Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENH] - Allow passing verify=False to WorkflowService #13

Open
viniciusdc opened this issue Aug 20, 2024 · 0 comments
Open

[ENH] - Allow passing verify=False to WorkflowService #13

viniciusdc opened this issue Aug 20, 2024 · 0 comments
Labels
good first issue Good for newcomers needs: triage 🚦 Someone needs to have a look at this issue and triage

Comments

@viniciusdc
Copy link

viniciusdc commented Aug 20, 2024
edited
Loading

Context

When running the scheduler in more complex contexts such as nebari, if the main host endpoint for the Argo service is behind a proxy whose DNS has a self-signed certificate, any requests made via Hera will lead to the following issue:

Tried it, failed with : HTTPSConnectionPool(host='nebari-static.cmreclimatechange.nsf', port=443): 
Max retries exceeded with url: /argo/api/v1/workflows/dev 
(Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: 
self-signed certificate (_ssl.c:1006)')))

The corresponding WorkflowService class already allows such configuration:
https://github.com/argoproj-labs/hera/blob/3470e8e8ec6f416d66e1e9a2a35970f3cbcf1261/src/hera/workflows/service.py#L63-L72
which already supports the check for the required setting in the global_config object as well:

self.verify_ssl = verify_ssl if verify_ssl is not None else global_config.verify_ssl

We need to make sure our authenticate function is extended to allow such settings as well:

argo-jupyter-scheduler/argo_jupyter_scheduler/utils.py

Lines 53 to 73 in 5dea3f7

def authenticate():
namespace = os.environ["ARGO_NAMESPACE"]
if not namespace:
namespace = "dev"
token = os.environ["ARGO_TOKEN"]
if token.startswith("Bearer"):
token = token.split(" ")[-1]
base_href = os.environ["ARGO_BASE_HREF"]
if not base_href.endswith("/"):
base_href += "/"
server = f"https://{os.environ['ARGO_SERVER']}"
host = urljoin(server, base_href)
global_config.host = host
global_config.token = token
global_config.namespace = namespace
return global_config

Value and/or benefit

Addresses issue when running both services in a local (testing) environment

Anything else?

No response
@viniciusdc viniciusdc added needs: triage 🚦 Someone needs to have a look at this issue and triage good first issue Good for newcomers labels Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers needs: triage 🚦 Someone needs to have a look at this issue and triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@viniciusdc