Hi community. I already set clusterrole rules for ...
# flyte-supportq
quaint-accountant-26543
07/29/2024, 2:13 AMHi community. I already set clusterrole rules for flyte in values.yaml like:
Copy code
rbac:
create: true
extraRules:
- apiGroups:
- "*"
resources:
- serviceaccounts
verbs:
- create
- get
- list
- patch
- update
- watch
- delete
- apiGroups:
- '*'
resources:
- mutatingwebhookconfigurations
- mutatingwebhookconfigurations/finalizers
- secrets
- pods
- pods/finalizers
- replicasets
- replicasets/finalizers
- deployments
- deployments/finalizers
- finalizers
- rbacdefinitions/finalizers
verbs:
- create
- get
- list
- patch
- update
- watch
- delete Copy code
pods "f53fe3a9ddee948c09cc-n0-0" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>quaint-accountant-26543
07/29/2024, 2:17 AMAnd I’m using flyte-binary in OKD
quaint-accountant-26543
07/29/2024, 2:21 AMI chceked clusterrole and clusterrolebinding and serviceaccount, there are all correct, and my flyte-binary deployments is correct service account
h
high-accountant-32689
07/29/2024, 11:37 AM@quaint-accountant-26543, thanks for your persistence in getting Flyte running on OKD!
A few suggestions, questions:
1. Let's try a bruteforce approach first and backtrack from there. What happens if you set this on all finalizers (i.e.
"*/finalizers"q
quaint-accountant-26543
07/30/2024, 2:29 AM@high-accountant-32689 thank for reply, I add the `"*/finalilzers"`in rbac rules and it work! the error message is different.
this is my values.yaml on OKD
Copy code
configuration:
database:
username: flyte
password: F1yteAdmin
host: postgres.eric-mlops.svc.cluster.local
dbname: flyte
storage:
type: minio
metadataContainer: flyte #This is the default bucket created with Minio. Controlled by the MINIO_DEFAULT_BUCKETS env var in the local-flyte-resources.yaml manifest
userDataContainer: flyte
provider: s3
providerConfig:
s3:
authType: "accesskey"
endpoint: "<http://minio.eric-mlops.svc.cluster.local:9000>"
accessKey: "minio"
secretKey: "miniostorage" #If you need to change this parameters, refer to the local-flyte-resources.yaml manifest and adjust the MINIO_ROOT_PASSWORD env var
disableSSL: "true"
secure: "false"
v2Signing: "true"
# inlineSecretRef: flyte-binary-inline-config-secret
# inline:
# plugins:
# k8s:
# inject-finalizer: true
# default-env-vars:
# - FLYTE_AWS_ENDPOINT: "<http://minio.eric-mlops.svc.cluster.local:9000>"
# - FLYTE_AWS_ACCESS_KEY_ID: "minio"
# - FLYTE_AWS_SECRET_ACCESS_KEY: "miniostorage" #Use the same value as the MINIO_ROOT_PASSWORD
# Learn more: <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-EKS-logs.html>
logging:
level: 1
clusterResourceTemplates:
inline:
#This section automates the creation of the project-domain namespaces
001_namespace.yaml: |
apiVersion: v1
kind: Namespace
metadata:
name: '{{ namespace }}'
# This block performs the automated annotation of KSAs across all project-domain namespaces
002_serviceaccount.yaml: |
apiVersion: v1
kind: ServiceAccount
metadata:
name: flyte-backend-flyte-binary
namespace: '{{ namespace }}'
# annotations:
# <http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: '{{ defaultIamRole }}'
rbac:
create: true
extraRules:
- apiGroups:
- "*"
resources:
- serviceaccounts
verbs:
- create
- get
- list
- patch
- update
- watch
- delete
- apiGroups:
- '*'
resources:
- mutatingwebhookconfigurations
- mutatingwebhookconfigurations/finalizers
- secrets
- pods
- pods/finalizers
- replicasets
- replicasets/finalizers
- deployments
- deployments/finalizers
- finalizers
- rbacdefinitions/finalizers
- "*/finalizers"
verbs:
- '*'
serviceAccount:
create: true
namespace: eric-mlops
service:
type: LoadBalancerhelm install flyte-backend flyteorg/flyte-binary --namespace eric-mlops --values okd-starter.yamlquaint-accountant-26543
07/30/2024, 2:29 AMand the error message turn into
Copy code
[1/1] currentAttempt done. Last Error: USER::
[f93d07616db1c4eaea3f-n0-0] terminated with exit code (1). Reason [Error]. Message:
Traceback (most recent call last):
File "/usr/local/bin/pyflyte-fast-execute", line 5, in <module>
from flytekit.bin.entrypoint import fast_execute_task_cmd
File "/usr/local/lib/python3.10/site-packages/flytekit/__init__.py", line 220, in <module>
from flytekit.core.array_node_map_task import map_task
File "/usr/local/lib/python3.10/site-packages/flytekit/core/array_node_map_task.py", line 13, in <module>
from flytekit.core.base_task import PythonTask, TaskResolverMixin
File "/usr/local/lib/python3.10/site-packages/flytekit/core/base_task.py", line 52, in <module>
from flytekit.core.context_manager import (
File "/usr/local/lib/python3.10/site-packages/flytekit/core/context_manager.py", line 32, in <module>
from flytekit.core.data_persistence import FileAccessProvider, default_local_file_access_provider
File "/usr/local/lib/python3.10/site-packages/flytekit/core/data_persistence.py", line 567, in <module>
data_config=DataConfig.auto(),
File "/usr/local/lib/python3.10/site-packages/flytekit/configuration/__init__.py", line 657, in auto
config_file = get_config_file(config_file)
File "/usr/local/lib/python3.10/site-packages/flytekit/configuration/file.py", line 260, in get_config_file
if current_location_config.exists():
File "/usr/local/lib/python3.10/pathlib.py", line 1290, in exists
self.stat()
File "/usr/local/lib/python3.10/pathlib.py", line 1097, in stat
return self._accessor.stat(self, follow_symlinks=follow_symlinks)
PermissionError: [Errno 13] Permission denied: 'flytekit.config'
.39 Views