Comments (17)
Is there also an input.props in your configmaps directory? Alternatively if you'd rather use helm we'd love feedback on https://github.com/OpenUnison/helm-charts
from openunison-k8s-login-activedirectory.
No there wasn't. With the input.props in configmaps and secrets directories the artifact-deployment completed successfully.
Now I have pod/openunison-operator running, but that's all.
Thanks I will look at the helm-charts.
from openunison-k8s-login-activedirectory.
Helm deployment works well. Operator is running, OpenUnison/orchestra is ok. But I still can't access the portal. I have ingress-nginx with MetalLB loadbalancer. The deployment is not clear for me as you don't use svc, ingress etc. How can I debug it?
from openunison-k8s-login-activedirectory.
Glad to hear the helm deployment worked well. There is a Service
and Ingress
object , it was created. by the operator based on the orchestra OpenUnison
object (kubectl get openunison orchestra -n openunison -o yaml
).
Did the hosts specified in network.openunison_host
and network.dashboard_host
havee DNS entries that correspond to your load balancer?
from openunison-k8s-login-activedirectory.
Yes I have have both DNS entries that correspond to my load balancer openunison_host and dashboard_host. - https://openunison_hostname 404 Not Found nginx/1.17.8
I installed new cluster 1 master 1 node centos 7. Just simple dashboard, ingress-nginx just nodeport and helm deploy. - https://openunison_hostname:30665 (nodeport) 404 Not Found nginx/1.17.8
I found thi lab - https://github.com/TremoloSecurity/k8s-idm-lab -bur still can't view the portal. https://ou.apps.192.168.122.148.nip.io/ - 503 Service Temporarily Unavailable nginx/1.17.8
from openunison-k8s-login-activedirectory.
On your cluster with your helm chart:
- Does the openunison
Ingress
exist in theopenunison
namespace? - Do the host names in your ingress object line up with whats in your values.yaml?
- Are there any errors in your Ingress controller's logs?
A 404 from Ingress usually means its not picking up your Ingress objcet and is a kubernetes level config issue in the chain of Ingress -> service -> endpoint -> pod
A 503 means ingress is configured properly but OpenUnison didn't start. You can take a look at the logs (kubectl logs -l application=openunison-operator -n openunison)
from openunison-k8s-login-activedirectory.
In both my clusters old and new openunison ingres and svc doesn't exist. That's why I was confused about it.
In the lab there is svc and ingress. I was waiting long time for openunison-orchestra pod, but it's runnig now.
from openunison-k8s-login-activedirectory.
ok, so in your helm cluster - there's no service or ingress? Is there a pod called openunison-orchestra-XXXX?
from openunison-k8s-login-activedirectory.
no only openunison-operator
from openunison-k8s-login-activedirectory.
take a look at the logs for the operator. Any errors?
from openunison-k8s-login-activedirectory.
I uninstall helm orchestra and reinstalled
Problem calling '/api/v1/namespaces/openunison/services/openunison-orchestra' - 404
Problem calling '/apis/rbac.authorization.k8s.io/v1/namespaces/openunison/rolebindings/oidc-user-sessions-orchestra' - 404
Problem calling '/apis/rbac.authorization.k8s.io/v1/namespaces/openunison/roles/oidc-user-sessions-orchestra' - 404
Problem calling '/api/v1/namespaces/openunison/serviceaccounts/openunison-orchestra' - 404
...
looks like can't access pi
api_server_host: - what does it means?
k8s_url: https://hostname:6443
from openunison-k8s-login-activedirectory.
api_server_host: - what does it means?
you can ignore this for now. It only matters when impersonation
is true and thats not supported until the next version
Problem calling '/api/v1/namespaces/openunison/services/openunison-orchestra' - 404
Problem calling '/apis/rbac.authorization.k8s.io/v1/namespaces/openunison/rolebindings/oidc-user-sessions-orchestra' - 404
Problem calling '/apis/rbac.authorization.k8s.io/v1/namespaces/openunison/roles/oidc-user-sessions-orchestra' - 404
Problem calling '/api/v1/namespaces/openunison/serviceaccounts/openunison-orchestra' - 404
this was on create? thats odd. Does the openunison
namespace exist?
from openunison-k8s-login-activedirectory.
after helm uninstall & delete namespace & helm install there is error storing trusted certificates
java.lang.RuntimeException: java.security.cert.CertificateException: java.io.IOException: Incomplete data
I have certificate chain. AD certificate was signed by root certificate anf I have to add this to values.yaml.
trusted_certs:
- name: ldaps
pem_b64: "-----BEGIN CERTIFICATE----- ..... -----END CERTIFICATE-----"
from openunison-k8s-login-activedirectory.
Need to base64 encode the certificate chain into one single line encoded string
from openunison-k8s-login-activedirectory.
First, thank you for all help! base64 encode the chain in one line works, but there are still some issues:
openunison-orchestra-657bcb84f-trvp5 0/1 Pending 0 0s
openunison-orchestra-694f7fd5c5-9xn4f 0/1 Terminating 0 5s
openunison-orchestra-95798b97f-vlfjv 0/1 Pending 0 1s
openunison-orchestra-f6fcc9bf5-5l9d8 0/1 Terminating 0 2s
log:
Processing key 'unison-saml2-rp-sig'
Checking if kubernetes secret exists
Secret exists
Adding existing secret to keystore
Storing to keystore
3
Secret exists, deleting
Posting secret
Remote Identity Providers : undefined
No IdPs, stopping
DIGEST : ZG6zcF0bW92UVTTl/SPXFe1y7H5mUoIvET00AgfVaj8=
No secret data has changed, not updating the secret
Done
Problem calling '/api/v1/namespaces/openunison/secrets/amq-secrets-orchestra' - 404
{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"secrets "amq-secrets-orchestra" not found","reason":"NotFound","details":{"name":"amq-secrets-orchestra","kind":"secrets"},"code":404}
Problem calling '/api/v1/namespaces/openunison/secrets/amq-env-secrets-orchestra' - 404
{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"secrets "amq-env-secrets-orchestra" not found","reason":"NotFound","details":{"name":"amq-env-secrets-orchestra","kind":"secrets"},"code":404}
Problem calling '/api/v1/namespaces/openunison/services/amq' - 404
{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"services "amq" not found","reason":"NotFound","details":{"name":"amq","kind":"services"},"code":404}
Problem calling '/apis/apps/v1/namespaces/openunison/deployments/amq-orchestra' - 404
{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"deployments.apps "amq-orchestra" not found","reason":"NotFound","details":{"name":"amq-orchestra","group":"apps","kind":"deployments"},"code":404}
from openunison-k8s-login-activedirectory.
After a few minutes, the portal is runnig and I can login. Thank you.
from openunison-k8s-login-activedirectory.
awesome! thanks for hanging in there. its great feedback when someone else gives it a try. Those errors you saw can be ignored. They're for when using the automation portal which deploys activemq. The login portal doesn't need it but we can do a better job of avoiding those messages. If you can login i'll close out the issue and please open a new ticket with any other questions!
from openunison-k8s-login-activedirectory.
Related Issues (20)
- Apps external to k8s HOT 9
- ERROR ConfigSys : Given final block not properly padded. Such issues can arise if a bad key is used during decryption. HOT 34
- openunison-orchestra Terminating HOT 12
- Own TLS Certificate ans SSO HOT 23
- Re-created kubernetes api cert, openunison shows "unauthorized" HOT 43
- kubectl Windows Command doesn't work HOT 2
- Option to remove TMP_CERT from linux command HOT 21
- Using Openldap and Istio Ingress HOT 38
- Error while trying to build locally HOT 3
- Customizing the look and feel HOT 2
- Group has different DN other than LDAP HOT 2
- Multi Cluster Authentication HOT 15
- Deployment with istio gateway and virtualservice causes certificate issues HOT 26
- Upgrade from 1.0.18 HOT 17
- Show Icons to only who has access to cluster in multi cluster authentication HOT 9
- Installing offline HOT 3
- Credentials in Plain Text in /auth/formLogin HOT 3
- An error occurred while processing this request. Please see the system administrator for assistance. HOT 3
- old expired sessions HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openunison-k8s-login-activedirectory.