UPDATE: I was able to get around the above issue using

additionalVolumes

,

additionalVolumeMounts

, and

extraArgs

to add custom ca certificates to /etc/ssl/certs folder and run`update-ca-certificates` . However, I can't see similar config fields for pods created to run workflows/tasks, so now I get 'failed ssl verify' errors from pods executing my workflows. Is there a place in the flyte core helm configuration file where I can specify volume, volume-mounts and extraArgs for pods created by flyte to run tasks/workflows?

We use pod templates in the namespace for the task for this. They get picked up by propeller.

@clean-glass-36808 Are you referring to adding a new key to cluster_resource_manager.templates section in the flyte-core helm configuration file? Something like the below example?

cluster_resource_manager:
    templates:
        - key: ab_project_pod_definition 
          value: |
        apiVersion: v1
        kind: Pod
        metadata:
          namespace: {{ namespace }}
        spec:
          volumes:
            - name: ca-pemstore
              configMap:
                name: ca-pemstore
            - name: minio-ca-pemstore
              mountPath: /etc/ssl/certs/ca-signed-server.pem
              subPath: ca-signed-server.pem
              readOnly: false

We define pod templates in the namespace that the tasks runs in and flyte propeller will automagically read them and merge them into the task pod spec. https://github.com/flyteorg/flyte/blob/64d053476affd3db7e580fe05ce850f1476f6ae3/docs/deployment/configuration/general.rst#create-a-po[…]ate-resource

Ah, I understand now! Thanks for the link, I had no idea there was such a thing as pod-templates natively in kubernetes, I thought you were referring to something inside helm config. I'm not devops and only started helping out with kubernetes recently, so bear with me :)

I also learned about them recently 🙂