narrow-king-98655
07/02/2024, 12:21 PMflytescheduler
component. This deployment is failing at init container step with follow error:
{"json":{},"level":"warning","msg":"failed to get token: %!w(*url.Error=&{Post <http://flyteadmin:81/oauth2/token> 0xc0002b8280})","ts":"2024-07-02T12:12:04Z"}
Error: rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: failed to get token: Post "<http://flyteadmin:81/oauth2/token>": net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x00\x00\x06\x04\x00\x00\x00\x00\x00\x00\x05\x00\x00@\x00"
Following is the Kubernetes configmap configuration for scheduler deployment
apiVersion: v1
data:
admin.yaml: |
admin:
clientId: 'flytepropeller'
clientSecretLocation: /etc/secrets/client_secret
endpoint: flyteadmin:81
insecure: true
event:
capacity: 1000
rate: 500
type: admin
db.yaml: |
database:
dbname: postgres
host: postgresql
passwordPath: /etc/db/pass.txt
port: 5432
username: postgres
server.yaml: |
scheduler:
metricsScope: 'flyte:'
profilerPort: 10254
kind: ConfigMap
metadata:
name: flyte-scheduler-config
Can someone please help us on this issue ?average-finland-92144
07/02/2024, 1:30 PMadmin.insecure: false
?narrow-king-98655
07/02/2024, 2:38 PMpanic: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"
average-finland-92144
07/03/2024, 12:25 AMnarrow-king-98655
07/04/2024, 9:05 AMapiVersion: v1
data:
cluster_resources.yaml: |
cluster_resources:
customData:
- production:
- projectQuotaCpu:
value: "5"
- projectQuotaMemory:
value: 4000Mi
- defaultIamRole:
value: <AWS_ROLE_SUBSTITUTED_HERE_>
- staging:
- projectQuotaCpu:
value: "2"
- projectQuotaMemory:
value: 3000Mi
- defaultIamRole:
value: <AWS_ROLE_SUBSTITUTED_HERE_>
- development:
- projectQuotaCpu:
value: "4"
- projectQuotaMemory:
value: 3000Mi
- defaultIamRole:
value: <AWS_ROLE_SUBSTITUTED_HERE_>
refreshInterval: 5m
standaloneDeployment: false
templatePath: /etc/flyte/clusterresource/templates
db.yaml: |
database:
dbname: flyteadmin
host: '<AWS_POSTGRES_HOST_SUBSTITUTED_HERE_>'
passwordPath: /etc/db/pass.txt
port: 5432
username: 'dbadmin'
domain.yaml: |
domains:
- id: development
name: development
- id: staging
name: staging
- id: production
name: production
remoteData.yaml: |
remoteData:
region: us-east-1
scheme: local
signedUrls:
durationMinutes: 3
server.yaml: |
auth:
appAuth:
selfAuthServer:
staticClients:
flyte-cli:
grant_types:
- refresh_token
- authorization_code
id: flyte-cli
public: true
redirect_uris:
- <http://localhost:53593/callback>
- <http://localhost:12345/callback>
response_types:
- code
- token
scopes:
- all
- offline
- access_token
flytectl:
grant_types:
- refresh_token
- authorization_code
id: flytectl
public: true
redirect_uris:
- <http://localhost:53593/callback>
- <http://localhost:12345/callback>
response_types:
- code
- token
scopes:
- all
- offline
- access_token
flytepropeller:
client_secret: ''
grant_types:
- refresh_token
- client_credentials
id: flytepropeller
public: false
redirect_uris:
- <http://localhost:3846/callback>
response_types:
- token
scopes:
- all
- offline
- access_token
thirdPartyConfig:
flyteClient:
clientId: flytectl
redirectUri: <http://localhost:53593/callback>
scopes:
- offline
- all
authorizedUris:
- <https://localhost:30081>
- <http://flyteadmin:80>
- <http://flyteadmin:81>
- <http://flyteadmin.flyte.svc.cluster.local:80>
- <http://flyteadmin.flyte.svc.cluster.local:81>
- <https://flyte.in.cloud.uniphoredev.com>
- <https://flyte.in.cloud.uniphoredev.com/console>
userAuth:
openId:
baseUrl: '<https://login.microsoftonline.com/><AZ_TENANT_ID_SUBSTITUTED_HERE_>/v2.0'
clientId: '<AZ_CLIENT_ID_SUBSTITUTED_HERE_>'
scopes:
- profile
- openid
flyteadmin:
eventVersion: 2
metadataStoragePrefix:
- metadata
- admin
metricsScope: 'flyte:'
profilerPort: 10254
roleNameKey: <http://iam.amazonaws.com/role|iam.amazonaws.com/role>
testing:
host: <http://flyteadmin>
server:
grpc:
port: 8089
httpPort: 8088
security:
allowCors: true
allowedHeaders:
- Content-Type
- flyte-authorization
allowedOrigins:
- '*'
secure: false
useAuth: true
storage.yaml: |
storage:
type: s3
container: "uniphore-flyte-dev-in"
connection:
auth-type: iam
region: ap-south-1
enable-multicontainer: false
limits:
maxDownloadMBs: 10
task_resource_defaults.yaml: |
task_resources:
defaults:
cpu: 1000m
memory: 1000Mi
storage: 1000Mi
limits:
cpu: 2
gpu: 1
memory: 1Gi
storage: 2000Mi
kind: ConfigMap
metadata:
name: flyte-admin-base-config
namespace: flyte
narrow-king-98655
07/04/2024, 10:29 AMaverage-finland-92144
07/10/2024, 7:31 PMnarrow-king-98655
07/10/2024, 7:49 PMaverage-finland-92144
07/10/2024, 8:04 PMconfigmap.adminServer.server.security
section is wrong, that section should be under server
and not at the same level. The rest is fine
Completing the steps there leads to no errors on the Pods but the NGINX Ingress controller I'm using doesn't seem to be handling the redirect especially well. The Flyte UI and CLI prompt for authentication but once the redirect is invoked it throws a 502 error. I'm working on itaverage-finland-92144
07/10/2024, 8:25 PMcommon.ingress.annotations
<http://nginx.ingress.kubernetes.io/proxy-buffer-size|nginx.ingress.kubernetes.io/proxy-buffer-size>: "256k"
<http://nginx.ingress.kubernetes.io/proxy-buffers|nginx.ingress.kubernetes.io/proxy-buffers>: "4"
average-finland-92144
07/10/2024, 8:37 PMnarrow-king-98655
07/10/2024, 8:49 PMnarrow-king-98655
07/10/2024, 8:58 PMfailedAttempts:4 message:failed at Node[start-node]. CausedByError: Failed to store workflow inputs (as start node), caused by: Failed to write data [0b] to path [metadata/propeller/flyteexamples-development-a8n7ndp5xgj4qp67b6qq/start-node/data/0/outputs.pb].: PutObject, putting object: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
status code: 403, request id: 9e8a3654-cea5-4536-a10a-0a26c3d46f78 phase:0]
I have also added AWS IAM role ARN in the annotations section in the kubernetes service accounts. Not sure what we are missing here.average-finland-92144
07/10/2024, 9:28 PMnarrow-king-98655
07/12/2024, 6:57 PMnarrow-king-98655
07/12/2024, 7:01 PMCopy code{ "code": 5, "message": "Not Found", "details": [] }
average-finland-92144
07/12/2024, 7:03 PMaverage-finland-92144
07/12/2024, 7:03 PMThe OIDC user authentication is not workindo you have more verbose logs?
narrow-king-98655
07/12/2024, 7:08 PMaverage-finland-92144
07/12/2024, 7:44 PMaverage-finland-92144
07/12/2024, 7:44 PMnarrow-king-98655
07/12/2024, 7:46 PMnarrow-king-98655
07/12/2024, 7:47 PM{
"code": 5,
"message": "Not Found",
"details": []
}
narrow-king-98655
07/12/2024, 7:48 PMflyte-core
with helm version v1.12.0. Is this stable version ? If not, can you suggest some stable version ?average-finland-92144
07/12/2024, 8:01 PMaverage-finland-92144
07/12/2024, 8:01 PMnarrow-king-98655
07/12/2024, 9:20 PMnarrow-king-98655
07/12/2024, 9:21 PMaverage-finland-92144
07/12/2024, 9:31 PMsecurity
at the same level as server
adminServer:
server:
grpc:
port: 8089
httpPort: 8088
security:
allowCors: true
allowedHeaders:
- Content-Type
allowedOrigins:
- '*'
secure: false
useAuth: true
Based on the base values file, it should be under server
like in the above snippetnarrow-king-98655
07/12/2024, 10:23 PMnarrow-king-98655
07/16/2024, 8:44 PMpanic: rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: failed to get token: Post "<http://flyteadmin:81/oauth2/token>": net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x00\x00\x06\x04\x00\x00\x00\x00\x00\x00\x05\x00\x00@\x00"
Initially we haven't seen this error after fixing the indentation in values.yaml file. But later, we started to see this error in the init containers. Can you please let us know what could be the issue here ?average-finland-92144
07/22/2024, 9:32 PMadminserver.security.secure: true
?