Comments (6)
- '--oidc-username-prefix=oidc:'
- '--oidc-groups-prefix=oidc:'
I'd remove these. Does kubectl
work?
from openunison-k8s-login-oidc.
I removed those options and the kube-apiserver pods were restarted, but have the same issue. I had the CLI working at one point but now I get the following:
kubectl get all -n openunison
Error from server (InternalError): an error on the server ("") has prevented the request from succeeding
logs from the orchestra container show the following around that time
[2021-08-02 16:11:33,748][Thread-14] WARN OpenShiftTarget - Unexpected result calling 'https://10.233.0.1:443/apis/openunison.tremolo.io/v1/namespaces/openunison/oidc-sessions/xab88e020-51d2-41e6-a8ed-39f91db7630dx' - 404 / {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"oidc-sessions.openunison.tremolo.io \"xab88e020-51d2-41e6-a8ed-39f91db7630dx\" not found","reason":"NotFound","details":{"name":"xab88e020-51d2-41e6-a8ed-39f91db7630dx","group":"openunison.tremolo.io","kind":"oidc-sessions"},"code":404}
[2021-08-02 16:11:33,780][Thread-14] WARN OpenShiftTarget - Unexpected result calling 'https://10.233.0.1:443/apis/openunison.tremolo.io/v1/namespaces/openunison/oidc-sessions/xf8ae0fe5-5dcf-4b44-8068-3c2ad4adb3bax' - 404 / {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"oidc-sessions.openunison.tremolo.io \"xf8ae0fe5-5dcf-4b44-8068-3c2ad4adb3bax\" not found","reason":"NotFound","details":{"name":"xf8ae0fe5-5dcf-4b44-8068-3c2ad4adb3bax","group":"openunison.tremolo.io","kind":"oidc-sessions"},"code":404}
[2021-08-02 16:11:33,811][Thread-14] WARN OpenShiftTarget - Unexpected result calling 'https://10.233.0.1:443/apis/openunison.tremolo.io/v1/namespaces/openunison/oidc-sessions/x10bd21fd-bad3-48ba-913f-e558e79df184x' - 404 / {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"oidc-sessions.openunison.tremolo.io \"x10bd21fd-bad3-48ba-913f-e558e79df184x\" not found","reason":"NotFound","details":{"name":"x10bd21fd-bad3-48ba-913f-e558e79df184x","group":"openunison.tremolo.io","kind":"oidc-sessions"},"code":404}
[2021-08-02 16:11:33,825][Thread-14] WARN OpenShiftTarget - Unexpected result calling 'https://10.233.0.1:443/apis/openunison.tremolo.io/v1/namespaces/openunison/oidc-sessions/xac4f503b-d8f1-4327-95a1-e288ad04bd24x' - 404 / {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"oidc-sessions.openunison.tremolo.io \"xac4f503b-d8f1-4327-95a1-e288ad04bd24x\" not found","reason":"NotFound","details":{"name":"xac4f503b-d8f1-4327-95a1-e288ad04bd24x","group":"openunison.tremolo.io","kind":"oidc-sessions"},"code":404}
I have an assumption that is may be cert related. I worked through the original cert issue with your help here: #43
but definitely seem like it still could be something with the cert.
from openunison-k8s-login-oidc.
Can you run kubectl get all -n openunison --v=11
? I'd like to see which URL is failing
from openunison-k8s-login-oidc.
Running that command led me to a problem with my f5 virtual server setup for the cluster. I remedied that and now the CLI works as it should. The problem with the dashboard being unauthorized still persists though.
from openunison-k8s-login-oidc.
Try changing image
in your values.yaml file to docker.io/tremolosecurity/betas:oidc-1.0.23-1
and once it's redeployed access the dashboard again
from openunison-k8s-login-oidc.
closing due to inactivity
from openunison-k8s-login-oidc.
Related Issues (20)
- Is it possible to add versions for new releases? HOT 2
- Is it possible to supply a custom certificate during installation? HOT 9
- multiple token for multiple cluster of the same user in config HOT 4
- Issue with dashboard proxy with non-default cluster domain (!= cluster.local) HOT 4
- kubectl exec|port-forward fails when using api impersonation HOT 35
- Streaming commands (logs and get -w) cuts off after 20~40 seconds HOT 23
- Unable to login to openunison HOT 58
- check-certs-orchestra getting kubernetes.default.svc.cluster.local: Name or service not known HOT 1
- OpenUnison resource reports Failed state after upgrade 1.0.21, but otherwise works HOT 4
- Not able to access Openunison UI HOT 30
- deployment of oidc-login fails with error " java.lang.IllegalArgumentException: Last unit does not have enough valid bits " HOT 4
- Helm chart for orchestra is not deploying ingress. HOT 7
- Openunison/Kubernetes Cert Issues HOT 2
- Integration with traefik ingressroute HOT 6
- Unable to install on k3d cluster HOT 6
- installing helm chart k8s-login-oidc results in error off of openunison_host HOT 3
- Can't access Kubernetes Dashboard Chapter 7 HOT 2
- Other ingress controllers HOT 3
- OpenID Connect to AWS eks HOT 28
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openunison-k8s-login-oidc.