Hi all
I've managed to get a local demo cluster wo...
# flyte-supportb
brief-fish-13206
04/14/2023, 12:43 PMHi all
I've managed to get a local demo cluster working on my old laptop with workflows running etc, but I've followed the exact same steps on my new one and I'm getting the following error whenever I run a workflow. Note, I've tried the cookbook hello_world example and the greeting workflow, but both give the same error. I think I'm doing something stupid, but I just can't figure it out.
containers with unready status: [f0de017c01c7140d8a4c-n0-0]|Back-off pulling image "<http://cr.flyte.org/flyteorg/flytekit:py3.9-1.5.0|cr.flyte.org/flyteorg/flytekit:py3.9-1.5.0>"f
freezing-airport-6809
04/14/2023, 1:11 PM
Interesting, can you try docker pull cr.flyte.org/flyteorg/flytekit:py3.9-1.5.0
freezing-airport-6809
04/14/2023, 1:11 PM
It could be network or, missing image?
freezing-airport-6809
04/14/2023, 1:11 PM
As you see silently flytekit was upgraded
freezing-airport-6809
04/14/2023, 1:12 PM
Cc @tall-lock-23197 can you please wuickly try
t
tall-lock-23197
04/14/2023, 1:17 PM
Works for me.
f
freezing-airport-6809
04/14/2023, 1:28 PM
@brief-fish-13206 seems like a proxy or something else
b
brief-fish-13206
04/14/2023, 1:30 PMSo docker pull works fine, but in the container logs I see this
2023-04-14 14:27:17 E0414 13:27:17.174653 73 kuberuntime_image.go:51] "Failed to pull image" err="rpc error: code = Unknown desc = failed to pull and unpack image \"<http://ghcr.io/flyteorg/flytekit:py3.9-latest|ghcr.io/flyteorg/flytekit:py3.9-latest>\": failed to resolve reference \"<http://ghcr.io/flyteorg/flytekit:py3.9-latest|ghcr.io/flyteorg/flytekit:py3.9-latest>\": failed to do request: Head \"<https://ghcr.io/v2/flyteorg/flytekit/manifests/py3.9-latest>\": x509: certificate signed by unknown authority" image="<http://ghcr.io/flyteorg/flytekit:py3.9-latest|ghcr.io/flyteorg/flytekit:py3.9-latest>"brief-fish-13206
04/14/2023, 1:33 PMNote, this error is in the Flyte Sandbox container that gives me the initial error ^^^
f
freezing-boots-56761
04/14/2023, 4:00 PM
i cant repro in a fresh sandbox. @brief-fish-13206: this probably sounds dumb, but can you restart your docker daemon and fire up a new sandbox? i definitely had weird issues in older docker desktop for mac versions, but havent in awhile.
freezing-boots-56761
04/14/2023, 4:01 PM
alternatively, you can also run running a basic pod like:
Copy code
kubectl run -it --rm --image=debian debian shfreezing-boots-56761
04/14/2023, 4:01 PM
see if that results in a similar issue
b
brief-fish-13206
04/17/2023, 9:22 AMRestarting didn't work, but kubectl did. I'm going to raise a ticket with Docker. Just so I can give them all the details. Is the sandbox puling the image a Docker-in-Docker, or is it pulling from within Kubernetes?
f
freezing-boots-56761
04/17/2023, 12:06 PM
it’s running k3s on containerd within the sandbox container.
f
freezing-airport-6809
04/17/2023, 1:13 PM
Cc @mammoth-librarian-92821 looks like a similar problem
👍 1
b
brief-fish-13206
04/17/2023, 3:41 PMThanks, I've raised a ticket with Docker, let's see what they say
brief-fish-13206
04/17/2023, 6:24 PMDocker support pointed me to a K3s issue, that seemed to fix things for other people experiencing the issue with K3s. Is there anything I can do to my env to get this fixed? https://github.com/k3s-io/k3s/issues/1148
f
freezing-boots-56761
04/17/2023, 8:29 PM
it’s not a private repo though.
b
brief-fish-13206
04/20/2023, 10:32 AMDocker gave up on helping me. I'm going to raise a bug with K3s. Can you guys help me with this question please (in the context of the sandbox)?
Cluster Configuration:
<!-- Provide some basic information on the cluster configuration. For example, "3 servers, 2 agents". -->
f
freezing-boots-56761
04/20/2023, 12:39 PM
@brief-fish-13206 i’d love to spend some time digging into this with you. Will DM.
❤️ 1
freezing-boots-56761
04/20/2023, 2:16 PM
we have root caused this issue. the problem was that zscaler was running on the machine and intercepting requests. we had to add the org-specific zscaler root ca to the sandbox to establish trust with
<http://ghcr.io|ghcr.io>👍 1
f
freezing-airport-6809
04/20/2023, 2:25 PM
@brief-fish-13206 this is what I was saying like a proxy / firewall on your machine
👍 1
f
freezing-boots-56761
04/20/2023, 7:01 PM
proposal here: https://github.com/flyteorg/flyte/pull/3609
freezing-boots-56761
04/20/2023, 7:02 PM
@brief-fish-13206: would you be open to testing this just to be sure?
b
brief-fish-13206
04/20/2023, 7:02 PMYeah you were right. I wonder if it’s down to the Mac chip docker version. Everything was the same on my old Mac (intel chip) and it worked fine.
brief-fish-13206
04/20/2023, 7:02 PMSure, I’ll try it out in the morning
f
freezing-boots-56761
04/20/2023, 7:03 PM
cool. if its not merged by then, I'll trigger a separate build that you can test with.
freezing-boots-56761
04/21/2023, 3:27 AM
try placing the root CA pem in
~/.flyte/sandbox/ca-certificates/ Copy code
flytectl demo start --image=<http://ghcr.io/flyteorg/flyte-sandbox-bundled:sha-dd75b80cda29a0be441806c3372c6cd46a35dbd9|ghcr.io/flyteorg/flyte-sandbox-bundled:sha-dd75b80cda29a0be441806c3372c6cd46a35dbd9>b
brief-fish-13206
04/21/2023, 10:44 AMYep, that's working! It did take a long time (3 mins to do the greeting wf) though. Don't know if it's related to the change or not
f
freezing-boots-56761
04/21/2023, 12:48 PM
Ok good to know it’s working. The image is running a nightly version of Flyte.
b
brief-fish-13206
04/21/2023, 12:49 PMThanks for your help again 🙂
👍 1
f
freezing-boots-56761
04/21/2023, 12:49 PM
It might be because of an initial image pull. Is it faster if you run it again?
b
brief-fish-13206
04/21/2023, 12:50 PMYep, just took 14secs instead of 3 mins
f
freezing-boots-56761
04/21/2023, 12:51 PM
Ok. Was likely just pulling down the image.
👍 1
f
freezing-airport-6809
04/21/2023, 2:12 PM
Soon it will be lower after the next release
163 Views