Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] CLI: Allow user to pass certificate authority .pem file as command option to avoid self-signed certificate errors #1323

Open
eric79 opened this issue Jul 14, 2023 · 1 comment
Open

[feature] CLI: Allow user to pass certificate authority .pem file as command option to avoid self-signed certificate errors #1323

eric79 opened this issue Jul 14, 2023 · 1 comment
Labels
kind/feature

Comments

@eric79
Copy link

eric79 commented Jul 14, 2023

Feature Area

/area CLI

What feature would you like to see?

Allow user to pass certificate authority .pem file as command option to avoid self-signed certificate errors

What is the use case or pain point?

When I try to use the kfp command line (for example, to run a pipeline via kfp run submit) from my enterprise's network, I get the following error:

... connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1129)'))' ...

Is there a workaround currently?

Without this feature, I will need to write a python script that uses the kfp SDK to run the pipeline (in our case, the kfp-tekton SDK), because the TektonClient allows setting the cert like so:

client = kfp_tekton.TektonClient(
    host=f'{kubeflow_url}/pipeline',
    namespace=namespace,
    existing_token=session_cookie,
     ssl_ca_cert=cert_path
 )

... and then run that python script from the command line.

Love this idea? Give it a 👍.
@chensun chensun transferred this issue from kubeflow/pipelines Aug 10, 2023
@google-oss-prow
Copy link

@eric79: The label(s) area/cli cannot be applied, because the repository doesn't have them.

In response to this:

Feature Area

/area CLI

What feature would you like to see?

Allow user to pass certificate authority .pem file as command option to avoid self-signed certificate errors

What is the use case or pain point?

When I try to use the kfp command line (for example, to run a pipeline via kfp run submit) from my enterprise's network, I get the following error:

... connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1129)'))' ...

Is there a workaround currently?

Without this feature, I will need to write a python script that uses the kfp SDK to run the pipeline (in our case, the kfp-tekton SDK), because the TektonClient allows setting the cert like so:

client = kfp_tekton.TektonClient(
   host=f'{kubeflow_url}/pipeline',
   namespace=namespace,
   existing_token=session_cookie,
    ssl_ca_cert=cert_path
)

... and then run that python script from the command line.

Love this idea? Give it a 👍.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eric79