https://flyte.org logo
#flyte-deployment
Title
# flyte-deployment
s

Shahwar Saleem

07/06/2022, 7:04 PM
My company has policies for domain names for certificate creation. How can I customize the "Address" generated by Flyte core? Should that go in the ingress configuration?
âś… 1
I am trying to connect to Flyte EKS Deployment and I am getting this error when trying to create a project:
Copy code
root@60d7613e13ff:/workflows# flytectl create project --name flyte-project --id flyte-project --description "example flyte-project description" --labels app=flyte
Error: rpc error: code = Unavailable desc = connection closed
My flyte/config.yaml points to latest endpoint for my deployment.
k

katrina

07/06/2022, 9:02 PM
cc @Haytham Abuelfutuh @Ketan (kumare3)
k

Katrina P

07/06/2022, 9:06 PM
Yeah digging into my logs, I also have an issue with the SSL cert; I must be missing some config maybe somewhere...
@Shahwar Saleem on the office hours just now, I jumped in when you were adding logging level to your admin; where did you do that?
k

katrina

07/06/2022, 9:15 PM
hey @Katrina P you can add a logger.yaml block to your config map like so:
Copy code
logger.yaml: |
    logger:
      show-source: true
      level: 6  # Debug
🙏 1
k

Katrina P

07/06/2022, 9:15 PM
Thanks!
h

Haytham Abuelfutuh

07/06/2022, 9:16 PM
@Shahwar Saleem, so this address you referenced (e.g.
<http://k8s-flyte-8699360f2e-1590325550.us-east-2.elb.amazonaws.com|k8s-flyte-8699360f2e-1590325550.us-east-2.elb.amazonaws.com>
) is generated by the ingress controller (which ingress controller are you using)? If you want to use your own SSL certs, you need to fill in this host field
<https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/values.yaml#L343>
and setup SSL issuance to properly do that (if you use cert-manager operator, it should happen automatically)…
s

Shahwar Saleem

07/06/2022, 9:22 PM
I am using a cert manager but I can try filling that host field with domain name requirements...
@Haytham Abuelfutuh I did try adding that host field. What is the difference in HOSTS and ADDRESS when we do
kubectl -n ssaleem-flyte get ingress
?
h

Haytham Abuelfutuh

07/06/2022, 9:35 PM
host is what you manually enter which. Address is what the ingress controller generates… If you delete and recreate the ingress, you will get a different address everytime but the host can remain the same (since it’s a user managed property)…
you are responsible for configuring DNS correctly for that host to point to that address (usually a CNAME)
s

Shahwar Saleem

07/06/2022, 9:38 PM
I guessed the same. So I filled out the host field. I am trying
Copy code
flytectl create project --name flyte-project --id flyte-project --description "example flyte-project description" --labels app=flyte
And getting :
Copy code
Error: rpc error: code = Unavailable desc = name resolver error: produced zero addresses
My hosts in
kubectl -n ssaleem-flyte get ingress
command are:
Copy code
<http://flytedev.x.y.z.io|flytedev.x.y.z.io>
@Haytham Abuelfutuh After pointing out a
host
value according to what my certificate allows: I am now not even able to access console on the supposed host value. say
<http://flytedev.x.y.z.io|flytedev.x.y.z.io>
h

Haytham Abuelfutuh

07/06/2022, 10:02 PM
Have you configured the host to point to that load balancer in DNS records?
s

Shahwar Saleem

07/06/2022, 10:04 PM
Hmm, I am not sure how to do that. Does this have to be configured in my config files?
h

Haytham Abuelfutuh

07/06/2022, 10:06 PM
nope, this is purely a domain config… who owns the flytedev.x.y.z.io domain? This is an optional step, you totally don’t have to use your own domain hence why these steps are not in the guide…
but I thought that’s what your question is about… you wanted a custom domain for flyte, right?
s

Shahwar Saleem

07/06/2022, 10:08 PM
My company owns this, and certificates are issued only to those domain names. There is a format of domain names that we have to follow.
h

Haytham Abuelfutuh

07/06/2022, 10:17 PM
np… so you will need to have someone who controls DNS records to be able to add a CNAME record for that domain
and the value of the record need to be the load balancer (The ADDRESS field from ingress)
s

Shahwar Saleem

07/06/2022, 10:20 PM
I see and after doing that the certificate would be validated for
<http://flytedev.x.y.z.io|flytedev.x.y.z.io>
?
h

Haytham Abuelfutuh

07/06/2022, 10:25 PM
Depending on how you generated the cert, if you have used cert-manager or have manually issued a cert, you will have to update the TLS section: https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/values.yaml#L343-L347 (specifically the
secretName
)
if you used ALB & AWS Cert Manager, you will just have to add the cert arn annotation on the ingress object
networking/ingress is one of those things that every company does differently, unfortunately… so most of that exercise is not Flyte-specific but rather ingress controller/LB/SSL specific
s

Shahwar Saleem

07/07/2022, 3:36 PM
My problem for the flytectl was solved by changing this line:
Copy code
separateGrpcIngressAnnotations:
      <http://alb.ingress.kubernetes.io/backend-protocol-version|alb.ingress.kubernetes.io/backend-protocol-version>: HTTP2
To:
Copy code
separateGrpcIngressAnnotations:
      <http://alb.ingress.kubernetes.io/backend-protocol-version|alb.ingress.kubernetes.io/backend-protocol-version>: GRPC
These annotations do nothing and can be removed:
Copy code
<http://nginx.ingress.kubernetes.io/app-root|nginx.ingress.kubernetes.io/app-root>: /console
    <http://nginx.ingress.kubernetes.io/backend-protocol|nginx.ingress.kubernetes.io/backend-protocol>: GRPC
h

Haytham Abuelfutuh

07/11/2022, 7:43 PM
Oh, thank you @Shahwar Saleem! Do you mind upstreaming that change? Regarding:
``` nginx.ingress.kubernetes.io/app-root: /console
nginx.ingress.kubernetes.io/backend-protocol: GRPC```
These are only respected when you deploy nginx… we tried to set the default annotations to work with either so they require less after-deployment changes. CC @Yee @Yuvraj @Brian Connolly
s

Shahwar Saleem

07/13/2022, 4:23 PM
Hi @Haytham Abuelfutuh, I will do that, shortly.
k

Ketan (kumare3)

07/20/2022, 1:54 AM
@Shahwar Saleem thank you
34 Views