Currently, I've got flyte at least mostly deployed...
# flyte-deploymentk
Katrina P
07/06/2022, 6:02 PMCurrently, I've got flyte at least mostly deployed on our k8s cluster, which is a self managed cluster with a traefik ingress provider. our ingress controller provides TLS certs if traffic flows through it for various traffic through our subdomains and have access to use https://cert-manager.io/ in our cluster. I have applied a manifest for the cert manager issuer, but the
flyte-pod-webookFailed to start webhook. Error: open /etc/webhook/certs/tls.crt: no such file or directory.h
Haytham Abuelfutuh
07/06/2022, 9:11 PM
Hey @Katrina P,
Have you installed flyte through the flyte-core helm chart?
This init container should take care of initializing the needed certs: https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/templates/propeller/webhook.yaml#L41-L63
k
Katrina P
07/06/2022, 9:14 PMNo I had to generate the manifests from the helm chart and install those since our k8s cluster admin doesn't support helm installation, but I did apply that manifest with that container
Katrina P
07/06/2022, 9:28 PMThere weren't much logs from the
generate-secrets Copy code
time="2022-07-06T21:17:16Z" level=info msg=------------------------------------------------------------------------
time="2022-07-06T21:17:16Z" level=info msg="App [flytepropeller], Version [unknown], BuildSHA [unknown], BuildTS [2022-07-06 21:17:16.101877907 +0000 UTC m=+0.038773580]"
time="2022-07-06T21:17:16Z" level=info msg=------------------------------------------------------------------------
time="2022-07-06T21:17:16Z" level=info msg="Detected: 2 CPU's\n"h
Haytham Abuelfutuh
07/06/2022, 9:31 PM
kubectl logs -n flyte deploy/flytepropeller-webhook -c generate-secretsk
Katrina P
07/06/2022, 9:31 PMAnd for the webhook:
`
Copy code
time="2022-07-06T21:28:44Z" level=info msg=------------------------------------------------------------------------
time="2022-07-06T21:28:44Z" level=info msg="App [flytepropeller], Version [unknown], BuildSHA [unknown], BuildTS [2022-07-06 21:28:44.093828325 +0000 UTC m=+0.029201245]"
time="2022-07-06T21:28:44Z" level=info msg=------------------------------------------------------------------------
time="2022-07-06T21:28:44Z" level=info msg="Detected: 2 CPU's\n"
{"metrics-prefix":"flyte:","certDir":"/etc/webhook/certs","localCert":false,"listenPort":9443,"serviceName":"flyte-pod-webhook","servicePort":443,"secretName":"flyte-pod-webhook","secretManagerType":"K8s","awsSecretManager":{"sidecarImage":"<http://docker.io/amazon/aws-secrets-manager-secret-sidecar:v0.1.4|docker.io/amazon/aws-secrets-manager-secret-sidecar:v0.1.4>","resources":{"limits":{"cpu":"200m","memory":"500Mi"},"requests":{"cpu":"200m","memory":"500Mi"}}},"vaultSecretManager":{"role":"flyte","kvVersion":"2"}}
{"json":{},"level":"fatal","msg":"Failed to start webhook. Error: open /etc/webhook/certs/tls.crt: no such file or directory","ts":"2022-07-06T21:28:44Z"}s
Shahwar Saleem
07/06/2022, 9:35 PM@Katrina P Generating a certificate from Cloudformation and using its ARN in
values.yamlh
Haytham Abuelfutuh
07/06/2022, 9:36 PM
I think we are talking about different certs, @Shahwar Saleem and @Katrina P
Haytham Abuelfutuh
07/06/2022, 9:37 PM
@Katrina P can you bump the logger level and restart the webhook deployment?
Haytham Abuelfutuh
07/06/2022, 9:37 PM
there should be logs about it issuing certs… etc.
k
Katrina P
07/06/2022, 9:38 PMYeah, I"m doing that now, what's the appropriate log level here? 6?
k
katrina
07/06/2022, 9:53 PM
6 is debug so that should be fine
k
Katrina P
07/06/2022, 9:59 PM Copy code
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [storage] updated. No update handler registered.","ts":"2022-07-06T21:54:08Z"}
{"json":{"src":"init_cert.go:50"},"level":"info","msg":"Issuing certs","ts":"2022-07-06T21:54:08Z"}
{"json":{"src":"init_cert.go:61"},"level":"info","msg":"Creating secret [flyte-pod-webhook] in Namespace [flyte]","ts":"2022-07-06T21:54:11Z"}
{"json":{"src":"init_cert.go:115"},"level":"info","msg":"A secret already exists with the same name. Validating.","ts":"2022-07-06T21:54:11Z"}Katrina P
07/06/2022, 9:59 PMHmmm a conflicting secret 🤔
h
Haytham Abuelfutuh
07/06/2022, 9:59 PM
hmm not necessarily
Haytham Abuelfutuh
07/06/2022, 10:00 PM
if no logs after that then it thinks everything is good..
k
Katrina P
07/06/2022, 10:00 PMThe webhook:
Copy code
time="2022-07-06T21:57:08Z" level=info msg=------------------------------------------------------------------------
time="2022-07-06T21:57:08Z" level=info msg="App [flytepropeller], Version [unknown], BuildSHA [unknown], BuildTS [2022-07-06 21:57:08.170414367 +0000 UTC m=+0.033019880]"
time="2022-07-06T21:57:08Z" level=info msg=------------------------------------------------------------------------
time="2022-07-06T21:57:08Z" level=info msg="Detected: 2 CPU's\n"
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.aws] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.aws.batch] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.sagemaker] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.bigquery] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.snowflake] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.catalogcache] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.k8s] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.logs] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.k8s-array] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.qubole] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.spark] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [plugins.athena] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [secrets] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:400"},"level":"debug","msg":"Config section [admin] updated. Firing updated event.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [event] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [catalog-cache] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [storage] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [propeller] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [propeller.admin-launcher] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [propeller.resourcemanager] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [propeller.workflowstore] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"viper.go:398"},"level":"debug","msg":"Config section [webhook] updated. No update handler registered.","ts":"2022-07-06T21:57:08Z"}
{"metrics-prefix":"flyte:","certDir":"/etc/webhook/certs","localCert":false,"listenPort":9443,"serviceName":"flyte-pod-webhook","servicePort":443,"secretName":"flyte-pod-webhook","secretManagerType":"K8s","awsSecretManager":{"sidecarImage":"<http://docker.io/amazon/aws-secrets-manager-secret-sidecar:v0.1.4|docker.io/amazon/aws-secrets-manager-secret-sidecar:v0.1.4>","resources":{"limits":{"cpu":"200m","memory":"500Mi"},"requests":{"cpu":"200m","memory":"500Mi"}}},"vaultSecretManager":{"role":"flyte","kvVersion":"2"}}
{"json":{"src":"server.go:96"},"level":"info","msg":"Starting profiling server on port [10254]","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"entrypoint.go:88"},"level":"info","msg":"Creating MutatingWebhookConfiguration [flyte/flyte-pod-webhook]","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"entrypoint.go:93"},"level":"info","msg":"Failed to create MutatingWebhookConfiguration. Will attempt to update. Error: <http://mutatingwebhookconfigurations.admissionregistration.k8s.io|mutatingwebhookconfigurations.admissionregistration.k8s.io> \"flyte-pod-webhook\" already exists","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"entrypoint.go:103"},"level":"info","msg":"Successfully updated existing mutating webhook config.","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"pod.go:143"},"level":"info","msg":"Registering path [/mutate--v1-pod]","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"entrypoint.go:55"},"level":"info","msg":"Starting controller-runtime manager","ts":"2022-07-06T21:57:08Z"}
{"json":{"src":"webhook.go:119"},"level":"fatal","msg":"Failed to start webhook. Error: open /etc/webhook/certs/tls.crt: no such file or directory","ts":"2022-07-06T21:57:08Z"}h
Haytham Abuelfutuh
07/06/2022, 10:01 PM
Can you validate the secret?
Copy code
kubectl get secret -n flyte flyte-propeller-webhook -o yamlHaytham Abuelfutuh
07/06/2022, 10:01 PM
does it have
tls.crtHaytham Abuelfutuh
07/06/2022, 10:01 PM
do you also mind posting the manifest of the deployment?
Copy code
kubectl get deploy -n flyte flyte-propeller-webhook -o yamlk
Katrina P
07/06/2022, 10:02 PMdamn I don't have kubectl access to our cluster (we have a delivery platform between me and the cluster) -- I'll have to get our infra team to help tomorrow to run those
h
Haytham Abuelfutuh
07/06/2022, 10:03 PM
aha… np, what do you have access to?
Haytham Abuelfutuh
07/06/2022, 10:03 PM
can you get me the manifest you applied?
k
Katrina P
07/06/2022, 10:03 PMyup one sec
Katrina P
07/06/2022, 10:03 PM Copy code
# Source: flyte-core/templates/propeller/webhook.yaml
# Create the actual deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: flyte-pod-webhook
namespace: flyte
labels:
app: flyte-pod-webhook
spec:
selector:
matchLabels:
app: flyte-pod-webhook
template:
metadata:
labels:
app: flyte-pod-webhook
<http://app.kubernetes.io/name|app.kubernetes.io/name>: flyte-pod-webhook
<http://app.kubernetes.io/version|app.kubernetes.io/version>: v1.0.0
annotations:
configChecksum: "94a14941954f8d44256768b8600c65108c984e8ea369ed3f61b79ffbbebfc6b"
spec:
securityContext:
fsGroup: 65534
runAsUser: 1001
fsGroupChangePolicy: "Always"
serviceAccountName: flyte-pod-webhook
initContainers:
- name: generate-secrets
image: "<http://cr.flyte.org/flyteorg/flytepropeller:v1.0.0|cr.flyte.org/flyteorg/flytepropeller:v1.0.0>"
imagePullPolicy: "IfNotPresent"
command:
- flytepropeller
args:
- webhook
- init-certs
- --config
- /etc/flyte/config/*.yaml
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: config-volume
mountPath: /etc/flyte/config
containers:
- name: webhook
image: "<http://cr.flyte.org/flyteorg/flytepropeller:v1.0.0|cr.flyte.org/flyteorg/flytepropeller:v1.0.0>"
imagePullPolicy: "IfNotPresent"
command:
- flytepropeller
args:
- webhook
- --config
- /etc/flyte/config/*.yaml
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: config-volume
mountPath: /etc/flyte/config
readOnly: true
- name: webhook-certs
mountPath: /etc/webhook/certs
readOnly: true
volumes:
- name: config-volume
configMap:
name: flyte-propeller-config
- name: webhook-certs
secret:
secretName: flyte-pod-webhook
nodeSelector:
role: flyteh
Haytham Abuelfutuh
07/06/2022, 10:05 PM
Ah, I think you are hitting this: https://github.com/flyteorg/flytepropeller/pull/427
Can you upgrade to the latest flyte release? v1.1.0 ?
s
Shahwar Saleem
07/06/2022, 10:06 PMThis will help with upgrade: https://flyte-org.slack.com/archives/CNMKCU6FR/p1657130544802709?thread_ts=1657129600.741659&cid=CNMKCU6FR
k
Katrina P
07/06/2022, 10:06 PMAhh okay, sure thing, it'll take some time for the redeployment and for the pods to come up but I'll check back here if there's still any issues. Thanks so much for your help thus far!
đź‘Ť 1
Katrina P
07/07/2022, 3:54 PMGood mornin! I upgraded to 1.1.0 but I'm getting the same logs, unfortunately. I'm going to double check my configs
Katrina P
07/07/2022, 3:56 PM Copy code
apiVersion: v1
kind: Pod
metadata:
annotations:
<http://artifact.spinnaker.io/location|artifact.spinnaker.io/location>: flyte
<http://artifact.spinnaker.io/name|artifact.spinnaker.io/name>: flyte-pod-webhook
<http://artifact.spinnaker.io/type|artifact.spinnaker.io/type>: kubernetes/deployment
<http://artifact.spinnaker.io/version|artifact.spinnaker.io/version>: ''
<http://cni.projectcalico.org/containerID|cni.projectcalico.org/containerID>: d7dd05a9a4e3e73642e66acc045a8e92c9a2ea631c09a1ece4593d49ea152ab8
configChecksum: 94a14941954f8d44256768b8600c65108c984e8ea369ed3f61b79ffbbebfc6b
<http://moniker.spinnaker.io/application|moniker.spinnaker.io/application>: flyte
<http://moniker.spinnaker.io/cluster|moniker.spinnaker.io/cluster>: deployment flyte-pod-webhook
creationTimestamp: '2022-07-06T22:51:06Z'
generateName: flyte-pod-webhook-dcbfbdf9-
labels:
app: flyte-pod-webhook
<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: spinnaker
<http://app.kubernetes.io/name|app.kubernetes.io/name>: flyte-pod-webhook
<http://app.kubernetes.io/version|app.kubernetes.io/version>: v1.1.0
pod-template-hash: dcbfbdf9
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
'f:<http://cni.projectcalico.org/containerID|cni.projectcalico.org/containerID>': {}
'f:<http://cni.projectcalico.org/podIP|cni.projectcalico.org/podIP>': {}
'f:<http://cni.projectcalico.org/podIPs|cni.projectcalico.org/podIPs>': {}
manager: calico
operation: Update
subresource: status
time: '2022-07-06T22:51:06Z'
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
.: {}
'f:<http://artifact.spinnaker.io/location|artifact.spinnaker.io/location>': {}
'f:<http://artifact.spinnaker.io/name|artifact.spinnaker.io/name>': {}
'f:<http://artifact.spinnaker.io/type|artifact.spinnaker.io/type>': {}
'f:<http://artifact.spinnaker.io/version|artifact.spinnaker.io/version>': {}
'f:configChecksum': {}
'f:<http://moniker.spinnaker.io/application|moniker.spinnaker.io/application>': {}
'f:<http://moniker.spinnaker.io/cluster|moniker.spinnaker.io/cluster>': {}
'f:generateName': {}
'f:labels':
.: {}
'f:app': {}
'f:<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>': {}
'f:<http://app.kubernetes.io/name|app.kubernetes.io/name>': {}
'f:<http://app.kubernetes.io/version|app.kubernetes.io/version>': {}
'f:pod-template-hash': {}
'f:ownerReferences':
.: {}
'k:{"uid":"1098743a-7e43-449b-8d8e-5e02595325a7"}': {}
'f:spec':
'f:containers':
'k:{"name":"webhook"}':
.: {}
'f:args': {}
'f:command': {}
'f:env':
.: {}
'k:{"name":"POD_NAME"}':
.: {}
'f:name': {}
'f:valueFrom':
.: {}
'f:fieldRef': {}
'k:{"name":"POD_NAMESPACE"}':
.: {}
'f:name': {}
'f:valueFrom':
.: {}
'f:fieldRef': {}
'f:image': {}
'f:imagePullPolicy': {}
'f:name': {}
'f:resources': {}
'f:terminationMessagePath': {}
'f:terminationMessagePolicy': {}
'f:volumeMounts':
.: {}
'k:{"mountPath":"/etc/flyte/config"}':
.: {}
'f:mountPath': {}
'f:name': {}
'f:readOnly': {}
'k:{"mountPath":"/etc/webhook/certs"}':
.: {}
'f:mountPath': {}
'f:name': {}
'f:readOnly': {}
'f:dnsPolicy': {}
'f:enableServiceLinks': {}
'f:initContainers':
.: {}
'k:{"name":"generate-secrets"}':
.: {}
'f:args': {}
'f:command': {}
'f:env':
.: {}
'k:{"name":"POD_NAME"}':
.: {}
'f:name': {}
'f:valueFrom':
.: {}
'f:fieldRef': {}
'k:{"name":"POD_NAMESPACE"}':
.: {}
'f:name': {}
'f:valueFrom':
.: {}
'f:fieldRef': {}
'f:image': {}
'f:imagePullPolicy': {}
'f:name': {}
'f:resources': {}
'f:terminationMessagePath': {}
'f:terminationMessagePolicy': {}
'f:volumeMounts':
.: {}
'k:{"mountPath":"/etc/flyte/config"}':
.: {}
'f:mountPath': {}
'f:name': {}
'f:nodeSelector': {}
'f:restartPolicy': {}
'f:schedulerName': {}
'f:securityContext':
.: {}
'f:fsGroup': {}
'f:fsGroupChangePolicy': {}
'f:runAsUser': {}
'f:serviceAccount': {}
'f:serviceAccountName': {}
'f:terminationGracePeriodSeconds': {}
'f:volumes':
.: {}
'k:{"name":"config-volume"}':
.: {}
'f:configMap':
.: {}
'f:defaultMode': {}
'f:name': {}
'f:name': {}
'k:{"name":"webhook-certs"}':
.: {}
'f:name': {}
'f:secret':
.: {}
'f:defaultMode': {}
'f:secretName': {}
manager: kube-controller-manager
operation: Update
time: '2022-07-06T22:51:06Z'
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
'f:status':
'f:conditions':
'k:{"type":"ContainersReady"}':
.: {}
'f:lastProbeTime': {}
'f:lastTransitionTime': {}
'f:message': {}
'f:reason': {}
'f:status': {}
'f:type': {}
'k:{"type":"Initialized"}':
.: {}
'f:lastProbeTime': {}
'f:lastTransitionTime': {}
'f:status': {}
'f:type': {}
'k:{"type":"Ready"}':
.: {}
'f:lastProbeTime': {}
'f:lastTransitionTime': {}
'f:message': {}
'f:reason': {}
'f:status': {}
'f:type': {}
'f:containerStatuses': {}
'f:hostIP': {}
'f:initContainerStatuses': {}
'f:phase': {}
'f:podIP': {}
'f:podIPs':
.: {}
'k:{"ip":"192.168.243.225"}':
.: {}
'f:ip': {}
'f:startTime': {}
manager: kubelet
operation: Update
subresource: status
time: '2022-07-07T15:57:08Z'
name: flyte-pod-webhook-dcbfbdf9-p5j6g
namespace: flyte
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: flyte-pod-webhook-dcbfbdf9
uid: 1098743a-7e43-449b-8d8e-5e02595325a7
resourceVersion: '210870974'
uid: abbad89c-13ef-410c-be39-bafb3a9db183
spec:
containers:
- args:
- webhook
- '--config'
- /etc/flyte/config/*.yaml
command:
- flytepropeller
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: '<http://cr.flyte.org/flyteorg/flytepropeller:v1.1.0|cr.flyte.org/flyteorg/flytepropeller:v1.1.0>'
imagePullPolicy: IfNotPresent
name: webhook
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/flyte/config
name: config-volume
readOnly: true
- mountPath: /etc/webhook/certs
name: webhook-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-454tj
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- args:
- webhook
- init-certs
- '--config'
- /etc/flyte/config/*.yaml
command:
- flytepropeller
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: '<http://cr.flyte.org/flyteorg/flytepropeller:v1.1.0|cr.flyte.org/flyteorg/flytepropeller:v1.1.0>'
imagePullPolicy: IfNotPresent
name: generate-secrets
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/flyte/config
name: config-volume
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-454tj
readOnly: true
nodeName: ip-10-1-2-146.us-east-2.compute.internal
nodeSelector:
role: flyte
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 65534
fsGroupChangePolicy: Always
runAsUser: 1001
serviceAccount: flyte-pod-webhook
serviceAccountName: flyte-pod-webhook
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: <http://node.kubernetes.io/not-ready|node.kubernetes.io/not-ready>
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: <http://node.kubernetes.io/unreachable|node.kubernetes.io/unreachable>
operator: Exists
tolerationSeconds: 300
volumes:
- configMap:
defaultMode: 420
name: flyte-propeller-config-v001
name: config-volume
- name: webhook-certs
secret:
defaultMode: 420
secretName: flyte-pod-webhook-v000
- name: kube-api-access-454tj
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespacek
Ketan (kumare3)
07/09/2022, 12:50 AM
Hmm
Ketan (kumare3)
07/09/2022, 12:50 AM
@Katrina P did you get it deployed
k
Katrina P
07/11/2022, 2:58 PMI did, working through some last ingress / communication bugs but hopefully this is the home stretch
đź‘Ť 1
k
Ketan (kumare3)
07/11/2022, 3:21 PM
I am rooting for you - go!!!
166 Views