-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I'm unable to access any part of the portal when using Keycloak integration #322
Comments
Hello, is AWS EKS integrated with Keycloak? If so, are you able to use kubelogin to authenticate and access the Kubernetes cluster? https://docs.kuberocketci.io/docs/operator-guide/auth/configure-keycloak-oidc-eks#kubeconfig |
Hi, thank you for your response, I followed the steps on the link you provided once more and now it's working. Another question how could I modify the permissions on edp-oidc-* groups? For example to enable a developer to create Components. Thanks in advance. |
Hi @packituz-gttz ! Glad to hear everything is working now. By default, our platform doesn't grant developers the rights for such actions, but there's no restriction on expanding these permissions. To do so, you just need to follow the general approach. Below are the Kubernetes objects that enable codebase creation. You can add them to your add-ons repository or apply them directly to the cluster in any way that suits you, and further customize as needed. The process involves creating a new role and binding it to the appropriate group. Keep in mind that it's essential to follow the group naming conventions. Steps:
You can also review the platform's RBAC source code for further insights: https://github.com/epam/edp-install/tree/master/deploy-templates/templates/rbac If you have any further questions or need clarification, feel free to reach out. |
You can also create a separate group in Keycloak and establish a dedicated mapping for it. The key is to maintain the complete mapping structure: Keycloak Group → ClusterRoleBinding/RoleBinding → ClusterRole/Role. |
Describe the bug
When using Keycloack integration I can login into the portal but I'm unable to access any of the parts within it, despite being admin. Whenever trying to access Pipelines, Marketplaces or any part of the portal I'm redirected back into the login page.
To Reproduce
What did you do?
I configured Keyclock integration following the documentation: https://docs.kuberocketci.io/docs/operator-guide/auth/platform-auth-model
What did you expect to see?
Be able to access all parts of the portal.
What did you see instead? Under which circumstances?
I'm redirected to login page when trying to access any part inside the portal. I can see requests failing with status 401.
Kubernetes cluster type:
Amazon Elastic Kubernetes
Version 1.29
The text was updated successfully, but these errors were encountered: