipVerify: false
to start with please
a

Alex Beach

01/19/2024, 7:25 PM
I have tls disabled on the ingress controller
I get the same error
ok so i think i know what the issue is. the nginx ingress controller is only configured for http2 on port 443.
Copy code
server {
		server_name _ ;
		
		listen 80 default_server reuseport backlog=1024 ;
		listen 443 default_server reuseport backlog=1024 ssl http2 ;
so i have to enable tls
i have it working now. the only thing is that cert is not valid so have to
insecureSkipVerify: true
d

David Espejo (he/him)

01/19/2024, 8:13 PM
ok got it, thanks for sharing
2 Views