Skip to content

Commit ff31a5b

Browse files
popojkpopojk
authored
How to verify that the grpc service of flyteadmin works as expected (#5958)
* add tls config setting related information to troubleshoot doc Signed-off-by: Alex Wu <c.alexwu@gmail.com> * fix some information in the doc Signed-off-by: Alex Wu <c.alexwu@gmail.com> * fix code block error Signed-off-by: Alex Wu <c.alexwu@gmail.com> * minor fix to make the information more clear Signed-off-by: Alex Wu <c.alexwu@gmail.com> * highlight the config.yaml Signed-off-by: Alex Wu <c.alexwu@gmail.com> --------- Signed-off-by: Alex Wu <c.alexwu@gmail.com>
1 parent bee83e5 commit ff31a5b

File tree

1 file changed

+31
-0
lines changed

1 file changed

+31
-0
lines changed

docs/community/troubleshoot.rst

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -176,3 +176,34 @@ Please add ``spark`` to the list of `enabled-plugins` in the config yaml file. F
176176
default-for-task-types:
177177
- container: container
178178
- container_array: K8S-ARRAY
179+
180+
``authentication handshake failed: x509: "Kubernetes Ingress Controller Fake Certificate" certificate is not trusted"`` when deploying flyte-core to your own kubernetes cluster
181+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
182+
183+
This issue is caused by TLS being disabled in your Kubernetes cluster. You can resolve the problem by following these steps:
184+
185+
- Enable ``tls`` in the ``values.yaml`` ingress configuration of flyte-core in order to expose gRPC service at 443 port:
186+
187+
.. code-block:: yaml
188+
189+
ingress:
190+
host: <http://example.com|example.com>
191+
separateGrpcIngress: true
192+
separateGrpcIngressAnnotations:
193+
<http://ingress.kubernetes.io/backend-protocol|ingress.kubernetes.io/backend-protocol>: "grpc"
194+
annotations:
195+
<http://ingress.kubernetes.io/app-root|ingress.kubernetes.io/app-root>: "/console"
196+
<http://ingress.kubernetes.io/default-backend-redirect|ingress.kubernetes.io/default-backend-redirect>: "/console"
197+
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: haproxy
198+
tls:
199+
enabled: true # enable tls
200+
201+
- Disable ``insecure`` in your ``flytectl`` client ``config.yaml``:
202+
203+
.. code-block:: yaml
204+
205+
admin:
206+
endpoint: dns:///example.com
207+
authType: Pkce
208+
insecure: false # disable insecure in flytectl
209+
insecureSkipVerify: true

0 commit comments

Comments
 (0)