# ask-the-community

Blake Jackson

03/07/2024, 9:51 PM
We've recently upgraded to flyte
and seem to have a potential bug happening when we try to do
pyflyte run --remote --copy-all ...
.Both the sever and flytekit are on
version. We use PKCE auth w/ IdP, and during the scheduling of the execution, we get this error:
Copy code
E0307 21:26:17.332123       1 workers.go:103] error syncing 'flyte-test-development/f95b4da790bce43a99a4': failed at Node[n0]. RuntimeExecutionError: failed during plugin execution, caused by: failed to execute handle for plugin [container]: [Invalid] failed to create resource, caused by: Pod "f95b4da790bce43a99a4-n0-0" is invalid: metadata.labels: Invalid value: "<|>": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue',  or 'my_value',  or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')
{"json":{"src":"controller.go:152"},"level":"info","msg":"==> Enqueueing workflow [flyte-test-development/f95b4da790bce43a99a4]","ts":"2024-03-07T21:26:17Z"}
Is it trying to set my username as a label somewhere on the pod, without specifying the key maybe? Has anyone else ran into this?

Ketan (kumare3)

03/08/2024, 1:03 AM
I do not see this bug on our deployments. but cc @Fabio Grätz / @Eduardo Apolinario (eapolinario) fyi?

Blake Jackson

03/08/2024, 1:04 AM
My guess is that if the IdP uses email as the sub(which Okta does) that this happens

Fabio Grätz

03/08/2024, 10:55 AM
Hey @Blake Jackson, you are right, this is related to the PR you linked. We didn’t run into this because our idp uses a numerical identifier as exec identity instead of an email, sorry about this. I fix this by sanitizing the exec id before injecting it as a label in this PR: