Hi,
# spicedbf
Fingineering
04/15/2025, 8:20 AMHi,
I have a little question/ issue regarding connecting to a self hosted SpiceDB on K8s. We set it up with a self signed certificate. Just for testing purposes I did set up a port-forward to the 50051 port on my K8s. Using this installation works fine with the zed cli using a context with --no-verify-ca parameter.
No I did try to connect to it via a python client and that just does not work, I always get a message:
Copy code
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses; last error: UNAVAILABLE: ipv4:127.0.0.1:50051: Socket closed"
debug_error_string = "UNKNOWN:Error received from peer {created_time:"2025-04-14T16:52:26.97323+02:00", grpc_status:14, grpc_message:"failed to connect to all addresses; last error: UNAVAILABLE: ipv4:127.0.0.1:50051: Socket closed"}"v
vroldanbet
04/15/2025, 8:47 AMPerhaps you may want to look into
certChainf
Fingineering
04/15/2025, 9:00 AMthe certChain needs to be the root certificate read as binary? Like:
Copy code
python
f = open('fname.crt', 'rb')
cert = f.read()
cred = bearer_token_credential('mysupersecretpwd', cert)
`v
vroldanbet
04/15/2025, 9:26 AMf
Fingineering
04/22/2025, 10:41 AMJust for the record, it does work, if you use the certificate used in the operator installation, but this certificate needs to be created with localhost as a valid host. Otherwise connections will fail.
It might be an option to add the localhost as an allowed host via the connection options. But on my side the parameter was ignored within the python client/library.
v
vroldanbet
04/22/2025, 12:54 PMI think that's something that could be fixed with Server Name Indication. For example
zed22 Views