Hey flyte team im trying to use flyteremote and am...
# flyte-support
n
Hey flyte team im trying to use flyteremote and am running into a SSL error. Peer name is not in peer certification. The documentation doesnt make it exactly clear how to pass in the cert unless I missed something. Is it as simple as passing in the path to the “certificate_chain” option?
2
f
yes, these are grpc options, let me share
cc @thankful-minister-83577 / @high-accountant-32689
b
we have our cert, is it possible to show example snippet of how you would pass it? Documentation was a bit thin in this regard.
f
Yes, we will do
👍 1
l
Is it this? It seems like we are supposed to read in the cert bytes then pass it as an arg to FlyteRemote's `grpc_credentials`: nvm Chirag tried this and it didn't work https://flyte-org.slack.com/archives/CP2HDHKE1/p1675532821853759?thread_ts=1675162165.893489&cid=CP2HDHKE1
t
Copy code
remote_client._client = remote_client.client.with_root_certificate(remote_client.config.platform, "/path/to/cert.cer")
remote_client._client_initialized = True
this will fix that first issue. flytekit doesn’t apply the cert to both place - only when trying to create the channel for auth, not when generally just making calls, which is why it was failing. we should update that but this is the workaround for now. the root cause is that the user is trying to access flyte from a domain different than the one that the cert was generated for, which is why it needs to be passed in. running now into a second issue but suspect it’s unrelated. will report back if not.
1
b
Tried the above and got error
Copy code
_InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.INTERNAL
        details = "Exception serializing request!"
        debug_error_string = "None"
t
that’s the second issue
can you check flyte admin logs?
that is at least a flyte error i think
n
let me verify now
no nothing
t
can we first verify with
flytectl --admin.caCertFilePath /path/to/cert get projects
n
it works, it also works without the cert
flytectl works just fine its just flyteremote
1
f
Hi @nice-zebra-99977, did you find any solution for this error ? I'm in the same boat and can't seem to find a fix
@nice-zebra-99977 i see ! but are you still able to launch remote workflows using
flytectl
? Sorry i'm very new to flyte but i was thinking we can only launch workflows on a cluster using
pyflyte run --remote ...
?
n
I never figured this issue out. I ended up using flytectl.
f
Ah ok ! Thanks @nice-zebra-99977 let me explore flytectl a bit more 🙏
f
@fancy-napkin-28087 are you using self signed certificates
f
@freezing-airport-6809 yep i am - i was following docs to setup flyte on GKE
@freezing-airport-6809 i was going over the SSL certificate part of the documentation again https://docs.flyte.org/en/v1.0.0/deployment/gcp/manual.html#ssl-certificate - I'm assuming there's a missing step to actually kubectl apply the
cert issuer
yaml for the nginx ingress route ?
f
Might be - cc @freezing-boots-56761
f
@freezing-airport-6809 do you recommend using managed certificates to resolve the pyflyte issue ?
f
@fancy-napkin-28087 that version of the doc is old and doesn’t exist anymore.
👀 1
try the “stable” version instead
f
Thanks @freezing-boots-56761! Was looking at some really old docs 😅
👍 1
177 Views