https://flyte.org logo
#ask-the-community
Title
# ask-the-community
l

Louis DiNatale

04/06/2023, 7:59 PM
Hey flyte team im trying to use flyteremote and am running into a SSL error. Peer name is not in peer certification. The documentation doesnt make it exactly clear how to pass in the cert unless I missed something. Is it as simple as passing in the path to the “certificate_chain” option?
k

Ketan (kumare3)

04/06/2023, 11:29 PM
yes, these are grpc options, let me share
cc @Yee / @Eduardo Apolinario (eapolinario)
c

Chirag Gosalia

04/07/2023, 1:00 PM
we have our cert, is it possible to show example snippet of how you would pass it? Documentation was a bit thin in this regard.
k

Ketan (kumare3)

04/07/2023, 1:10 PM
Yes, we will do
s

Stephanie Marker

04/07/2023, 1:44 PM
Is it this? It seems like we are supposed to read in the cert bytes then pass it as an arg to FlyteRemote's `grpc_credentials`: nvm Chirag tried this and it didn't work https://flyte-org.slack.com/archives/CP2HDHKE1/p1675532821853759?thread_ts=1675162165.893489&cid=CP2HDHKE1
y

Yee

04/07/2023, 6:45 PM
Copy code
remote_client._client = remote_client.client.with_root_certificate(remote_client.config.platform, "/path/to/cert.cer")
remote_client._client_initialized = True
this will fix that first issue. flytekit doesn’t apply the cert to both place - only when trying to create the channel for auth, not when generally just making calls, which is why it was failing. we should update that but this is the workaround for now. the root cause is that the user is trying to access flyte from a domain different than the one that the cert was generated for, which is why it needs to be passed in. running now into a second issue but suspect it’s unrelated. will report back if not.
c

Chirag Gosalia

04/07/2023, 6:53 PM
Tried the above and got error
Copy code
_InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.INTERNAL
        details = "Exception serializing request!"
        debug_error_string = "None"
y

Yee

04/07/2023, 7:08 PM
that’s the second issue
can you check flyte admin logs?
that is at least a flyte error i think
l

Louis DiNatale

04/07/2023, 7:09 PM
let me verify now
no nothing
y

Yee

04/07/2023, 7:24 PM
can we first verify with
flytectl --admin.caCertFilePath /path/to/cert get projects
l

Louis DiNatale

04/07/2023, 7:37 PM
it works, it also works without the cert
flytectl works just fine its just flyteremote
f

Faisal Anees

06/04/2023, 2:03 PM
Hi @Louis DiNatale, did you find any solution for this error ? I'm in the same boat and can't seem to find a fix
@Louis DiNatale i see ! but are you still able to launch remote workflows using
flytectl
? Sorry i'm very new to flyte but i was thinking we can only launch workflows on a cluster using
pyflyte run --remote ...
?
l

Louis DiNatale

06/04/2023, 2:18 PM
I never figured this issue out. I ended up using flytectl.
f

Faisal Anees

06/04/2023, 2:20 PM
Ah ok ! Thanks @Louis DiNatale let me explore flytectl a bit more 🙏
k

Ketan (kumare3)

06/04/2023, 2:35 PM
@Faisal Anees are you using self signed certificates
f

Faisal Anees

06/04/2023, 2:37 PM
@Ketan (kumare3) yep i am - i was following docs to setup flyte on GKE
@Ketan (kumare3) i was going over the SSL certificate part of the documentation again https://docs.flyte.org/en/v1.0.0/deployment/gcp/manual.html#ssl-certificate - I'm assuming there's a missing step to actually kubectl apply the
cert issuer
yaml for the nginx ingress route ?
k

Ketan (kumare3)

06/04/2023, 2:45 PM
Might be - cc @jeev
f

Faisal Anees

06/04/2023, 3:00 PM
@Ketan (kumare3) do you recommend using managed certificates to resolve the pyflyte issue ?
j

jeev

06/04/2023, 3:00 PM
@Faisal Anees that version of the doc is old and doesn’t exist anymore.
try the “stable” version instead
f

Faisal Anees

06/04/2023, 3:05 PM
Thanks @jeev! Was looking at some really old docs 😅
33 Views