little-cricket-84530
06/27/2022, 8:58 PMflytectl get workflows --admin.endpoint <remote_host>:30080 -p <project_name> -d development
is successful
docker run --rm --entrypoint flytectl <http://cr.flyte.org/flyteorg/flyte-sandbox|cr.flyte.org/flyteorg/flyte-sandbox> get workflows --admin.endpoint <remote_host>:30080 -p <project_name> -d development
throws an error
time="2022-06-27T20:18:25Z" level=info msg="[0] Couldn't find a config file []. Relying on env vars and pflags."
{"json":{},"level":"error","msg":"failed to initialize token source provider. Err: failed to fetch auth metadata. Error: rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: tls: first record does not look like a TLS handshake\"","ts":"2022-06-27T20:18:26Z"}
{"json":{},"level":"warning","msg":"Starting an unauthenticated client because: can't create authenticated channel without a TokenSourceProvider","ts":"2022-06-27T20:18:26Z"}
{"json":{},"level":"info","msg":"Initialized Admin client","ts":"2022-06-27T20:18:26Z"}
Error: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"
{"json":{},"level":"error","msg":"rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: tls: first record does not look like a TLS handshake\"","ts":"2022-06-27T20:18:27Z"}
great-school-54368
06/28/2022, 1:40 AMinsecure
connection but when you run same flytectl command inside the sandbox image then you don’t have flytectl config inside the container and flytectl use secure connection. For fixing it you can pass --admin.insecure
flag it will disable the tls.little-cricket-84530
06/28/2022, 4:13 PMlittle-cricket-84530
06/28/2022, 4:13 PMgreat-school-54368
06/29/2022, 1:59 AMgreat-school-54368
06/29/2022, 2:02 AMsteps:
- uses: actions/checkout@v2
- name: Setup flytectl
uses: unionai/flytectl-setup-action@v0.0.1
with:
version: "0.1.8"
- uses: unionai/flyte-register-action@v0.0.1
with:
version: '0.1.8' # The version of workflow
proto: '<https://github.com/flyteorg/flytesnacks/releases/download/v0.2.89/flytesnacks-core.tgz>'
project: 'flytesnacks'
domain: 'development'
archive: true
great-school-54368
06/29/2022, 2:03 AMlimited-dog-47035
07/08/2022, 5:25 PMgreat-school-54368
07/09/2022, 7:02 AMadmin:
# For GRPC endpoints you might want to use dns:///flyte.myexample.com
endpoint: dns:///flyte.org
# Change insecure flag to ensure that you use the right setting for your environment
insecure: false
clientId: *********
authType: ClientSecret
clientSecretLocation: /home/runner/secret_location
logger:
# Logger settings to control logger output. Useful to debug logger:
show-source: true
level: 1
great-school-54368
07/09/2022, 7:02 AM--admin.authType string Type of OAuth2 flow used for communicating with admin.ClientSecret, Pkce, ExternalCommand are valid values (default "ClientSecret")
--admin.authorizationHeader string Custom metadata header to pass JWT
--admin.authorizationServerUrl string This is the URL to your IdP's authorization server. It'll default to Endpoint
--admin.caCertFilePath string Use specified certificate file to verify the admin server peer.
--admin.clientId string Client ID (default "flytepropeller")
--admin.clientSecretLocation string File containing the client secret (default "/etc/secrets/client_secret")
--admin.command strings Command for external authentication token generation
--admin.endpoint string For admin types, specify where the uri of the service is located.
--admin.insecure Use insecure connection.
--admin.insecureSkipVerify InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. Caution : shouldn't be use for production usecases'
--admin.maxBackoffDelay string Max delay for grpc backoff (default "8s")
--admin.maxRetries int Max number of gRPC retries (default 4)
--admin.perRetryTimeout string gRPC per retry timeout (default "15s")
--admin.pkceConfig.refreshTime string (default "5m0s")
--admin.pkceConfig.timeout string (default "15s")
--admin.scopes strings List of scopes to request
--admin.tokenRefreshWindow string Max duration between token refresh attempt and token expiry. (default "0s")
--admin.tokenUrl string OPTIONAL: Your IdP's token endpoint. It'll be discovered from flyte admin's OAuth Metadata endpoint if not provided.
--admin.useAuth Deprecated: Auth will be enabled/disabled based on admin's dynamically discovered information.