seldon-core icon indicating copy to clipboard operation
seldon-core copied to clipboard

Published 20 hours ago verified publisher icon SeldonIO

GRPC-SSL Endpoint Documentation Outdated

Open alex-seto opened this issue 4 years ago • 3 comments

Hello, I have been trying to configure certificates for an SSL endpoint using GRPC transport using the documentation at https://docs.seldon.io/projects/seldon-core/en/latest/examples/seldon_client.html. However, it appears the tutorial linked (https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/) has been updated to a newer version and produces certificates in a different format/nomenclature than in the Seldon Docs. I have tried to use both tutorials to generate the certificates, both the new and the old one (https://istio.io/v1.3/docs/tasks/traffic-management/ingress/secure-ingress-sds/) but I haven't had any success. I was wondering if you could provide an updated method to authenticate an SSL endpoint connection for GRPC (and REST, but I have been able to work around by skipping this authentication providing empty credentials).

Thank you!

alex-seto avatar May 27 '21 14:05 alex-seto

Can you clarify the exact issue you are seeing so we can understand the issue better. Maybe with an example?

ukclivecox avatar Jun 10 '21 08:06 ukclivecox

Hello @cliveseldon ,

thank you for the response. There were two pieces to this issue. This first is more straight forward; the documentation at this link: https://docs.seldon.io/projects/seldon-core/en/latest/examples/seldon_client.html attempts to provide a solution for dealing with GRPC handoffs with SSL authentication. However, the link it provides for making certificates (blue text "Istio Secure Gateway SDS example") image does not appear to be the correct tutorial for producing certificates that are used in the seldon docs.

The link leads to the newest version of Istio docs which produce certificates which do not line up (in terms of file structure, nomenclature, etc) with ones listed in seldon docs. Instead, it appears the intended tutorial can be found at Istio v1.3 docs (outdated) as it provides a script for producing certificates in a similar manner to the ones which appear in the seldon tutorial.

Nevertheless, I am wondering if there is a better/cleaner work around than using the example certificates when in need of SSL auth for GRPC hand offs as producing these certs in the example and then having a gateway called "httpbin.example.com" seems like a forced fix. I have attempted to copy both tutorials and followed instructions but I have had no success with authenticating the endpoint (I have been able to tap in using REST payload and bypassing SSL auth).

Thank you again for the response

alex-seto avatar Jun 14 '21 15:06 alex-seto

This issue is stale because it has been open 10 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Aug 03 '22 02:08 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar Aug 15 '22 02:08 github-actions[bot]

This issue is stale because it has been open 10 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Aug 26 '22 02:08 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar Sep 05 '22 02:09 github-actions[bot]