Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubeapps auth problem #10820

Closed
Fareroo7 opened this issue Jun 20, 2022 · 2 comments
Closed

Kubeapps auth problem #10820

Fareroo7 opened this issue Jun 20, 2022 · 2 comments
Labels
solved

Comments

@Fareroo7
Copy link

Fareroo7 commented Jun 20, 2022
edited
Loading

Name and Version

bitnami/kubeapps 8.1.11

What steps will reproduce the bug?

Install kubeapps via helm chart and token-based auth is working.

Now, I want to use Keycloak as IDP and the auth should be working but I get an error inside the kubeappsapi container...

Are you using any custom parameters or values?

ingress:
  enabled: true
  hostname: kubeapps.k8s.local
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
  tls: true
authProxy:
  enabled: true
  provider: oidc
  clientID: kubeapps
  clientSecret: #secret
  cookieSecret: #secret
  skipKubeappsLoginPage: false
  extraFlags:
    - --ssl-insecure-skip-verify
    - --cookie-secure=false
    - --scope=openid email groups
    - --oidc-issuer-url=#url
postgresql:
  primary:
    persistence:
      enabled: true

What is the expected behavior?

Login via keycloak

What do you see instead?

After successful (?!) login, I get redirected back to the login page

Additional information

kubeapps auth-proxy log:

10.244.2.93:48308 - d6adbcced0916375182d2691e44bcf75 - dominik.simon@fs-soft.at [2022/06/20 12:42:25] [AuthSuccess] Authenticated via OAuth2: Session{email:dominik.simon@fs-soft.at user: PreferredUsername:d.simon token:true id_token:true created:2022-06-20 12:42:25.996248618 +0000 UTC m=+130.787952188 expires:2022-06-20 12:47:25.995288077 +0000 UTC m=+430.786991647 refresh_token:true groups:[admin developer]}
10.244.2.93:48308 - d6adbcced0916375182d2691e44bcf75 - - [2022/06/20 12:42:25] kubeapps.k8s.local GET - "/oauth2/callback?state=0eSqzb5278PLY6GKsSFOzQ2phWzazPwcZuy9MtujKlw%3A%2F&session_state=4b95465a-a474-4397-bcfa-f533e5f479f4&code=d6e2ef99-af52-4f49-ab68-7a93af85eeec.4b95465a-a474-4397-bcfa-f533e5f479f4.63c9b0c1-9a77-4f72-b711-4b6ab8799d18" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" 302 24 0.017
10.244.2.93:48308 - 53e335928db2b80db5036b0188741f87 - - [2022/06/20 12:42:26] kubeapps.k8s.local GET - "/oauth2/start" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" 302 323 0.000

kubeapps nginx log:

127.0.0.1 - - [20/Jun/2022:13:08:49 +0000] "GET /config.json HTTP/1.1" 200  445 "https://kubeapps.k8s.local/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" "10.244.2.1, 10.244.2.93"
127.0.0.1 - - [20/Jun/2022:13:08:49 +0000] "POST /apis/kubeappsapis.plugins.resources.v1alpha1.ResourcesService/CheckNamespaceExists HTTP/1.1" 200  5 "https://kubeapps.k8s.local/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" "10.244.2.1, 10.244.2.93"
127.0.0.1 - - [20/Jun/2022:13:08:49 +0000] "POST /apis/kubeappsapis.plugins.resources.v1alpha1.ResourcesService/CheckNamespaceExists HTTP/1.1" 200  5 "https://kubeapps.k8s.local/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" "10.244.2.1, 10.244.2.93"
10.244.2.1 - - [20/Jun/2022:13:08:57 +0000] "GET / HTTP/1.1" 200  1920 "-" "kube-probe/1.24" "-"
10.244.2.1 - - [20/Jun/2022:13:09:07 +0000] "GET / HTTP/1.1" 200  1920 "-" "kube-probe/1.24" "-"
10.244.2.1 - - [20/Jun/2022:13:09:17 +0000] "GET / HTTP/1.1" 200  1920 "-" "kube-probe/1.24" "-"
10.244.2.1 - - [20/Jun/2022:13:09:27 +0000] "GET / HTTP/1.1" 200  1920 "-" "kube-probe/1.24" "-"

kubeapps api log:

I0620 13:01:36.764881       1 namespaces.go:24] +resources CheckNamespaceExists (cluster: "default", namespace="default")
I0620 13:01:36.769786       1 server.go:59] Unauthenticated 4.927107ms /kubeappsapis.plugins.resources.v1alpha1.ResourcesService/CheckNamespaceExists
I0620 13:08:49.410141       1 namespaces.go:24] +resources CheckNamespaceExists (cluster: "default", namespace="default")
I0620 13:08:49.424461       1 server.go:59] Unauthenticated 14.339612ms /kubeappsapis.plugins.resources.v1alpha1.ResourcesService/CheckNamespaceExists
I0620 13:08:50.580987       1 namespaces.go:24] +resources CheckNamespaceExists (cluster: "default", namespace="default")
I0620 13:08:50.586011       1 server.go:59] Unauthenticated 5.036115ms /kubeappsapis.plugins.resources.v1alpha1.ResourcesService/CheckNamespaceExists
@javsalgar
Copy link
Contributor

Hi!

For questions on kubeapps, could you open the issue in https://github.com/vmware-tanzu/kubeapps ? I tried to transfer the issue but I couldn't

@Fareroo7
Copy link
Author

Thanks for the fast response!
I created the issue manually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
solved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@javsalgar @agomezmoron @Fareroo7