https://flyte.org logo
Join Slack
Powered by
After implementing authentication without custom a...
# flyte-support
b
After implementing authentication without custom authorization, using the internal authorization mechanism. The login seems to work but projects and workflows have disappeared. The only error I see in the Flyte logs is 
"Could not detect existing cookie [flyte_rt]. Error: http: named cookie not present"
this is what the ingress protion of the chart looks like
Copy code
ingressClassName = "nginx"

      commonAnnotations = {
        "<http://ingress.kubernetes.io/rewrite-target|ingress.kubernetes.io/rewrite-target>"     = "/"
        "<http://nginx.ingress.kubernetes.io/ssl-redirect|nginx.ingress.kubernetes.io/ssl-redirect>" = "true"
      }
      httpAnnotations = {
        "<http://nginx.ingress.kubernetes.io/proxy-buffer-size|nginx.ingress.kubernetes.io/proxy-buffer-size>" = "10k"
        "<http://nginx.ingress.kubernetes.io/app-root|nginx.ingress.kubernetes.io/app-root>"          = "/console"
      }
      grpcAnnotations = {
        "<http://nginx.ingress.kubernetes.io/backend-protocol|nginx.ingress.kubernetes.io/backend-protocol>" = "GRPC"
      }
Also, is there more in-depth documentation on how the Flyte internal authorization works?
a
@boundless-lifeguard-61788 what IdP are you using?
projects and workflows have disappeared.
This is, from the console or even from the DB?
is there more in-depth documentation on how the Flyte internal authorization wor
This page is intended to do so, and includes mermaid diagrams to explain better, but they are not rendering and fix is still in progress
b
1. Okta 2. The projects exist in the database, they do not appear in the console. 3. There is no document on that page ?
a
1. Could you verify that the redirect_uri you setup in Okta an your Ingress/callback host match? 3. There is but the diagrams are not rendering, and that's like the whole point of that page
b
1. yes I did not set up a redirect_uri in okta as we are not using the custom authorization server
we are using the default okta authorization and did not set up a custom auth server. The plan was to implement authentication and use the internal auth flyte auth
a
for #1 I mean the signing redirect URI that you should configure in Okta, even if using it only for OIDC, as described here: https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#identity-management-layer-oidc
b
I see. Yes I believe so. Lets say our ingress is 
https::<//mycompany.net>
okta : oauth_redirect_uris = 
https::<//mycompany.net/callback>
fqnd in chart: 
https::<//mycompany.net>
a
Right, well, without the double 
:
b
oops yes, only one :
I am able to see the namespaces in k8 and projects in the database, I can authenticate with flytectl. The project still don't show on the web ui. It is blank as if no projects or workflows were created. I do not see the cookie error on a fresh restart, that might not be related to projects not appearing.
a
hey @boundless-lifeguard-61788 for the diagrams, we're pushing the fix today: https://github.com/flyteorg/flyte/pull/5467
🙏 1
oh even the K8s namespaces are gone?
b
it turned out to be not related to the auth
a
Uh, what was it?
b
proxies 😅
🤖 1
21 Views
Open in Slack
PreviousNext
Powered by