Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

[stable/nginx-ingress] Controller version 0.26.2 breaks external auth #20001

Closed
travisgroth opened this issue Jan 10, 2020 · 2 comments
Closed

[stable/nginx-ingress] Controller version 0.26.2 breaks external auth #20001

travisgroth opened this issue Jan 10, 2020 · 2 comments
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@travisgroth
Copy link
Collaborator

Describe the bug
As in the title, external authentication does not function correctly with nginx 0.26.2.

See kubernetes/ingress-nginx#4872 for the outstanding issue.

Surfaced in Pomerium pomerium/pomerium#442 (ignore the parts about Traefik).

Version of Helm and Kubernetes:

Helm:
Client: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}

Server: &version.Version{SemVer:"v2.16.1", GitCommit:"bbdfe5e7803a12bbdf97e94cd847859890cf4050", GitTreeState:"clean"}

Kubernetes:
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.5", GitCommit:"20c265fef0741dd71a66480e35bd69f18351daea", GitTreeState:"clean", BuildDate:"2019-10-15T19:07:57Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}

Which chart:
stable/nginx-ingress version 1.28.2

What happened:
Upgraded the nginx-ingress chart in an otherwise functioning configuration. Endpoints using external auth via annotations cased working. Specifically, we wind up in a redirect loop. I do not fully understand the nature of the breakage but it seems like nginx may not be setting its own authentication cookie correctly during login flow.

What you expected to happen:
Existing Ingress to function as expected with nginx-ingress-1.28.2 / 0.26.2

How to reproduce it (as minimally and precisely as possible):
This is a known regression in 0.26.2. kubernetes/ingress-nginx#4872.

Reproduction requires setting up a cookie based auth endpoint such as pomerium and upgrading to nginx-ingress-1.27.2 or above. Downgrading to 1.27.1 or 0.26.1 fixes the issue.

Anything else we need to know:
I propose rolling back to 0.26.1 until the issue is resolved upstream. It has been open for some time with no progress. I will open a corresponding PR.
@travisgroth travisgroth mentioned this issue Jan 10, 2020
Closed
3 tasks
@desimone desimone mentioned this issue Jan 11, 2020
Merged
4 tasks
@stale
Copy link

stale bot commented Feb 9, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

@stale stale bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 9, 2020
@travisgroth
Copy link
Collaborator Author

Fixed with #20813

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[stable/nginx-ingress] Revert to appVersion 0.26.1 travisgroth/charts
1 participant
@travisgroth