Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

To support access to milvus via ingress which take https:443 as the middle layer. #449

Open
congguosn opened this issue Mar 26, 2024 · 7 comments
Open

To support access to milvus via ingress which take https:443 as the middle layer. #449

congguosn opened this issue Mar 26, 2024 · 7 comments

Comments

@congguosn
Copy link

congguosn commented Mar 26, 2024
edited

Describe the feature:
Currently, attu does not support access milvus if k8s ingress is deployed as a load balancer, for attu hardcodes ssl to false which will cause error like below.

Error: 13 INTERNAL: Received RST_STREAM with code 2 triggered by internal client error: Protocol error

Describe a specific use case for the feature:
If we use aws ingress as load balancer to distribute GRPC traffic, HTTPS will be treated as the access layer and 443 is used for listening the traffic. But attu could not support it as the reason (ssl setting) described above.
@congguosn
Copy link
Author

file path: server/src/milvus/milvus.service.ts
function name: async connectMilvus

@shanghaikid
Copy link
Collaborator

@haorenfsa can you help for this? I am not the expert of networking.

@shanghaikid
Copy link
Collaborator

by the way, what do you mean hardcodes ssl to false? and what's the version of your attu?

@congguosn
Copy link
Author

Hi @shanghaikid, my attu version is v2.3.8. There is a parameter passed to MilvusClient constructor named clientOptions, in which ssl could be set to false or true, but current version does not customize it and just use the default value(false).

// create the client const milvusClient: MilvusClient = new MilvusClient(clientOptions);

@shanghaikid
Copy link
Collaborator

Hi @shanghaikid, my attu version is v2.3.8. There is a parameter passed to MilvusClient constructor named clientOptions, in which ssl could be set to false or true, but current version does not customize it and just use the default value(false).

// create the client const milvusClient: MilvusClient = new MilvusClient(clientOptions);

I think it depends on the address right now, if it starts with https. ok I will add an option.

@shanghaikid
Copy link
Collaborator

Hi @shanghaikid, my attu version is v2.3.8. There is a parameter passed to MilvusClient constructor named clientOptions, in which ssl could be set to false or true, but current version does not customize it and just use the default value(false).

// create the client const milvusClient: MilvusClient = new MilvusClient(clientOptions);

I've read the node sdk code. in your case, I guess you add the ROOT_CERT_PATH env is enough, it will create the grpc credentials.

https://github.com/milvus-io/milvus-sdk-node/blob/a4bfa9761871a1ce0af83b319dbc48c2dd8d9eb3/milvus/grpc/BaseClient.ts#L172

Here is the basic tested docker command, you can add these env to your k8s yaml.
docker run -p 8000:3000
-v /your-tls-file-path:/app/tls
-e ATTU_LOG_LEVEL=info
-e ROOT_CERT_PATH=/app/tls/ca.pem
-e PRIVATE_KEY_PATH=/app/tls/client.key
-e CERT_CHAIN_PATH=/app/tls/client.pem
-e SERVER_NAME=your_server_name
zilliz/attu:dev

@congguosn
Copy link
Author

Thank you! Will try it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shanghaikid @congguosn