From 0fe6595478e80517e148dac4d48ec0f169703fb0 Mon Sep 17 00:00:00 2001 From: Michael Hotan Date: Thu, 12 Feb 2026 12:53:44 -0800 Subject: [PATCH] Add _U_AUTH_TYPE env var support to init_in_cluster() Allow selfhosted task pods to override the auth type via the _U_AUTH_TYPE environment variable. When set to "Passthrough", the SDK skips OAuth metadata fetching against the queue service endpoint, which doesn't implement AuthMetadataService and would cause cascading DEADLINE_EXCEEDED errors. This is intended for selfhosted environments where OAuth is not required, e.g. closed network deployments where task pods connect directly to internal services bypassing ingress and authentication. Co-Authored-By: Claude Opus 4.6 Signed-off-by: Michael Hotan --- src/flyte/_initialize.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/flyte/_initialize.py b/src/flyte/_initialize.py index 48fa455dc..38def8476 100644 --- a/src/flyte/_initialize.py +++ b/src/flyte/_initialize.py @@ -451,6 +451,7 @@ async def init_in_cluster( ENDPOINT_OVERRIDE = "_U_EP_OVERRIDE" INSECURE_SKIP_VERIFY_OVERRIDE = "_U_INSECURE_SKIP_VERIFY" INSECURE_OVERRIDE = "_U_INSECURE" + AUTH_TYPE_OVERRIDE = "_U_AUTH_TYPE" _UNION_EAGER_API_KEY_ENV_VAR = "_UNION_EAGER_API_KEY" EAGER_API_KEY = "EAGER_API_KEY" @@ -479,6 +480,13 @@ async def init_in_cluster( remote_kwargs["insecure_skip_verify"] = True logger.info("SSL certificate verification disabled (insecure_skip_verify=True)") + # Check for auth_type override (e.g. "Passthrough" for selfhosted deployments + # where the endpoint is the queue service which doesn't implement AuthMetadataService) + auth_type_str = os.getenv(AUTH_TYPE_OVERRIDE, "") + if auth_type_str: + remote_kwargs["auth_type"] = auth_type_str + logger.info(f"Auth type overridden to: {auth_type_str}") + await init.aio( org=org, project=project, domain=domain, root_dir=Path.cwd(), image_builder="remote", **remote_kwargs )