Comments (6)
With this configuration if i reach to https://ou.example.com/ i get Internal Server Error
Is that coming from OpenUnison or trafaek? If it's from OpenUnison is there a stack trace in the pod's logs?
oidc: issuer did not match the issuer returned by provider, expected "https://ou.example.com/auth/idp/k8s-login-cli" got "http://ou.example.com/auth/idp/k8s-login-cli"
This is a known issue that is has been fixed in 1.0.23 (should be released by tuesday) TremoloSecurity/OpenUnison#549
from openunison-k8s-login-oidc.
Is that coming from OpenUnison or trafaek? If it's from OpenUnison is there a stack trace in the pod's logs?
It's coming from traefik, the pod never gets the request, if i set up traefik with insecureskipverify
flag it correctly forward to openunison pod and all works, as i mentioned before i think the problem is relative to traefik refusing openunison's self signed cert.
This is a known issue that is has been fixed in 1.0.23 (should be released by tuesday) TremoloSecurity/OpenUnison#549
Great news, i'll test as soon as it gets released then
from openunison-k8s-login-oidc.
It's coming from traefik, the pod never gets the request, if i set up traefik with insecureskipverify flag it correctly forward to openunison pod and all works, as i mentioned before i think the problem is relative to traefik refusing openunison's self signed cert
Can you tell traefik to trust the unison-tls
Secret
in the openunison namespace?
from openunison-k8s-login-oidc.
Can you tell traefik to trust the
unison-tls
Secret in theopenunison
namespace?
Unfortunately i didn't find any options to do that
from openunison-k8s-login-oidc.
Assuming traefik adds the X-Forwarded-Proto
header you can now add networking.force_redirect_to_tls: false
to your values.yaml and after updating your local helm repo upgrade, then upgrade your openunison and orchestra repo deployments.
from openunison-k8s-login-oidc.
In the end we switched to kube-oidc-proxy because we would enable that anyway in openunison.
from openunison-k8s-login-oidc.
Related Issues (20)
- Is it possible to add versions for new releases? HOT 2
- Is it possible to supply a custom certificate during installation? HOT 9
- multiple token for multiple cluster of the same user in config HOT 4
- Issue with dashboard proxy with non-default cluster domain (!= cluster.local) HOT 4
- kubectl exec|port-forward fails when using api impersonation HOT 35
- Streaming commands (logs and get -w) cuts off after 20~40 seconds HOT 23
- Unable to login to openunison HOT 58
- check-certs-orchestra getting kubernetes.default.svc.cluster.local: Name or service not known HOT 1
- OpenUnison resource reports Failed state after upgrade 1.0.21, but otherwise works HOT 4
- Not able to access Openunison UI HOT 30
- deployment of oidc-login fails with error " java.lang.IllegalArgumentException: Last unit does not have enough valid bits " HOT 4
- Helm chart for orchestra is not deploying ingress. HOT 7
- Openunison/Kubernetes Cert Issues HOT 2
- Unable to install on k3d cluster HOT 6
- installing helm chart k8s-login-oidc results in error off of openunison_host HOT 3
- Dashboard is Unauthorized HOT 6
- Can't access Kubernetes Dashboard Chapter 7 HOT 2
- Other ingress controllers HOT 3
- OpenID Connect to AWS eks HOT 28
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openunison-k8s-login-oidc.