https://flyte.org logo
#ask-the-community
Title
# ask-the-community
f

Fhuad Balogun

02/21/2023, 11:49 AM
Hello guys I've set up Kubernetes and Flyte on AWS and then port forwarded to my local machine. However, when I try to register a workflow, I get this error:
error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
d

David Espejo (he/him)

02/21/2023, 4:34 PM
Hi @Fhuad Balogun can you share your current
config.yaml
?
y

Yee

02/21/2023, 4:35 PM
if you’re port forwarded you might not need ssl… try insecure: true?
f

Fhuad Balogun

02/22/2023, 10:02 AM
Yea, it later worked. I port forwarded it. The config.yaml had the client port so I changed it to 8089. Thanks guys. Great job you're all doing.
n

Nan Qin

03/30/2023, 4:14 PM
Hi I am having similar issues with port-forwarding flyte from eks. Here is my config.yaml
Copy code
admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: dns:///localhost:8089
  authType: Pkce
  insecure: true
logger:
  show-source: true
  level: 0
I am getting
Copy code
details: failed to connect to all addresses; last error: UNKNOWN: ipv4:127.0.0.1:8089: Failed to connect to remote host: Connection refused
port-forwarding:
y

Yee

03/30/2023, 4:17 PM
what’s your port forward command btw?
n

Nan Qin

03/30/2023, 4:18 PM
i used k9s to pf. it should be equivalent to
k port-forward flyte-pod 8089:8089 8088:8088
y

Yee

03/30/2023, 4:22 PM
that should work… try http first?
localhost:8088/api/v1/projects
n

Nan Qin

03/30/2023, 4:23 PM
yeah that works
Copy code
{"projects":[{"id":"flytesnacks","name":"flytesnacks","domains":[{"id":"development","name":"development"},{"id":"staging","name":"staging"},{"id":"production","name":"production"}],"description":"flytesnacks description"}]}%
y

Yee

03/30/2023, 4:23 PM
so http works and grpc doesn’t?
try flytectl
maybe it’s a flytekit only issue
both flytekit and flytectl use grpc
n

Nan Qin

03/30/2023, 4:24 PM
yeah with http on 8088 I am getting the
routines:OPENSSL_internal:WRONG_VERSION_NUMBER
error when running
pyflyte register
y

Yee

03/30/2023, 4:24 PM
why ssl?
you have ssl turned on?
n

Nan Qin

03/30/2023, 4:26 PM
so, if I change my config to
Copy code
admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: localhost:8088
  authType: Pkce
  insecure: true
logger:
  show-source: true
  level: 0
I get
Copy code
details: failed to connect to all addresses; last error: INTERNAL: ipv4:127.0.0.1:8088: Trying to connect an http1.x server
y

Yee

03/30/2023, 4:27 PM
oh you need 8089 for grpc
http is 8088
grpc is 8089
both should be insecure
unless you host the cert and terminate ssl in admin
which is typically not the case
n

Nan Qin

03/30/2023, 4:27 PM
yeah, with grpc I am getting
Copy code
details: failed to connect to all addresses; last error: UNKNOWN: ipv4:127.0.0.1:8089: Failed to connect to remote host: Connection refused
y

Yee

03/30/2023, 4:28 PM
what do logs on the flyte side say?
n

Nan Qin

03/30/2023, 4:32 PM
no log on flyte side...
let me double check the port forwarding
y

Yee

03/30/2023, 4:34 PM
can you run kubectl portforward directly?
maybe it offers more information than k9s
n

Nan Qin

03/30/2023, 4:38 PM
yeah
kubectl port-forward
is handling the request. Now I am getting
Copy code
Failed with Exception: Reason: SYSTEM:Unknown
RPC Failed, with Status: StatusCode.INTERNAL
        details: failed to create a signed url. Error: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
        status code: 403, request id: d4c6c3e4-d015-4c74-9d07-5962b0bce16a
y

Yee

03/30/2023, 4:38 PM
what command are you running?
n

Nan Qin

03/30/2023, 4:39 PM
Copy code
pyflyte -c ~/.flyte/config.yaml register workflows --image IMAGE:TAG
y

Yee

03/30/2023, 4:39 PM
oh this is unrelated
this is a perms issue
n

Nan Qin

03/30/2023, 4:39 PM
should I use a service account with pyflyte command?
y

Yee

03/30/2023, 4:40 PM
let’s start a new thread
55 Views