quiet-flower-83249
03/22/2022, 4:11 AMhttps://${MY_DOMAIN}/console
however I can't seem to get it to work on the command line, when running a command I get:
Error: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ingress.local, not ${MY_DOMAIN}"
My config looks something like (i've tried a few variations):
admin:
endpoint: dns:///${MY_DOMAIN}
authType: Pkce
insecure: false
clientId: ${MY_ID}
logger:
show-source: true
level: 0
Any hints on how to get around this?high-park-82026
admin:
endpoint: dns:///${MY_DOMAIN}
authType: Pkce
insecure: false
clientId: ${MY_ID}
insecureSkipVerify: true
logger:
show-source: true
level: 0
high-park-82026
https://${MY_DOMAIN}/console
does the browser show any errors with the certificate?quiet-flower-83249
03/22/2022, 5:12 AMError: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken
Yeah it does actually, the guide says that can be ignored. Is that maybe not the case for CLI authentication?freezing-airport-6809
freezing-airport-6809
quiet-flower-83249
03/22/2022, 5:48 AMquiet-flower-83249
03/22/2022, 5:54 AM<http://cert-manager.io/issuer|cert-manager.io/issuer>: "letsencrypt-production"
but I just used the ManagedCertificate directly (i.e needs to be `networking.gke.io/managed-certificates`)quiet-flower-83249
03/22/2022, 5:55 AMboundless-pizza-95864
03/22/2022, 7:08 AMquiet-flower-83249
03/22/2022, 7:41 AMapiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
icy-agent-73298
03/22/2022, 8:52 AMboundless-pizza-95864
03/22/2022, 1:21 PMquiet-flower-83249
03/22/2022, 6:13 PMWe use Google-managed SSL certificates.
https://docs.flyte.org/en/latest/deployment/gcp/manual.html#ssl-certificate. I assume the helm install cert-manager --namespace flyte --version v0.12.0 jetstack/cert-manager
is using the same google managed cert under the hood?
Currently it my ingress config looks close to the default with:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
<http://nginx.ingress.kubernetes.io/ssl-redirect|nginx.ingress.kubernetes.io/ssl-redirect>: "true"
#<http://cert-manager.io/issuer|cert-manager.io/issuer>: "letsencrypt-production"
<http://networking.gke.io/managed-certificates|networking.gke.io/managed-certificates>: my-cert
# --- separateGrpcIngress puts GRPC routes into a separate ingress if true. Required for certain ingress controllers like nginx.
separateGrpcIngress: true
# --- Extra Ingress annotations applied only to the GRPC ingress. Only makes sense if `separateGrpcIngress` is enabled.
separateGrpcIngressAnnotations:
<http://nginx.ingress.kubernetes.io/backend-protocol|nginx.ingress.kubernetes.io/backend-protocol>: "GRPC"
Are you saying I need to replace these nginx.ingress
parts?quiet-flower-83249
03/22/2022, 6:18 PMhigh-park-82026
high-park-82026
quiet-flower-83249
03/22/2022, 6:20 PMboundless-pizza-95864
03/22/2022, 6:21 PMquiet-flower-83249
03/22/2022, 6:49 PMgsutil cp docs-requirements.txt gs://${MY_BUCKET}/metadata/admin/flytesnacks/development/core.flyte_basics.basic_workflow.my_wf/v1
freezing-airport-6809
flyteadmin
pod does not have permissions to write to a bucketfreezing-airport-6809
my_bucket
freezing-airport-6809
icy-agent-73298
03/23/2022, 3:50 AM