openshift
Cant access openshift web console
today when I was trying to launch the okd console , I was greeted with below message
:
Please configure authentication to use the web console.
Not sure , if there is a new image pushed and might be need to patch notes...Trying to troubleshoot this one, any help appreciated
hi, thanks for the issue, can you describe the proccess of launching the okd console ? a. what cluster, what is installed on it b. how did you install the console, namespacee, image, CRDs ... c. if you can screenshot of problem
1 reply 1 new @jsakil14 jsakil14 3 hours ago Author a. Kubevirt cluster - 3 node physical b. Used ci/deploy-console.sh & additional components from the ci/ & yaml/ folders c. I cant attach images here , it is basically node port connected over browser giving the output as below:
Please configure authentication to use the web console.
logs from console pod
k logs console-798cf56f96-xh88k I0902 07:16:33.814995 1 main.go:214] The following console plugins are enabled: I0902 07:16:33.815031 1 main.go:216] - forklift-console-plugin W0902 07:16:33.815039 1 authoptions.go:112] Flag inactivity-timeout is set to less then 300 seconds and will be ignored! W0902 07:16:33.815211 1 authoptions.go:259] console is disabled -- no authentication method configured I0902 07:16:33.815256 1 main.go:634] Binding to 0.0.0.0:9000... I0902 07:16:33.815272 1 main.go:636] using TLS 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:57769: remote error: tls: unknown certificate 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:51679: remote error: tls: unknown certificate 2024/09/02 07:16:40 http: TLS handshake error from 172.16.149.19:62944: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:45346: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:43350: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:36632: remote error: tls: unknown certificate console deployment output:
apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "2" kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"console","namespace":"konveyor-forklift"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"console"}},"template":{"metadata":{"labels":{"name":"console"}},"spec":{"containers":[{"env":[{"name":"BRIDGE_USER_AUTH","value":"disabled"},{"name":"BRIDGE_LISTEN","value":"https://0.0.0.0:9000"},{"name":"BRIDGE_TLS_CERT_FILE","value":"/var/run/secrets/console-serving-cert/tls.crt"},{"name":"BRIDGE_TLS_KEY_FILE","value":"/var/run/secrets/console-serving-cert/tls.key"},{"name":"BRIDGE_PLUGINS","value":"forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080"},{"name":"BRIDGE_PLUGIN_PROXY","value":"{"services":[\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",\n "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n },\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",\n "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n }]}\n"}],"image":"quay.io/openshift/origin-console:latest","name":"console","volumeMounts":[{"mountPath":"/var/run/secrets/console-serving-cert","name":"console-serving-cert"},{"mountPath":"/etc/ssl/certs/forklift-ca.crt","name":"forklift-cert","subPath":"ca.crt"}]}],"serviceAccountName":"console","volumes":[{"name":"forklift-cert","secret":{"secretName":"forklift-cert"}},{"name":"console-serving-cert","secret":{"secretName":"console-serving-cert"}}]}}}} creationTimestamp: "2024-09-02T07:10:02Z" generation: 2 name: console namespace: konveyor-forklift resourceVersion: "187602490" uid: cd3cc6a3-3aa3-4788-867f-1beb44a5c9db spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: name: console strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: name: console spec: containers: - env: - name: BRIDGE_USER_AUTH value: disabled - name: BRIDGE_LISTEN value: https://0.0.0.0:9000 - name: BRIDGE_TLS_CERT_FILE value: /var/run/secrets/console-serving-cert/tls.crt - name: BRIDGE_TLS_KEY_FILE value: /var/run/secrets/console-serving-cert/tls.key - name: BRIDGE_PLUGINS value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080 - name: BRIDGE_PLUGIN_PROXY value: | {"services":[ { "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/", "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443", "authorize":true }, { "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/", "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443", "authorize":true }]} image: quay.io/openshift/origin-console:latest imagePullPolicy: Always name: console resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/console-serving-cert name: console-serving-cert - mountPath: /etc/ssl/certs/forklift-ca.crt name: forklift-cert subPath: ca.crt dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: console serviceAccountName: console terminationGracePeriodSeconds: 30 volumes: - name: forklift-cert secret: defaultMode: 420 secretName: forklift-cert - name: console-serving-cert secret: defaultMode: 420 secretName: console-serving-cert status: availableReplicas: 1 conditions:
- lastTransitionTime: "2024-09-02T07:10:22Z" lastUpdateTime: "2024-09-02T07:10:22Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available
- lastTransitionTime: "2024-09-02T07:10:02Z" lastUpdateTime: "2024-09-02T07:16:31Z" message: ReplicaSet "console-798cf56f96" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 2 readyReplicas: 1 replicas: 1 updatedReplicas: 1
UPDATE: I reverted to old version of image: quay.io/openshift/origin-console:4.9.0 instead of image: quay.io/openshift/origin-console:latest ; which seems to have resolved the issue with authentication - Going through the image files, seems like only noticeable change is OS is moved to rhel9 from older rhel8 - but dont know what env. variable it is looking for...
spec:
containers:
- env:
- name: BRIDGE_USER_AUTH
value: disabled
- name: BRIDGE_LISTEN
value: https://0.0.0.0:9000
- name: BRIDGE_TLS_CERT_FILE
value: /var/run/secrets/console-serving-cert/tls.crt
- name: BRIDGE_TLS_KEY_FILE
value: /var/run/secrets/console-serving-cert/tls.key
- name: BRIDGE_PLUGINS
value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
- name: BRIDGE_PLUGIN_PROXY
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten /remove-lifecycle stale
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.
/close
@openshift-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting
/reopen. Mark the issue as fresh by commenting/remove-lifecycle rotten. Exclude this issue from closing again by commenting/lifecycle frozen./close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}