https://flyte.org logo
Join Slack
Powered by
<@U06RKAMK0UC> how should my config file look like...
# ask-ai
s
@ancient-wolf-19325 how should my config file look like if I'm using Okta?
j
Reasoning Complete! šŸ¤– šŸ” Searched knowledge base: I'll look up documentation or examples that show how to set up your config file for use with Okta. ā€¢ Searching over 10 data sources from the following: File, Github File, Github Issue, Web ā€¢ Found 60 documents that could be relevant from the following data sources: Github File, Github Issue, Github Pull Request, Web Content. ā€¢ Filtered down to the top 30 most relevant documents. āœļø Generated answer: I've found a clear example and explanation of how your config file should look when using Okta with Flyte, including all the necessary fields and settings.
To configure Flyte with Okta as your OIDC provider, your config file should specify the Okta authorization server's base URL, client ID, and required scopes under the 
userAuth.openId
section. For app authentication, set 
authServerType: External
and provide the Okta base URL and allowed audience under 
appAuth.externalAuthServer
. Example config snippets are available in community discussions and Flyte's Helm values, showing the necessary fields for Okta integration, including 
authorizedUris
, 
clientId
, and 
scopes
such as 
profile
, 
openid
, and 
offline_access
if refresh tokens are needed. Make sure your Okta app registration matches these values and that the audience is set appropriately for Flyte services. See the following example for the relevant sections:
Copy code
auth:
  authorizedUris:
    - https://<your-flyte-domain>
    - <http://flyteadmin:80>
    - <http://flyteadmin.flyte.svc.cluster.local:80>
  appAuth:
    authServerType: External
    externalAuthServer:
      baseUrl: https://<your-okta-domain>/oauth2/<auth-server-id>
      metadataUrl: .well-known/openid-configuration
      allowedAudience: flytepropeller # or flytectl, as needed
    thirdPartyConfig:
      flyteClient:
        clientId: flytectl
        redirectUri: <http://localhost:53593/callback>
        scopes:
          - offline
          - all
  userAuth:
    openId:
      baseUrl: https://<your-okta-domain>/oauth2/<auth-server-id>
      scopes:
        - profile
        - openid
        - offline_access
      clientId: <your-okta-client-id>
For more details and troubleshooting, see the community discussions and config examples in the linked issues. Would you like a step-by-step breakdown or more details on any specific section? Sources: - flyteadmin/auth/config/config.go šŸ‘ 0 button šŸ‘Ž 0 button šŸ’” Hint: Mention @runllm in the thread for followups.
s
I'm referring to my local config file for pyflyte or flytectl @ancient-wolf-19325
j
Reasoning Complete! šŸ¤– šŸ” Searched knowledge base: I'll look up how your local config file for pyflyte or flytectl should be set up to work with Okta authentication. ā€¢ Searching over 10 data sources from the following: File, Github File, Github Issue, Web ā€¢ Found 51 documents that could be relevant from the following data sources: Github File, Github Issue, Github Pull Request, Web Content. ā€¢ Filtered down to the top 30 most relevant documents. āœļø Generated answer: I now have all the details needed to show you exactly how your local config file for pyflyte or flytectl should look when using Okta.
For local use with pyflyte or flytectl and Okta, your config file (typically 
~/.flyte/config.yaml
) should specify the Flyte Admin endpoint, set 
authType: Pkce
, and point to your Okta OIDC server. Example:
Copy code
admin:
  endpoint: dns:///your-flyte-admin-url:8089
  authType: Pkce
  insecure: false
You do not need to specify Okta-specific details in the local config; these are set on the Flyte server side. The client will trigger a browser-based login to Okta when needed. For more, see flytectl/config.yaml. Would you like more detail or a pyflyte-specific example? Sources: - flytectl/config.yaml šŸ‘ 0 button šŸ‘Ž 0 button šŸ’” Hint: Mention @runllm in the thread for followups.
Open in Slack
PreviousNext
Powered by