https://flyte.org logo
Join Slack
Powered by
<https://docs.flyte.org/en/latest/deployment/deplo...
# ask-the-community
a
d
Hi @Alex Beach There's a reference implementation for GCP, which uses Terraform: https://github.com/unionai-oss/deploy-flyte/blob/main/environments/gcp/flyte-core/README.md
a
is there a way to get this to work without ingress enabled? i dont' have a domain
with port forwarding, the console ui tried to use the console instead of getting the admin api
kubectl -n flyte port-forward service/flyteadmin 8088:80 8089:81
I can forward the admin ports
Copy code
kubectl -n flyte port-forward service/flyteconsole 8080:80
i can forward the web console port
but the console tries to call 
<http://localhost:8080/api/v1/projects>
which is 404
when it should make a call to 
<http://localhost:8088/api/v1/projects>
d
can you share the services? 
kubectl get svc -n flyte
also with this
Copy code
kubectl -n flyte port-forward service/flyteconsole 8080:80
you're forwarding the remote 80 port to 8080 locally
a
yeah so console works, but console web app makes api XHR calls to localhost:8080, but the projects API seems to be an admain api call
so there are 3 ports forwarded, 1 for console, 2 for admin
Screenshot 2024-01-18 at 1.47.17 PM.png
d
I've reproduced this behavior. Do you have an Ingress resource created? You don't need a domain to make it work, just some kind of DNS resolution (an entry in your local hosts file is enough) bc Ingress will route if it receives a request coming to your hostname and then the suffix (including /api)
a
yeah ingress is created, just not tls. yeah adding host to /etcs/hosts resolved it
d
I'll add notes to the README if that helps, other users have struggled with this
a
yeah it would be useful to add a section about how to set it up without a domain
now i just gotta figure out how to get auth working...
d
What IdP you plan to use?
a
okta
or gcp not sure
d
using the instructions here for Okta and the 
flyte-core
chart should work https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#identity-management-layer-oidc
a
yeah so i haven't been able to get the flytectl to work with the /etc/hosts approach. The only way i can get the config to work is forwarding the port to the admin directly
I can access the console, and the console can make http requests to the admin, but it seems the grpc connection from flytectl does not work if i add the domain in /ect/hosts to the config.yaml
Copy code
Error: Connection Info: [Endpoint: dns:///flyte.example.com, InsecureConnection?: true, AuthMode: ClientSecret]: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: http2: frame too large"
{"json":{},"level":"error","msg":"Connection Info: [Endpoint: dns:///flyte.example.com, InsecureConnection?: true, AuthMode: ClientSecret]: rpc error: code = Unavailable desc = connection error: desc = \"error reading server preface: http2: frame too large\"","ts":"2024-01-19T10:47:45-08:00"}
I have 
<http://flyte.example.com|flyte.example.com>
set in my /etct/hosts to the ip address of the ingress controller,
d
can you share the contents of your 
config.yaml
?
a
I think this is related to the nginx ingress controller though. https://flyte-org.slack.com/archives/CP2HDHKE1/p1704457046350749?thread_ts=1704382245.087409&amp;cid=CP2HDHKE1
Copy code
admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: <dns://flyte.example.com>
  insecure: true
  insecureSkipVerify: true
d
set 
insecureSkipVerify: false
to start with please
a
I have tls disabled on the ingress controller
I get the same error
ok so i think i know what the issue is. the nginx ingress controller is only configured for http2 on port 443.
Copy code
server {
		server_name _ ;
		
		listen 80 default_server reuseport backlog=1024 ;
		listen 443 default_server reuseport backlog=1024 ssl http2 ;
so i have to enable tls
i have it working now. the only thing is that cert is not valid so have to 
insecureSkipVerify: true
d
ok got it, thanks for sharing
j
@David Espejo (he/him) I have more or less same issue. I have setup the cluster on GCP following https://github.com/unionai-oss/deploy-flyte/blob/main/environments/gcp/flyte-core/README.md . If i do port forwarding, i can access the console, but when i tried with ingress ip or by setting up an host name in /etc/hosts, i am getting 404 like show in the screenshot. Any direction on how we can resolve this is much appreciated
image.png
d
@Jegadesh Thirumeni could you share your local config file? 
$HOME/.flyte/config.yaml
Also the output of 
kubectl describe ingress flyte-core -n flyte
j
i dont see a local config file at all
d
ok, well that's a different issue but it doesn't affect the console
so, does the `host`resolves correctly in your machine to the IP assigned to the Ingress?
j
yes
ping to the host resolves to the ip assigned
Accessing via the ingress ip also has the same issue
d
sorry, and I guess you're appending 
/console
to the hostname, right?
j
yes, thats right
image.png
@David Espejo (he/him) any other suggestions that i can try out ?
d
what's the status of the flyte pods? 
kubectl get po -n flyte
j
seems like all are running..
d
any interesting logs from the nginx controller?
j
thank you. i think the domain name configured before the setup is not in sync with what i had in /etc/hosts which is causing an issue
thanks @David Espejo (he/him)
11 Views
Open in Slack
PreviousNext
Powered by