Summary
The user is facing deployment issues with the flytescheduler
component of the flyte-core helm chart on their Kubernetes cluster, which uses Azure AD for authentication. The deployment fails during the init container step due to a token retrieval error from the flyteadmin service, linked to an HTTP transport connection problem. They provided their Kubernetes configmap configuration and attempted to use the admin.insecure: false
option, encountering a TLS handshake failure. After correcting a misconfiguration in the indentation of the configmap.adminServer.server.security
section, the Pods showed no errors, but the NGINX Ingress controller is not handling redirects properly, resulting in a 502 error during authentication attempts in the Flyte UI and CLI. The user suggested adding specific annotations to the NGINX configuration to resolve this. Additionally, they encountered a new issue when creating workflows from the Flyte console, related to access denial for the sts:AssumeRoleWithWebIdentity
action. They added the AWS IAM role ARN in the annotations section of the Kubernetes service accounts but are unsure what else is needed to resolve the issue, suspecting a problem with the IRSA setup.