https://flyte.org logo
Powered by
#ask-the-community
Title
# ask-the-community
a

Ahmed Laadraoui

04/20/2023, 4:12 PM
Hi everyone, I hope you all are doing great. I am running flyte on AWS deployed using OPTA. I added a google authentication to secure the flyte console. To connect to the EKS cluster deployed in aws I change the config to:
Copy code
admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: dns:///127.0.0.1:8080
  authType: Pkce
  insecure: true
  clientId: <My Client ID here>
logger:
  show-source: true
  level: 10
then forward the port to 8080 like so: 
kubectl -n flyte port-forward service/flyteadmin 8080:81
 then I create the project using flytectl create: 
flytectl create project --file project.yaml
 This is where I am getting the attached logs After one second I am redirected to this link: https://localhost:30081/oauth2/authorize?client_id=flytectl&amp;redirect_uri=http%3A%2F%[…]NTRqenJxbWY&amp;state=Z2Zja3JqemRyZ2Q4cDRjd3h3enZkbTh0NnRrbDh2MnQ Then after couple seconds I see this in the logs and the execution is ended:
Copy code
Error: authentication error! Original Error: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken, Auth Error: context was canceled during auth flow
{"json":{"src":"main.go:13"},"level":"error","msg":"authentication error! Original Error: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken, Auth Error: context was canceled during auth flow","ts":"2023-04-20T16:10:46Z"}
I don’t know if I missed something in the authentication setup. Your guidance will be very appreciable. Looking forward to it 🙂
d

David Espejo (he/him)

04/20/2023, 4:59 PM
hi @Ahmed Laadraoui So, your Flyte instance is deployed on AWS without an Ingress right?
how does the redirect URI on Google looks like?
can you run a 
kubectl get svc -n <flyte namespace>
?
a

Ahmed Laadraoui

04/20/2023, 7:15 PM
It looks like this, I added the other localhosts to test but no result
here is the list of services
d

David Espejo (he/him)

04/20/2023, 7:24 PM
what happens if you add 
insecureSkipVerify: true
to your 
config.yaml
?
a

Ahmed Laadraoui

04/20/2023, 8:10 PM
One moment I ll try it
Hi, I added it like so:
Copy code
admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: dns:///127.0.0.1:8080
  authType: Pkce
  insecure: true
  clientId: ****.<http://apps.googleusercontent.com|apps.googleusercontent.com>
  insecureSkipVerify: true
logger:
  show-source: true
  level: 10
but still got the same result
Screenshot 2023-04-21 at 9.00.34 PM.png
6 Views
Powered by