Shahwar Saleem
10/13/2022, 3:11 PMuserAuth
in config.
2. Flyte CTL uses Device Authentication Flow which should be configured as thirdPartyConfig.flyteClient
3. Flytepropeller and Flyte Scheduler internally use Client Credential flow which are also required to be configured via thirdPartyConfig.flyteClient
My question is that with Auth enabled, how is this possible to have all of above configured simultaneously?
I have 3 clientIds one corresponding to each of above cases. Is it possible for have multiple `flyteClient`s configured using thirdPartyConfig
?Shivay Lamba
10/13/2022, 3:37 PMYee
Shahwar Saleem
10/13/2022, 6:43 PMGeoff Salmon
10/14/2022, 2:03 PMconfigmap.adminServer.auth.userAuth.openId.clientId
2. configmap.adminServer.auth.appAuth.thirdPartyConfig.flyteCilent.clientId
3. secrets.adminOauthClientCredentials.clientId
I'm pretty sure propeller and scheduler are using that 3rd key for their clientId and not the thirdPartConfig.flyteClient
one.Shahwar Saleem
10/14/2022, 2:06 PMGeoff Salmon
10/14/2022, 2:22 PMadmin.yaml
in their config maps here and here which is set from configmap.admin
in the values.yaml. This chunk of config should set the audience, I think
https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/values.yaml#L553-L562
# -- Admin Client configuration [structure](<https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/subworkflow/launchplan#AdminConfig>)
admin:
event:
type: admin
rate: 500
capacity: 1000
admin:
endpoint: flyteadmin:81
insecure: true
clientId: "{{ .Values.secrets.adminOauthClientCredentials.clientId }}"
clientSecretLocation: /etc/secrets/client_secret
Shahwar Saleem
10/14/2022, 2:23 PM