F

Flyte enables you to build & deploy data & ML pipelines, hassle-free. The infinitely scalable and flexible workflow orchestration platform that seamlessly unifies data, ML and analytics stacks. Explore and Join the Flyte Community!

Deployment issues with flytescheduler component

Summary

The user is facing deployment issues with the flytescheduler component of the flyte-core helm chart on their Kubernetes cluster, which uses Azure AD for authentication. The deployment fails during the init container step due to a token retrieval error from the flyteadmin service, linked to an HTTP transport connection problem. They provided their Kubernetes configmap configuration and attempted to use the admin.insecure: false option, encountering a TLS handshake failure. After correcting a misconfiguration in the indentation of the configmap.adminServer.server.security section, the Pods showed no errors, but the NGINX Ingress controller is not handling redirects properly, resulting in a 502 error during authentication attempts in the Flyte UI and CLI. The user suggested adding specific annotations to the NGINX configuration to resolve this. Additionally, they encountered a new issue when creating workflows from the Flyte console, related to access denial for the sts:AssumeRoleWithWebIdentity action. They added the AWS IAM role ARN in the annotations section of the Kubernetes service accounts but are unsure what else is needed to resolve the issue, suspecting a problem with the IRSA setup.

Status
resolved
Tags
    Source
    #flyte-deployment