Hi everyone I hope you all are doing great I am running flyt Flyte #flyte-support

Hi everyone, I hope you all are doing great. I am ...

flaky-tent-80156

04/20/2023, 4:12 PM

Hi everyone, I hope you all are doing great. I am running flyte on AWS deployed using OPTA. I added a google authentication to secure the flyte console. To connect to the EKS cluster deployed in aws I change the config to:

Copy code

admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: dns:///127.0.0.1:8080
  authType: Pkce
  insecure: true
  clientId: <My Client ID here>
logger:
  show-source: true
  level: 10

then forward the port to 8080 like so: kubectl -n flyte port-forward service/flyteadmin 8080:81
then I create the project using flytectl create: flytectl create project --file project.yaml
This is where I am getting the attached logs After one second I am redirected to this link: https://localhost:30081/oauth2/authorize?client_id=flytectl&redirect_uri=http%3A%2F%[…]NTRqenJxbWY&state=Z2Zja3JqemRyZ2Q4cDRjd3h3enZkbTh0NnRrbDh2MnQ Then after couple seconds I see this in the logs and the execution is ended:

Copy code

Error: authentication error! Original Error: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken, Auth Error: context was canceled during auth flow
{"json":{"src":"main.go:13"},"level":"error","msg":"authentication error! Original Error: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken, Auth Error: context was canceled during auth flow","ts":"2023-04-20T16:10:46Z"}

I don’t know if I missed something in the authentication setup. Your guidance will be very appreciable. Looking forward to it 🙂

average-finland-92144

04/20/2023, 4:59 PM

hi @flaky-tent-80156 So, your Flyte instance is deployed on AWS without an Ingress right?

average-finland-92144

04/20/2023, 5:02 PM

how does the redirect URI on Google looks like?

average-finland-92144

04/20/2023, 5:04 PM

can you run a

kubectl get svc -n <flyte namespace>

flaky-tent-80156

04/20/2023, 7:15 PM

It looks like this, I added the other localhosts to test but no result

flaky-tent-80156

04/20/2023, 7:16 PM

here is the list of services

average-finland-92144

04/20/2023, 7:24 PM

what happens if you add

insecureSkipVerify: true

to your

config.yaml

flaky-tent-80156

04/20/2023, 8:10 PM

One moment I ll try it

flaky-tent-80156

04/21/2023, 9:00 PM

Hi, I added it like so:

Copy code

admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: dns:///127.0.0.1:8080
  authType: Pkce
  insecure: true
  clientId: ****.<http://apps.googleusercontent.com|apps.googleusercontent.com>
  insecureSkipVerify: true
logger:
  show-source: true
  level: 10

flaky-tent-80156

04/21/2023, 9:00 PM

but still got the same result

flaky-tent-80156

04/21/2023, 9:00 PM

message has been deleted

163 Views

Open in Slack

Previous Next