https://flyte.org logo
#ask-the-community
Title
# ask-the-community
p

peeyush jain

03/11/2024, 3:21 PM
Hi All, i am trying to deploy flyte in single cluster deployment. In our env, we create ALB outside of EKS. The env mandates ssl needs to be terminated at pod. If i add config map with certificate and keys. Can i use ssl options in ServerSecurityConfig to run flyte binary pods with ssl? has anyone tried it?
y

Yee

03/11/2024, 9:53 PM
you should be able to. we typically don’t do that but the code is in place. the one thing to note is that if you’re doing termination in flyte itself, the grpc port and the http port are shared
only in the case when you’re serving insecure are the http and grpc ports different
p

peeyush jain

03/12/2024, 10:43 PM
@Yee. Thanks I tried giving configuration as below. I am using 1.10.1 version configuration: server: security: ssl: certificateFile: “/ssl/cert.pem” keyFile: “/ssl/key.pem” It didn’t work. I still see http and gprc services running on port 8088 and 8089 respectively. Should I expect only one service ? Can you share an example how I can confifuge Flyte pods to use certificate?
p

peeyush jain

03/13/2024, 8:08 PM
@Yee yes i tried. I looked at the code for flyte-admin. I used below admin: {{- if .Values.configuration.auth.enabled }} clientId: {{ .Values.configuration.auth.internal.clientId }} {{- if .Values.configuration.auth.internal.audience }} audience: {{ .Values.configuration.auth.internal.audience }} {{- end }} {{- end }} endpoint: localhost:8089 insecure: true server: security: secure: true ssl: certificateFile: “/ssl/cert.pem” keyFile: “/ssl/key.pem” With above pod fails to come up with error “failed to get future value for catchup due to async future was cancelled”. If I remove “secure: true” then pod comes up but services are running on port 8088 and 8089 with no ssl conf.
y

Yee

03/13/2024, 8:09 PM
is there an error you can share?
cc @David Espejo (he/him) who’s probably tried to set up ssl more recently than me.
p

peeyush jain

03/13/2024, 8:16 PM
below is the error message. I am using flyte binary v1.10.1 {“json”{“src””scheduler_executor.go”:87}, “level”:”error”, “msg”:”failed to get future value for catchup due to async future was cancelled”, “ts””2024 03 13T1924:36Z”} {“json”{“src””scheduler_executor.go”:88}, “level”:”info”, “msg”:”Flyte native scheduler shutdown”, “ts””2024 03 13T1924:36Z”}
y

Yee

03/13/2024, 8:28 PM
can you change the admin block to insecure: false?
p

peeyush jain

03/13/2024, 8:30 PM
tried again. failed with same error