early-addition-41415
03/27/2025, 8:38 PMaverage-finland-92144
03/27/2025, 9:35 PMadmin:
...
authType: ClientCredentials
clientSecretLocation: /etc/secrets/client_secret
Whoever has the client_secret can get an access token, provided you have completed the config to register flyte as a clientaverage-finland-92144
03/27/2025, 9:36 PMaverage-finland-92144
03/27/2025, 9:36 PMearly-addition-41415
03/27/2025, 9:36 PMearly-addition-41415
03/27/2025, 9:36 PMaverage-finland-92144
03/27/2025, 9:36 PMearly-addition-41415
03/27/2025, 9:36 PMearly-addition-41415
03/27/2025, 9:36 PMearly-addition-41415
03/27/2025, 9:36 PMearly-addition-41415
03/27/2025, 9:37 PMaverage-finland-92144
03/27/2025, 9:38 PMaverage-finland-92144
03/27/2025, 9:38 PMearly-addition-41415
03/27/2025, 9:38 PMearly-addition-41415
03/27/2025, 9:38 PMGoogle IdP
Google IdP does not offer an OAuth2 Authorization Server that could be used to protect external services (For example Flyte). In this case, Google offers a separate Cloud Product called Google Cloud Identity. Configuration for Cloud Identity is not included in this guide. If unavailable, setup can stop here and FlyteAdmin BuiltIn OAuth2 Authorization Server can be used instead.
early-addition-41415
03/27/2025, 9:38 PMaverage-finland-92144
03/27/2025, 9:39 PMaverage-finland-92144
03/27/2025, 9:39 PMearly-addition-41415
03/27/2025, 9:39 PMaverage-finland-92144
03/27/2025, 9:39 PMearly-addition-41415
03/27/2025, 9:40 PM{
"json": {
"src": "handlers.go:91"
},
"level": "error",
"msg": "Failed to retrieve tokens from request, redirecting to login handler. Error: [EMPTY_OAUTH_TOKEN] Failure to retrieve cookie [flyte_idt], caused by: http: named cookie not present",
"ts": "2025-03-27T21:38:23Z"
}
early-addition-41415
03/27/2025, 9:40 PMaverage-finland-92144
03/27/2025, 9:40 PMaverage-finland-92144
03/27/2025, 9:41 PMearly-addition-41415
03/27/2025, 9:43 PM{"json":{"src":"token.go:80"},"level":"debug","msg":"Could not retrieve bearer token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:309"},"level":"info","msg":"Failed to parse Access Token from context. Will attempt to find IDToken. Error: [JWT_VERIFICATION_FAILED] Could not retrieve bearer token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"token.go:100"},"level":"debug","msg":"Could not retrieve id token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:317"},"level":"debug","msg":"Failed to parse ID Token from context. Error: [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2025-03-27T21:37:33Z"}
early-addition-41415
03/27/2025, 9:43 PMearly-addition-41415
03/27/2025, 9:44 PM{"json":{"src":"cookie.go:80","x-request-id":"a-v8f4krwhj4nb54blms7x"},"level":"info","msg":"Could not detect existing cookie [flyte_idt]. Error: http: named cookie not present","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:299"},"level":"debug","msg":"Running authentication gRPC interceptor","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"token.go:80"},"level":"debug","msg":"Could not retrieve bearer token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:309"},"level":"info","msg":"Failed to parse Access Token from context. Will attempt to find IDToken. Error: [JWT_VERIFICATION_FAILED] Could not retrieve bearer token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"token.go:100"},"level":"debug","msg":"Could not retrieve id token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:317"},"level":"debug","msg":"Failed to parse ID Token from context. Error: [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"cookie.go:80","x-request-id":"a-5rfnq8cqd7zm7w47cf5z"},"level":"info","msg":"Could not detect existing cookie [flyte_idt]. Error: http: named cookie not present","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:299"},"level":"debug","msg":"Running authentication gRPC interceptor","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"token.go:80"},"level":"debug","msg":"Could not retrieve bearer token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:309"},"level":"info","msg":"Failed to parse Access Token from context. Will attempt to find IDToken. Error: [JWT_VERIFICATION_FAILED] Could not retrieve bearer token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"token.go:100"},"level":"debug","msg":"Could not retrieve id token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:317"},"level":"debug","msg":"Failed to parse ID Token from context. Error: [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"cookie.go:80"},"level":"info","msg":"Could not detect existing cookie [flyte_idt]. Error: http: named cookie not present","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:91"},"level":"error","msg":"Failed to retrieve tokens from request, redirecting to login handler. Error: [EMPTY_OAUTH_TOKEN] Failure to retrieve cookie [flyte_idt], caused by: http: named cookie not present","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handlers.go:147"},"level":"debug","msg":"Setting CSRF state cookie to 4iram6bmhq and state to a0208ff5a7391cc93f80d981ac0afabeecb34c47f9acd2d41412dff80b632a36\n","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"handler_utils.go:166"},"level":"debug","msg":"not validating whether relative redirect url is authorized","ts":"2025-03-27T21:37:33Z"}
{"json":{"src":"composite_workqueue.go:88"},"level":"debug","msg":"Subqueue handler batch round","ts":"2025-03-27T21:37:34Z"}
{"json":{"src":"composite_workqueue.go:98"},"level":"debug","msg":"Dynamically configured batch size [-1]","ts":"2025-03-27T21:37:34Z"}
{"json":{"src":"composite_workqueue.go:129"},"level":"debug","msg":"Exiting SubQueue handler batch round","ts":"2025-03-27T21:37:34Z"}
{"json":{"src":"cookie.go:80"},"level":"info","msg":"Could not detect existing cookie [flyte_idt]. Error: http: named cookie not present","ts":"2025-03-27T21:37:35Z"}
{"json":{"src":"handlers.go:91"},"level":"error","msg":"Failed to retrieve tokens from request, redirecting to login handler. Error: [EMPTY_OAUTH_TOKEN] Failure to retrieve cookie [flyte_idt], caused by: http: named cookie not present","ts":"2025-03-27T21:37:35Z"}
{"json":{"src":"handlers.go:147"},"level":"debug","msg":"Setting CSRF state cookie to 877sitiuuw and state to 598dcebd4a0075f74be828969e530f6c317909057738abad782319f5f6990b1a\n","ts":"2025-03-27T21:37:35Z"}
{"json":{"src":"handler_utils.go:169"},"level":"debug","msg":"validating whether redirect url: <https://flyte.hyperpod.labs.lumalabs.ai/console/select-project> is authorized","ts":"2025-03-27T21:37:35Z"}
{"json":{"src":"handler_utils.go:173"},"level":"debug","msg":"authorizing redirect url: <https://flyte.hyperpod.labs.lumalabs.ai/console/select-project> against authorized uri: <https://flyte.hyperpod.labs.lumalabs.ai/console/callback>","ts":"2025-03-27T21:37:35Z"}
{"json":{"src":"composite_workqueue.go:88"},"level":"debug","msg":"Subqueue handler batch round","ts":"2025-03-27T21:37:35Z"}
{"json":{"src":"composite_workqueue.go:98"},"level":"debug","msg":"Dynamically configured batch size [-1]","ts":"2025-03-27T21:37:35Z"}
{"json":{"src":"composite_workqueue.go:129"},"level":"debug","msg":"Exiting SubQueue handler batch round","ts":"2025-03-27T21:37:35Z"}
{"json":{"src":"composite_workqueue.go:88"},"level":"debug","msg":"Subqueue handler batch round","ts":"2025-03-27T21:37:36Z"}
{"json":{"src":"composite_workqueue.go:98"},"level":"debug","msg":"Dynamically configured batch size [-1]","ts":"2025-03-27T21:37:36Z"}
{"json":{"src":"composite_workqueue.go:129"},"level":"debug","msg":"Exiting SubQueue handler batch round","ts":"2025-03-27T21:37:36Z"}
{"json":{"src":"composite_workqueue.go:88"},"level":"debug","msg":"Subqueue handler batch round","ts":"2025-03-27T21:37:37Z"}
{"json":{"src":"composite_workqueue.go:98"},"level":"debug","msg":"Dynamically configured batch size [-1]","ts":"2025-03-27T21:37:37Z"}
{"json":{"src":"composite_workqueue.go:129"},"level":"debug","msg":"Exiting SubQueue handler batch round","ts":"2025-03-27T21:37:37Z"}
{"json":{"src":"composite_workqueue.go:88"},"level":"debug","msg":"Subqueue handler batch round","ts":"2025-03-27T21:37:38Z"}
{"json":{"src":"composite_workqueue.go:98"},"level":"debug","msg":"Dynamically configured batch size [-1]","ts":"2025-03-27T21:37:38Z"}
{"json":{"src":"composite_workqueue.go:129"},"level":"debug","msg":"Exiting SubQueue handler batch round","ts":"2025-03-27T21:37:38Z"}
{"json":{"src":"composite_workqueue.go:88"},"level":"debug","msg":"Subqueue handler batch round","ts":"2025-03-27T21:37:39Z"}
{"json":{"src":"composite_workqueue.go:98"},"level":"debug","msg":"Dynamically configured batch size [-1]","ts":"2025-03-27T21:37:39Z"}
{"json":{"src":"composite_workqueue.go:129"},"level":"debug","msg":"Exiting SubQueue handler batch round","ts":"2025-03-27T21:37:39Z"}
{"json":{"src":"execution_stats.go:63"},"level":"debug","msg":"Execution stats: ActiveExecutions: 0 ActiveNodes: 0, ActiveTasks: 0","ts":"2025-03-27T21:37:40Z"}
{"json":{"src":"client.go:171"},"level":"info","msg":"AgentDeployments support the following task types: [task_type_1, task_type_2]","ts":"2025-03-27T21:37:40Z"}
{"json":{"src":"cookie.go:80","x-request-id":"a-fh8tkfmjwv766mf4ctrv"},"level":"info","msg":"Could not detect existing cookie [flyte_idt]. Error: http: named cookie not present","ts":"2025-03-27T21:37:40Z"}
{"json":{"src":"handlers.go:299"},"level":"debug","msg":"Running authentication gRPC interceptor","ts":"2025-03-27T21:37:40Z"}
{"json":{"src":"token.go:80"},"level":"debug","msg":"Could not retrieve bearer token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2025-03-27T21:37:40Z"}
{"json":{"src":"handlers.go:309"},"level":"info","msg":"Failed to parse Access Token from context. Will attempt to find IDToken. Error: [JWT_VERIFICATION_FAILED] Could not retrieve bearer token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2025-03-27T21:37:40Z"}
{"json":{"src":"token.go:100"},"level":"debug","msg":"Could not retrieve id token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2025-03-27T21:37:40Z"}
{"json":{"src":"handlers.go:317"},"level":"debug","msg":"Failed to parse ID Token from context. Error: [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2025-03-27T21:37:40Z"}
early-addition-41415
03/27/2025, 9:44 PMaverage-finland-92144
03/27/2025, 9:47 PM<https://flyte.hyperpod.labs.lumalabs.ai>
, without the subpathsearly-addition-41415
03/27/2025, 9:47 PMearly-addition-41415
03/27/2025, 9:47 PMaverage-finland-92144
03/27/2025, 9:48 PM<https://flyte.hyperpod.labs.lumalabs.ai>
early-addition-41415
03/27/2025, 9:48 PMearly-addition-41415
03/27/2025, 9:48 PMCreate an OAuth2 Client Credential following the official documentation and take note of the client_id and client_secret
In the Authorized redirect URIs field, add <http://localhost:30081/callback> for sandbox deployments, or https://<your-deployment-URL>/callback for other methods of deployment.
early-addition-41415
03/27/2025, 9:48 PMaverage-finland-92144
03/27/2025, 9:49 PMconsole
. It's the ingress host
early-addition-41415
03/27/2025, 9:49 PMearly-addition-41415
03/27/2025, 9:50 PMearly-addition-41415
03/27/2025, 9:52 PMError 400: redirect_uri_mismatch
early-addition-41415
03/27/2025, 9:52 PMaverage-finland-92144
03/27/2025, 9:53 PM<https://flyte.hyperpod.labs.lumalabs.ai>
in Helmearly-addition-41415
03/27/2025, 9:53 PMaverage-finland-92144
03/27/2025, 9:54 PMearly-addition-41415
03/27/2025, 9:55 PMearly-addition-41415
03/27/2025, 9:55 PMearly-addition-41415
03/27/2025, 9:55 PMaverage-finland-92144
03/27/2025, 9:56 PMearly-addition-41415
03/27/2025, 9:57 PMearly-addition-41415
03/27/2025, 9:57 PMearly-addition-41415
03/27/2025, 9:58 PMadmin:
# For GRPC endpoints you might want to use dns:///flyte.myexample.com
endpoint: <http://flyte.hyperpod.labs.lumalabs.ai:443|flyte.hyperpod.labs.lumalabs.ai:443> #Replace with your domain name
authType: Pkce
# authType: ClientCredentials
# clientSecretLocation: /etc/secrets/client_secret
insecure: false
insecureSkipVerify: false
logger:
show-source: true
level: 6
early-addition-41415
03/27/2025, 9:58 PMearly-addition-41415
03/27/2025, 9:58 PMearly-addition-41415
03/27/2025, 9:58 PMearly-addition-41415
03/27/2025, 9:59 PMearly-addition-41415
03/27/2025, 9:59 PMaverage-finland-92144
03/27/2025, 10:24 PMearly-addition-41415
03/27/2025, 10:25 PMaverage-finland-92144
03/27/2025, 10:26 PMaverage-finland-92144
03/27/2025, 10:26 PMearly-addition-41415
03/27/2025, 10:26 PMaverage-finland-92144
03/27/2025, 10:26 PMearly-addition-41415
03/27/2025, 10:28 PM