@ancient-wolf-19325, I'm trying to use smtp server for sending email notification on flyte, I set the password as secret and env on k8s, but I keep getting this error

Error authenticating email client: 530 Username or passwd is NULL [@sm050103]

. Any suggestion on where to check or how to debug this ?

The error

530 Username or passwd is NULL

indicates that either the SMTP username or password is not being correctly passed to the Flyte email notification system. This usually means the secret is not being mounted or referenced properly in your Flyte configuration or Kubernetes environment. To debug, ensure the following: - The secret containing the SMTP password is created in the correct Kubernetes namespace (e.g., with kubectl create secret ...). - The Flyte notification config references the secret name and key correctly, e.g.,

smtpPasswordSecretName: <your-secret-name>

. - The secret is mounted as an environment variable or file, and Flyte has access to it. Double-check the spelling and case of the secret name and key. - Review the Flyte config for the emailer section, as shown in the SMTP notification example and SMTP PR setup instructions. Would you like a step-by-step checklist or example YAML for setting up SMTP secrets in Flyte? Sources: - What's new in Flyte 1.13.2: SMTP notification example - Flyte PR: Introduced SMTP notification (setup instructions) 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

yes please @ancient-wolf-19325

Certainly! Here’s a step-by-step checklist and example for setting up SMTP email notifications with secrets in Flyte: 1. Create the SMTP password secret in Kubernetes: Make sure the secret is in the same namespace as your Flyte deployment (e.g., flyte or flyte-binary).

kubectl create secret generic smtp_ses_password --from-literal=smtp_password=<YOUR_SMTP_PASSWORD> -n flyte

Replace

<YOUR_SMTP_PASSWORD>

and

flyte

with your actual password and namespace. 2. Reference the secret in your Flyte notification config: In your Flyte configuration (e.g.,

flyte-single-binary-local.yaml

or Helm values), set up the notifications section like this:

notifications:
  type: sandbox
  emailer:
    emailServerConfig:
      serviceName: smtp
      smtpServer: <your-smtp-server>
      smtpPort: 25
      smtpUsername: <your-smtp-username>
      smtpPasswordSecretName: smtp_ses_password
    subject: "Notice: Execution \"{{ name }}\" has {{ phase }} in \"{{ domain }}\"."
    sender: "<your-sender-email>"
    body: >
      Execution \"{{ name }}\" has {{ phase }} in \"{{ domain }}\". View details at
      <a href=\"http://example.com/projects/{{ project }}/domains/{{ domain }}/executions/{{ name }}\">workflow execution</a>

-

smtpPasswordSecretName

must match the Kubernetes secret name. - The key inside the secret should be

smtp_password

(as created above). 3. Mount the secret as an environment variable or file: Flyte will automatically mount the secret if configured as above. No extra steps are needed if you use the default setup. 4. Restart Flyte pods: After updating the config or secrets, restart the Flyte pods to pick up the changes. 5. Check logs for errors: If you still see authentication errors, describe the pod and check the environment variables or mounted files to ensure the secret is present. References: - Flyte SMTP notification setup example - Flyte PR: Introduced SMTP notification (setup instructions) Let me know if you need a sample Helm values snippet or further troubleshooting steps! Sources: - Flyte PR: Introduced SMTP notification (setup instructions) - Flyte SMTP notification setup example 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

@ancient-wolf-19325 if I exec the pod and do printenv, how will the env look like ?

If you exec into the Flyte pod and run printenv, you should see an environment variable corresponding to your SMTP password secret only if the Flyte deployment is configured to mount the secret as an environment variable. However, in the SMTP notification setup described in the Flyte PR, the secret is typically mounted as a file, not as an environment variable, so you may not see it in printenv by default. Instead, the application reads the password from the mounted file at runtime (Flyte PR: Introduced SMTP notification). If you specifically configure the secret to be injected as an environment variable, you would see something like SMTP_PASSWORD or a custom name you set, but this is not the default behavior for the SMTP notification setup in Flyte. To verify the secret, check the mounted files (e.g., /etc/secrets/smtp_ses_password) inside the pod. Would you like instructions on how to check the mounted secret file inside the pod? Sources: - Flyte PR: Introduced SMTP notification 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

So I need to create a secret named

smtp_ses_password

and the

literal

must be

smtp_password

. And then use the

smtp_ses_password

as

smtpPasswordSecretName

value, and restart the pod. Flyte should automatically creates the file in the

/etc/secrets/smtp_ses_password

. Is that correct @ancient-wolf-19325?

Yes, that is correct. You should create a Kubernetes secret named smtp_ses_password with a key smtp_password, set smtpPasswordSecretName: smtp_ses_password in your Flyte config, and restart the pod. Flyte will automatically mount the secret as a file at /etc/secrets/smtp_ses_password inside the pod (Flyte PR: Introduced SMTP notification). You do not need to manually mount the secret; Flyte's webhook will handle the injection if configured as described. Sources: - Flyte PR: Introduced SMTP notification 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

@ancient-wolf-19325 I don't think you can name a secret using

_

, and for this question "Would you like instructions on how to check the mounted secret file inside the pod?" yes please

You are correct—Kubernetes secret names must follow DNS label standards and cannot contain underscores (

_

). Use dashes (

-

) instead, e.g.,

smtp-ses-password

(Kubernetes docs). The key inside the secret (e.g.,

smtp_password

) can contain underscores. To check the mounted secret file inside the pod: 1. Exec into the pod:

kubectl exec -it <pod-name> -n <namespace> -- /bin/sh

2. List files in `/etc/secrets/`:

ls /etc/secrets/

You should see a file or directory named after your secret, e.g.,

smtp-ses-password

. 3. View the contents (for debugging only, do not print secrets in production):

cat /etc/secrets/smtp-ses-password/smtp_password

Would you like more detail on troubleshooting if the file is missing? Sources: - https://github.com/flyteorg/flyte/issues/3053 - https://github.com/flyteorg/flyte/blob/master/docs/user_guide/productionizing/secrets.md 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

@ancient-wolf-19325 I added the secret with

smtp_password

as the key, made sure that the secret is created properly, but I don't see the

/etc/secrets/smtp-ses-password

, what could be wrong ?

It seems likely that the secret is not being mounted because either the Flyte notification config is not referencing the secret name correctly, or the Flyte deployment is not set up to mount secrets from Kubernetes as files. Double-check that your Flyte config uses smtpPasswordSecretName: smtp-ses-password (matching the secret name, using dashes), and that the Flyte version and deployment support secret mounting for notifications (Flyte PR: Introduced SMTP notification). Also, ensure the secret is in the same namespace as the Flyte pod. If the config is correct and the secret is still not mounted, check if the Flyte webhook is running and properly configured, as it is responsible for injecting secrets into pods (Flyte secrets documentation). You can also describe the pod and look for any events or warnings related to secret mounting. Would you like a checklist for debugging secret injection issues in Flyte? Sources: - Flyte secrets documentation - Flyte PR: Introduced SMTP notification 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.