Documentation Index
Fetch the complete documentation index at: https://mintlify.com/flyteorg/flyte/llms.txt
Use this file to discover all available pages before exploring further.
Overview
flytectl config manages the flytectl configuration file. The config file tells flytectl where to find FlyteAdmin and how to authenticate.
flytectl config <subcommand> [flags]
~/.flyte/config.yaml
The config file is searched in the following order:
- Path from
--config flag
FLYTECTL_CONFIG environment variable~/.flyte/config.yaml- Current working directory
/etc/flyte/config
Subcommands
| Subcommand | Description |
|---|
config init | Generate a config file in ~/.flyte/config.yaml |
config validate | Validate the currently loaded config |
config discover | Print the config search paths |
config docs | Print documentation for all config sections |
config init
Generate a starter config file at ~/.flyte/config.yaml.
# Generate config for a local sandbox/demo cluster
flytectl config init
# Generate config for a remote cluster
flytectl config init --host flyte.myexample.com
# Remote cluster with insecure (no TLS) connection
flytectl config init --host flyte.myexample.com --insecure
# Remote cluster with a separate console endpoint
flytectl config init --host flyte.myexample.com --console console.myexample.com
# Overwrite an existing config without confirmation
flytectl config init --host flyte.myexample.com --force
| Flag | Description |
|---|
--host | FlyteAdmin gRPC endpoint |
--console | Console endpoint if different from --host |
--insecure | Disable TLS verification |
--force | Overwrite existing config file without confirmation |
config validate
Validate the currently loaded configuration.
flytectl config validate
# Strict mode: fail if any config key does not map to a registered section
flytectl config validate --strict
| Flag | Description |
|---|
--strict | Fail if any keys in the config file are unrecognized |
Config file reference
The config file is a YAML document. The most important top-level sections are admin, storage, logger, and files.
Minimal config
admin:
endpoint: dns:///localhost:30081
insecure: true
authType: Pkce
Full annotated config
admin:
# gRPC endpoint of FlyteAdmin.
# Use dns:/// prefix for DNS-based load balancing.
endpoint: dns:///flyte.myexample.com
# Set to true only for local development or sandbox deployments.
insecure: false
# OAuth2 flow. Options: ClientSecret, Pkce, ExternalCommand
authType: Pkce
# Client credentials (used with authType: ClientSecret)
clientId: flytepropeller
clientSecretLocation: /etc/secrets/client_secret
clientSecretEnvVar: ""
# PKCE settings
pkceConfig:
timeout: 2m0s
refreshTime: 5m0s
# TLS certificate (optional)
caCertFilePath: ""
# Retry and timeout settings
maxRetries: 4
perRetryTimeout: 15s
maxBackoffDelay: 8s
Storage config
Required when using fast registration or when flytectl needs to access object storage directly.
storage:
# Backend type: s3, minio, local, mem, stow
type: s3
# S3 bucket name
container: my-flyte-bucket
connection:
region: us-east-1
# Auth type: iam (default) or accesskey
auth-type: iam
access-key: ""
secret-key: ""
endpoint: ""
disable-ssl: false
limits:
maxDownloadMBs: 2
Logger config
logger:
# Minimum log level (0=panic, 1=fatal, 2=error, 3=warn, 4=info, 5=debug)
level: 3
formatter:
type: json
show-source: false
mute: false
Config examples by environment
Config written automatically by flytectl demo start:admin:
endpoint: dns:///localhost:30081
insecure: true
authType: Pkce
admin:
endpoint: dns:///flyte.myexample.com
insecure: false
authType: Pkce
admin:
endpoint: dns:///flyte.myexample.com
insecure: false
authType: ClientSecret
clientId: my-service-account
clientSecretLocation: /etc/flyte/client_secret
admin:
endpoint: dns:///flyte.myexample.com
insecure: false
authType: Pkce
storage:
type: s3
container: my-flyte-bucket
connection:
region: us-east-1
auth-type: iam
Environment variables
| Variable | Description |
|---|
FLYTECTL_CONFIG | Override the default config file path |
Global admin flags
All flytectl commands inherit these admin connection flags, which correspond to fields in the admin section of the config file:
| Flag | Default | Description |
|---|
--admin.endpoint | "" | FlyteAdmin gRPC endpoint |
--admin.insecure | false | Disable TLS |
--admin.authType | ClientSecret | OAuth2 flow |
--admin.clientId | flytepropeller | OAuth2 client ID |
--admin.clientSecretLocation | /etc/secrets/client_secret | Path to client secret file |
--admin.pkceConfig.timeout | 2m0s | PKCE browser session timeout |
--admin.maxRetries | 4 | gRPC max retries |
--admin.perRetryTimeout | 15s | gRPC per-retry timeout |
--admin.caCertFilePath | "" | Custom CA certificate file |
