In my helm values I added

tls

to my ingress section along with a certificate added to

kubectl

. Now, in my

.flyte/config.yaml

I added

insecure: false

but I get the following error when running a

pyflyte run --remote

command:

"failed to connect to all addresses; last error: UNKNOWN: ipv4:192.168.64.3:443: Ssl handshake failed (TSI_PROTOCOL_FAILURE): SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED"

It seems like you're trying to configure TLS for your Flyte deployment using Helm and you have added a certificate to Kubernetes. To proceed, you need to ensure that your Flyte configuration is set up to use this TLS configuration. 1. Helm Values Configuration: Ensure that your

values.yaml

file for Flyte includes the TLS configuration under the ingress section. This typically looks like:

ingress:
     tls:
       enabled: true
       secretName: <your-tls-secret-name>

This configuration tells Flyte to use the specified TLS secret for securing ingress traffic. 2. Flyte Configuration: In your

.flyte/config.yaml

, you need to ensure that the

admin

section is configured to use the secure endpoint. This might look like:

admin:
     endpoint: "https://<your-flyte-domain>"
     authType: Pkce
     insecure: false

This configuration ensures that Flyte communicates over HTTPS and does not skip TLS verification. Would you like more detail on any specific part of this setup? Sources: - Flyte Helm Chart Configuration 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

@ancient-wolf-19325 In my helm values I added

tls

to my ingress section along with a certificate added to

kubectl

. Now, in my

.flyte/config.yaml

I added

insecure: false

but I get the following error when running a

pyflyte run --remote

command:

"failed to connect to all addresses; last error: UNKNOWN: ipv4:192.168.64.3:443: Ssl handshake failed (TSI_PROTOCOL_FAILURE): SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED"

The error you're encountering suggests that the SSL handshake is failing due to a certificate verification issue. This typically happens when the client does not trust the certificate presented by the server. Here are a few steps to resolve this: 1. Verify Certificate Trust: Ensure that the certificate used by your Flyte deployment is trusted by the client. If you're using a self-signed certificate, you may need to add it to the trusted certificates on the client machine. 2. Configure

insecureSkipVerify

: If you are using a self-signed certificate and want to bypass verification for testing purposes, you can set

insecureSkipVerify: true

in your

.flyte/config.yaml

. This will skip the certificate verification step:

admin:
     endpoint: "https://<your-flyte-domain>"
     authType: Pkce
     insecure: false
     insecureSkipVerify: true

3. Check Certificate Details: Ensure that the certificate's Common Name (CN) or Subject Alternative Name (SAN) matches the domain you are using in the

endpoint

configuration. Would you like more detailed guidance on any of these steps? Sources: - https://github.com/flyteorg/flyte/issues/4794 - https://www.union.ai/docs/flyte/community/troubleshoot/ 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

@ancient-wolf-19325 Adding insecureSkipVerify results in the following error: (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x15b792990>: Failed to establish a new connection: [Errno 61] Connection refused'))

The error message you're seeing indicates that the client is unable to establish a connection to the server, which is different from a certificate verification issue. Here are some steps to troubleshoot this: 1. Check Server Availability: Ensure that the Flyte server is running and accessible at the specified endpoint. You can verify this by trying to access the server using a tool like

curl

or

telnet

to see if the server is reachable. 2. Verify Endpoint Configuration: Double-check the

endpoint

value in your

.flyte/config.yaml

to ensure it is correct and points to the right server address and port. It should match the server's actual address and port. 3. Network Configuration: Ensure that there are no network issues or firewall rules blocking the connection between your client and the Flyte server. If you're running Flyte locally, ensure that the server is bound to the correct network interface. 4. Check Port Configuration: Make sure that the port specified in the

endpoint

is open and listening on the server. If you're using a custom port, ensure that it is correctly configured in both the server and client settings. Would you like more detailed guidance on any of these steps? Sources: - https://github.com/flyteorg/flyte/issues/4962 - https://github.com/flyteorg/flyte/issues/5663 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.