https://flyte.org logo
Join Slack
Powered by
<https://docs.flyte.org/en/latest/deployment/deplo...
# flyte-support
h
a
Hi @hallowed-dog-74273 There's a reference implementation for GCP, which uses Terraform: https://github.com/unionai-oss/deploy-flyte/blob/main/environments/gcp/flyte-core/README.md
👍 1
h
is there a way to get this to work without ingress enabled? i dont' have a domain
with port forwarding, the console ui tried to use the console instead of getting the admin api
kubectl -n flyte port-forward service/flyteadmin 8088:80 8089:81
I can forward the admin ports
Copy code
kubectl -n flyte port-forward service/flyteconsole 8080:80
i can forward the web console port
but the console tries to call 
<http://localhost:8080/api/v1/projects>
which is 404
when it should make a call to 
<http://localhost:8088/api/v1/projects>
a
can you share the services? 
kubectl get svc -n flyte
also with this
Copy code
kubectl -n flyte port-forward service/flyteconsole 8080:80
you're forwarding the remote 80 port to 8080 locally
h
yeah so console works, but console web app makes api XHR calls to localhost:8080, but the projects API seems to be an admain api call
so there are 3 ports forwarded, 1 for console, 2 for admin
a
I've reproduced this behavior. Do you have an Ingress resource created? You don't need a domain to make it work, just some kind of DNS resolution (an entry in your local hosts file is enough) bc Ingress will route if it receives a request coming to your hostname and then the suffix (including /api)
h
yeah ingress is created, just not tls. yeah adding host to /etcs/hosts resolved it
a
I'll add notes to the README if that helps, other users have struggled with this
h
yeah it would be useful to add a section about how to set it up without a domain
🙌 1
now i just gotta figure out how to get auth working...
a
What IdP you plan to use?
h
okta
or gcp not sure
a
using the instructions here for Okta and the 
flyte-core
chart should work https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#identity-management-layer-oidc
h
yeah so i haven't been able to get the flytectl to work with the /etc/hosts approach. The only way i can get the config to work is forwarding the port to the admin directly
I can access the console, and the console can make http requests to the admin, but it seems the grpc connection from flytectl does not work if i add the domain in /ect/hosts to the config.yaml
Copy code
Error: Connection Info: [Endpoint: dns:///flyte.example.com, InsecureConnection?: true, AuthMode: ClientSecret]: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: http2: frame too large"
{"json":{},"level":"error","msg":"Connection Info: [Endpoint: dns:///flyte.example.com, InsecureConnection?: true, AuthMode: ClientSecret]: rpc error: code = Unavailable desc = connection error: desc = \"error reading server preface: http2: frame too large\"","ts":"2024-01-19T10:47:45-08:00"}
I have 
<http://flyte.example.com|flyte.example.com>
set in my /etct/hosts to the ip address of the ingress controller,
a
can you share the contents of your 
config.yaml
?
h
I think this is related to the nginx ingress controller though. https://flyte-org.slack.com/archives/CP2HDHKE1/p1704457046350749?thread_ts=1704382245.087409&amp;cid=CP2HDHKE1
Copy code
admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: <dns://flyte.example.com>
  insecure: true
  insecureSkipVerify: true
a
set 
insecureSkipVerify: false
to start with please
h
I have tls disabled on the ingress controller
I get the same error
ok so i think i know what the issue is. the nginx ingress controller is only configured for http2 on port 443.
Copy code
server {
		server_name _ ;
		
		listen 80 default_server reuseport backlog=1024 ;
		listen 443 default_server reuseport backlog=1024 ssl http2 ;
so i have to enable tls
i have it working now. the only thing is that cert is not valid so have to 
insecureSkipVerify: true
a
ok got it, thanks for sharing
a
@average-finland-92144 I have more or less same issue. I have setup the cluster on GCP following https://github.com/unionai-oss/deploy-flyte/blob/main/environments/gcp/flyte-core/README.md . If i do port forwarding, i can access the console, but when i tried with ingress ip or by setting up an host name in /etc/hosts, i am getting 404 like show in the screenshot. Any direction on how we can resolve this is much appreciated
a
@adventurous-napkin-36518 could you share your local config file? 
$HOME/.flyte/config.yaml
Also the output of 
kubectl describe ingress flyte-core -n flyte
a
i dont see a local config file at all
a
ok, well that's a different issue but it doesn't affect the console
so, does the `host`resolves correctly in your machine to the IP assigned to the Ingress?
a
yes
ping to the host resolves to the ip assigned
Accessing via the ingress ip also has the same issue
a
sorry, and I guess you're appending 
/console
to the hostname, right?
a
yes, thats right
@average-finland-92144 any other suggestions that i can try out ?
a
what's the status of the flyte pods? 
kubectl get po -n flyte
a
seems like all are running..
a
any interesting logs from the nginx controller?
a
thank you. i think the domain name configured before the setup is not in sync with what i had in /etc/hosts which is causing an issue
🙌🏽 1
thanks @average-finland-92144
36 Views
Open in Slack
PreviousNext
Powered by