Channels
#flyte-deployment
Title
s
Shahwar Saleem
07/06/2022, 7:04 PMMy company has policies for domain names for certificate creation. How can I customize the "Address" generated by Flyte core? Should that go in the ingress configuration?
âś… 1
I am trying to connect to Flyte EKS Deployment and I am getting this error when trying to create a project:
Copy code
root@60d7613e13ff:/workflows# flytectl create project --name flyte-project --id flyte-project --description "example flyte-project description" --labels app=flyte
Error: rpc error: code = Unavailable desc = connection closedk
katrina
07/06/2022, 9:02 PM
cc @Haytham Abuelfutuh @Ketan (kumare3)
k
Katrina P
07/06/2022, 9:06 PMYeah digging into my logs, I also have an issue with the SSL cert; I must be missing some config maybe somewhere...
@Shahwar Saleem on the office hours just now, I jumped in when you were adding logging level to your admin; where did you do that?
k
katrina
07/06/2022, 9:15 PM
hey @Katrina P you can add a logger.yaml block to your config map like so:
Copy code
logger.yaml: |
logger:
show-source: true
level: 6 # Debug🙏 1
k
Katrina P
07/06/2022, 9:15 PMThanks!
h
Haytham Abuelfutuh
07/06/2022, 9:16 PM
@Shahwar Saleem, so this address you referenced (e.g.
<http://k8s-flyte-8699360f2e-1590325550.us-east-2.elb.amazonaws.com|k8s-flyte-8699360f2e-1590325550.us-east-2.elb.amazonaws.com><https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/values.yaml#L343>s
Shahwar Saleem
07/06/2022, 9:22 PMI am using a cert manager but I can try filling that host field with domain name requirements...
@Haytham Abuelfutuh I did try adding that host field.
What is the difference in HOSTS and ADDRESS when we do
kubectl -n ssaleem-flyte get ingressh
Haytham Abuelfutuh
07/06/2022, 9:35 PM
host is what you manually enter which. Address is what the ingress controller generates…
If you delete and recreate the ingress, you will get a different address everytime but the host can remain the same (since it’s a user managed property)…
you are responsible for configuring DNS correctly for that host to point to that address (usually a CNAME)
s
Shahwar Saleem
07/06/2022, 9:38 PMI guessed the same. So I filled out the host field. I am trying
Copy code
flytectl create project --name flyte-project --id flyte-project --description "example flyte-project description" --labels app=flyte Copy code
Error: rpc error: code = Unavailable desc = name resolver error: produced zero addresseskubectl -n ssaleem-flyte get ingress Copy code
<http://flytedev.x.y.z.io|flytedev.x.y.z.io>@Haytham Abuelfutuh After pointing out a
host<http://flytedev.x.y.z.io|flytedev.x.y.z.io>h
Haytham Abuelfutuh
07/06/2022, 10:02 PM
Have you configured the host to point to that load balancer in DNS records?
s
Shahwar Saleem
07/06/2022, 10:04 PMHmm, I am not sure how to do that. Does this have to be configured in my config files?
h
Haytham Abuelfutuh
07/06/2022, 10:06 PM
nope, this is purely a domain config… who owns the flytedev.x.y.z.io domain?
This is an optional step, you totally don’t have to use your own domain hence why these steps are not in the guide…
but I thought that’s what your question is about… you wanted a custom domain for flyte, right?
s
Shahwar Saleem
07/06/2022, 10:08 PMMy company owns this, and certificates are issued only to those domain names. There is a format of domain names that we have to follow.
h
Haytham Abuelfutuh
07/06/2022, 10:17 PM
np… so you will need to have someone who controls DNS records to be able to add a CNAME record for that domain
and the value of the record need to be the load balancer (The ADDRESS field from ingress)
s
Shahwar Saleem
07/06/2022, 10:20 PMI see and after doing that the certificate would be validated for
<http://flytedev.x.y.z.io|flytedev.x.y.z.io>h
Haytham Abuelfutuh
07/06/2022, 10:25 PM
Depending on how you generated the cert, if you have used cert-manager or have manually issued a cert, you will have to update the TLS section: https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/values.yaml#L343-L347 (specifically the
secretNameif you used ALB & AWS Cert Manager, you will just have to add the cert arn annotation on the ingress object
networking/ingress is one of those things that every company does differently, unfortunately… so most of that exercise is not Flyte-specific but rather ingress controller/LB/SSL specific
s
Shahwar Saleem
07/07/2022, 3:36 PMMy problem for the flytectl was solved by changing this line:
Copy code
separateGrpcIngressAnnotations:
<http://alb.ingress.kubernetes.io/backend-protocol-version|alb.ingress.kubernetes.io/backend-protocol-version>: HTTP2 Copy code
separateGrpcIngressAnnotations:
<http://alb.ingress.kubernetes.io/backend-protocol-version|alb.ingress.kubernetes.io/backend-protocol-version>: GRPC Copy code
<http://nginx.ingress.kubernetes.io/app-root|nginx.ingress.kubernetes.io/app-root>: /console
<http://nginx.ingress.kubernetes.io/backend-protocol|nginx.ingress.kubernetes.io/backend-protocol>: GRPCh
Haytham Abuelfutuh
07/11/2022, 7:43 PM
Oh, thank you @Shahwar Saleem! Do you mind upstreaming that change?
Regarding:
``` nginx.ingress.kubernetes.io/app-root: /console
nginx.ingress.kubernetes.io/backend-protocol: GRPC```These are only respected when you deploy nginx… we tried to set the default annotations to work with either so they require less after-deployment changes. CC @Yee @Yuvraj @Brian Connolly
s
Shahwar Saleem
07/13/2022, 4:23 PMHi @Haytham Abuelfutuh, I will do that, shortly.
Opened PR: https://github.com/flyteorg/flyte/pull/2702
❤️ 1
k
Ketan (kumare3)
07/20/2022, 1:54 AM
@Shahwar Saleem thank you
10 Views