Channels
announcements
ask-the-community
auth
conference-talks
contribute
databricks-integration
datahub-flyte
deployment
ecosystem-unionml
engineeringlabs
events
feature-discussions
flyte-bazel
flyte-build
flyte-console
flyte-deployment
flyte-documentation
flyte-github
flyte-on-gcp
flyte-ui-ux
flytekit
flytekit-java
flytelab
great-content
hacktoberfest-2022
helsing-flyte
in-flyte-conversations
integrations
introductions
jobs
konan-integration
linkedin-flyte
random
ray-integration
ray-on-flyte
release
scipy-2022-sprint
show-and-tell
sig-large-models
torch-elastic
workflow-building-ui-proj
writing-w-sfloris
Title
a
Andrew Korzhuev
10/20/2022, 3:11 PMI'm getting this error on flytescheduler running on AWS EKS, which I guess is admin ip:
Error: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp ...:81: i/o timeout"panic: authentication error! Original Error: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken, Auth Error: failed to initialized token source provider. Err: failed to fetch auth metadata. Error: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp ...:81: i/o timeout"k
Kevin Su
10/20/2022, 5:51 PMcc @Prafulla Mahindrakar
p
Prafulla Mahindrakar
10/20/2022, 6:31 PMhey @Andrew Korzhuev, can you check if the admin service is reachable . The error is i/o timeout so seems the service is not reachable.
Also you can get the endpoint which scheduler reaches using
kubectl get cm -n flyte flyschedulera
Andrew Korzhuev
10/21/2022, 8:37 AMThe endpoint in the config matches flyte-core-grpc ingress, the admin is accessible through UI and CLI otherwise
Aha, this was the firewall rules between EKS nodes which tripped me
Now I'm getting:
panic: rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}p
Prafulla Mahindrakar
10/21/2022, 9:36 AMDoes configured client id in the scheduler admin section valid and this should be different client id than the one used by flyteconsole to authenticate. Specifically this section of flyte auth doc https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#id1
check for
adminOauthClientCredentialsa
Andrew Korzhuev
10/24/2022, 12:52 PMI couldn't get this to work until stumbling on that thread https://flyte-org.slack.com/archives/CP2HDHKE1/p1666169843332409
Looks like
adminOauthClientCredentials.clientSecretappAuth.selfAuthServerp
Prafulla Mahindrakar
10/25/2022, 10:19 AMI see. yes there are few gaps seems since we tightened on the security aspects of not having a default secret. Yes if you are using selfAuthServer then you have define those static clients and keep the same values in both places. Usually folks use there Auth server and not the admin provided inmemory auth server.
Created a doc update ticket for it https://github.com/flyteorg/flyte/issues/3029