flytectl config

Overview

flytectl config manages the flytectl configuration file. The config file tells flytectl where to find FlyteAdmin and how to authenticate.

flytectl config <subcommand> [flags]

Default config file location: ~/.flyte/config.yaml The config file is searched in the following order:

Path from --config flag
FLYTECTL_CONFIG environment variable
~/.flyte/config.yaml
Current working directory
/etc/flyte/config

Subcommands

Subcommand	Description
`config init`	Generate a config file in `~/.flyte/config.yaml`
`config validate`	Validate the currently loaded config
`config discover`	Print the config search paths
`config docs`	Print documentation for all config sections

config init

Generate a starter config file at ~/.flyte/config.yaml.

# Generate config for a local sandbox/demo cluster
flytectl config init

# Generate config for a remote cluster
flytectl config init --host flyte.myexample.com

# Remote cluster with insecure (no TLS) connection
flytectl config init --host flyte.myexample.com --insecure

# Remote cluster with a separate console endpoint
flytectl config init --host flyte.myexample.com --console console.myexample.com

# Overwrite an existing config without confirmation
flytectl config init --host flyte.myexample.com --force

Flags:

Flag	Description
`--host`	FlyteAdmin gRPC endpoint
`--console`	Console endpoint if different from `--host`
`--insecure`	Disable TLS verification
`--force`	Overwrite existing config file without confirmation

config validate

Validate the currently loaded configuration.

flytectl config validate

# Strict mode: fail if any config key does not map to a registered section
flytectl config validate --strict

Flags:

Flag	Description
`--strict`	Fail if any keys in the config file are unrecognized

Config file reference

The config file is a YAML document. The most important top-level sections are admin, storage, logger, and files.

Minimal config

admin:
  endpoint: dns:///localhost:30081
  insecure: true
  authType: Pkce

Full annotated config

admin:
  # gRPC endpoint of FlyteAdmin.
  # Use dns:/// prefix for DNS-based load balancing.
  endpoint: dns:///flyte.myexample.com

  # Set to true only for local development or sandbox deployments.
  insecure: false

  # OAuth2 flow. Options: ClientSecret, Pkce, ExternalCommand
  authType: Pkce

  # Client credentials (used with authType: ClientSecret)
  clientId: flytepropeller
  clientSecretLocation: /etc/secrets/client_secret
  clientSecretEnvVar: ""

  # PKCE settings
  pkceConfig:
    timeout: 2m0s
    refreshTime: 5m0s

  # TLS certificate (optional)
  caCertFilePath: ""

  # Retry and timeout settings
  maxRetries: 4
  perRetryTimeout: 15s
  maxBackoffDelay: 8s

Storage config

Required when using fast registration or when flytectl needs to access object storage directly.

storage:
  # Backend type: s3, minio, local, mem, stow
  type: s3

  # S3 bucket name
  container: my-flyte-bucket

  connection:
    region: us-east-1
    # Auth type: iam (default) or accesskey
    auth-type: iam
    access-key: ""
    secret-key: ""
    endpoint: ""
    disable-ssl: false

  limits:
    maxDownloadMBs: 2

Logger config

logger:
  # Minimum log level (0=panic, 1=fatal, 2=error, 3=warn, 4=info, 5=debug)
  level: 3
  formatter:
    type: json
  show-source: false
  mute: false

Config examples by environment

Local demo
Remote cluster (TLS)
Remote cluster (client credentials)
With S3 storage

Config written automatically by flytectl demo start:

admin:
  endpoint: dns:///localhost:30081
  insecure: true
  authType: Pkce

admin:
  endpoint: dns:///flyte.myexample.com
  insecure: false
  authType: Pkce

admin:
  endpoint: dns:///flyte.myexample.com
  insecure: false
  authType: ClientSecret
  clientId: my-service-account
  clientSecretLocation: /etc/flyte/client_secret

admin:
  endpoint: dns:///flyte.myexample.com
  insecure: false
  authType: Pkce
storage:
  type: s3
  container: my-flyte-bucket
  connection:
    region: us-east-1
    auth-type: iam

Environment variables

Variable	Description
`FLYTECTL_CONFIG`	Override the default config file path

Global admin flags

All flytectl commands inherit these admin connection flags, which correspond to fields in the admin section of the config file:

Flag	Default	Description
`--admin.endpoint`	`""`	FlyteAdmin gRPC endpoint
`--admin.insecure`	`false`	Disable TLS
`--admin.authType`	`ClientSecret`	OAuth2 flow
`--admin.clientId`	`flytepropeller`	OAuth2 client ID
`--admin.clientSecretLocation`	`/etc/secrets/client_secret`	Path to client secret file
`--admin.pkceConfig.timeout`	`2m0s`	PKCE browser session timeout
`--admin.maxRetries`	`4`	gRPC max retries
`--admin.perRetryTimeout`	`15s`	gRPC per-retry timeout
`--admin.caCertFilePath`	`""`	Custom CA certificate file

flytectl

​Overview

​Subcommands

​config init

​config validate

​Config file reference

​Minimal config

​Full annotated config

​Storage config

​Logger config

​Config examples by environment

​Environment variables

​Global admin flags

Build docs developers (and LLMs) love