quaint-byte-23550
10/13/2022, 3:11 PMuserAuth
in config.
2. Flyte CTL uses Device Authentication Flow which should be configured as thirdPartyConfig.flyteClient
3. Flytepropeller and Flyte Scheduler internally use Client Credential flow which are also required to be configured via thirdPartyConfig.flyteClient
My question is that with Auth enabled, how is this possible to have all of above configured simultaneously?
I have 3 clientIds one corresponding to each of above cases. Is it possible for have multiple `flyteClient`s configured using thirdPartyConfig
?victorious-park-53030
10/13/2022, 3:37 PMthankful-minister-83577
thankful-minister-83577
thankful-minister-83577
thankful-minister-83577
quaint-byte-23550
10/13/2022, 6:43 PMnutritious-london-39005
10/14/2022, 2:03 PMconfigmap.adminServer.auth.userAuth.openId.clientId
2. configmap.adminServer.auth.appAuth.thirdPartyConfig.flyteCilent.clientId
3. secrets.adminOauthClientCredentials.clientId
I'm pretty sure propeller and scheduler are using that 3rd key for their clientId and not the thirdPartConfig.flyteClient
one.quaint-byte-23550
10/14/2022, 2:06 PMnutritious-london-39005
10/14/2022, 2:22 PMadmin.yaml
in their config maps here and here which is set from configmap.admin
in the values.yaml. This chunk of config should set the audience, I think
https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/values.yaml#L553-L562
# -- Admin Client configuration [structure](<https://pkg.go.dev/github.com/flyteorg/flytepropeller/pkg/controller/nodes/subworkflow/launchplan#AdminConfig>)
admin:
event:
type: admin
rate: 500
capacity: 1000
admin:
endpoint: flyteadmin:81
insecure: true
clientId: "{{ .Values.secrets.adminOauthClientCredentials.clientId }}"
clientSecretLocation: /etc/secrets/client_secret
quaint-byte-23550
10/14/2022, 2:23 PM