che
che copied to clipboard
eclipse-che
404 page not found when i open the dashboard after successfully deplying Che
Describe the bug
after successfully deploying Eclipse Che, when I open the dashboard URL, nothing happens expect a blank page with 404 page not found .
Che version
7.44@latest
Steps to reproduce
- chectl server:deploy --domain=osama.oc-perf.eu --platform=k8s --che-operator-cr-patch-yaml=checluster.yml --skip-oidc-provider-check --che-operator-image=quay.io/eclipse/che-operator:next
Expected behavior
I see the dashboard.
Runtime
Kubernetes (vanilla)
Screenshots
PS C:\Users\Oussema Mhiri\Downloads> kubectl get all -n eclipse-che
NAME READY STATUS RESTARTS AGE
pod/che-65c9597c5d-69v4l 1/1 Running 0 5m20s
pod/che-dashboard-6f46f4f97-ggvz5 1/1 Running 0 11m
pod/che-gateway-cdbcfddc5-88zrv 4/4 Running 0 6m25s
pod/che-operator-546774698d-cl6ks 1/1 Running 0 13m
pod/che-tls-job--1-6s7lq 0/1 Completed 0 60m
pod/che-tls-job--1-d5st9 0/1 Completed 0 75m
pod/che-tls-job--1-lsh94 0/1 Completed 0 12m
pod/devfile-registry-7bb4759bf8-8mbq7 1/1 Running 0 11m
pod/keycloak-development-d58954797-wc44x 1/1 Running 0 8m53s
pod/plugin-registry-cc67bcd45-hr89r 1/1 Running 0 11m
pod/postgres-768c969658-k4pzn 1/1 Running 0 12m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/che-dashboard ClusterIP 10.3.203.155 <none> 8080/TCP 11m
service/che-gateway ClusterIP 10.3.81.22 <none> 8080/TCP,8089/TCP 11m
service/che-host ClusterIP 10.3.78.189 <none> 8080/TCP,8087/TCP 12m
service/devfile-registry ClusterIP 10.3.19.68 <none> 8080/TCP 11m
service/keycloak-development LoadBalancer 10.3.126.164 51.210.211.139 443:32549/TCP 15m
service/plugin-registry ClusterIP 10.3.17.228 <none> 8080/TCP 11m
service/postgres ClusterIP 10.3.106.135 <none> 5432/TCP 12m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/che 1/1 1 1 11m
deployment.apps/che-dashboard 1/1 1 1 11m
deployment.apps/che-gateway 1/1 1 1 11m
deployment.apps/che-operator 1/1 1 1 13m
deployment.apps/devfile-registry 1/1 1 1 11m
deployment.apps/keycloak-development 1/1 1 1 15m
deployment.apps/plugin-registry 1/1 1 1 11m
deployment.apps/postgres 1/1 1 1 12m
NAME DESIRED CURRENT READY AGE
replicaset.apps/che-65c9597c5d 1 1 1 11m
replicaset.apps/che-dashboard-6f46f4f97 1 1 1 11m
replicaset.apps/che-gateway-cdbcfddc5 1 1 1 11m
replicaset.apps/che-operator-546774698d 1 1 1 13m
replicaset.apps/devfile-registry-7bb4759bf8 1 1 1 11m
replicaset.apps/keycloak-development-d58954797 1 1 1 15m
replicaset.apps/plugin-registry-cc67bcd45 1 1 1 11m
replicaset.apps/postgres-768c969658 1 1 1 12m
Installation method
chectl/latest
Environment
Windows
Eclipse Che Logs
PS C:\Users\Oussema Mhiri\Downloads> chectl server:deploy --domain=osama.oc-perf.eu --platform=k8s --che-operator-cr-patch-yaml=checluster.yml --skip-oidc-provider-check --che-operator-image=quay.io/eclipse/che-operator:next
› Installer type is set to: 'operator'
› Current Kubernetes context: 'kubernetes-admin@perf'
√ Verify Kubernetes API...OK
√ 👀 Looking for an already existing Eclipse Che instance
√ Verify if Eclipse Che is deployed into namespace "eclipse-che"...it is not
√ 🧪 DevWorkspace engine
√ Verify cert-manager installation
√ Check Cert Manager deployment...already deployed
√ Wait for Cert Manager...ready
√ ✈️ Kubernetes preflight checklist
√ Verify if kubectl is installed
√ Verify remote kubernetes status...done.
√ Check Kubernetes version: Found v1.22.2.
√ Verify domain is set...set to osama.oc-perf.eu.
↓ Check if cluster accessible [skipped]
√ Following Eclipse Che logs
√ Start following Operator logs...done
√ Start following Eclipse Che Server logs...done
√ Start following PostgreSQL logs...done
√ Start following Keycloak logs...done
√ Start following Plug-in Registry logs...done
√ Start following Devfile Registry logs...done
√ Start following Eclipse Che Dashboard logs...done
√ Start following namespace events...done
√ Create Namespace eclipse-che...[Exists]
√ Create Namespace eclipse-che...[Exists]
√ 🏃 Running the Eclipse Che operator
√ Create ServiceAccount che-operator in namespace eclipse-che...done.
√ Read Roles and Bindings...done.
√ Creating Roles and Bindings...done.
√ Create CRD checlusters.org.eclipse.che...It already exists.
√ Waiting 5 seconds for the new Kubernetes resources to get flushed...done.
√ Create deployment che-operator in namespace eclipse-che...done.
√ Operator pod bootstrap
√ Scheduling...done
√ Downloading images...done
√ Starting...done
√ Prepare Eclipse Che cluster CR...Done.
√ Create the Custom Resource of type checlusters.org.eclipse.che in the namespace eclipse-che...done.
√ ✅ Post installation checklist
√ PostgreSQL pod bootstrap
√ Scheduling...done
√ Downloading images...done
√ Starting...done
√ Devfile Registry pod bootstrap
√ Scheduling...done
√ Downloading images...done
√ Starting...done
√ Plug-in Registry pod bootstrap
√ Scheduling...done
√ Downloading images...done
√ Starting...done
√ Eclipse Che Dashboard pod bootstrap
√ Scheduling...done
√ Downloading images...done
√ Starting...done
√ Eclipse Che Server pod bootstrap
√ Scheduling...done
√ Downloading images...done
√ Starting...done
√ Eclipse Che status check...done
√ Retrieving Che self-signed CA certificate...OK
√ Prepare post installation output...done
√ Show important messages
√ Eclipse Che '7.45.0' has been successfully deployed.
√ Documentation : https://www.eclipse.org/che/docs/
√ -------------------------------------------------------------------------------
√ Users Dashboard : https://osama.oc-perf.eu/dashboard/
√ -------------------------------------------------------------------------------
√ Plug-in Registry : https://osama.oc-perf.eu/plugin-registry/v3/
√ Devfile Registry : https://osama.oc-perf.eu/devfile-registry/
√ -------------------------------------------------------------------------------
Command server:deploy has completed successfully in 09:32.
Additional context
checluster.yml file
apiVersion: org.eclipse.che/v1
kind: CheCluster
metadata:
name: eclipse-che
spec:
auth:
externalIdentityProvider: true
identityProviderClientId: kubernetes
identityProviderRealm: git-dev
identityProviderURL: http://51.210.211.139:443/auth/realms/git-dev
openShiftoAuth: false
updateAdminPassword: false
server:
customCheProperties:
CHE_OIDC_USERNAME__CLAIM: "email"
keycloak.yml file
---
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
name: "keycloak-development"
#namespace: "che"
spec:
selector:
matchLabels:
app: "keycloak-development"
replicas: 1
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: "keycloak-development"
spec:
containers:
-
name: "keycloak-development"
image: "quay.io/keycloak/keycloak:10.0.0"
#args: ["start-dev"]
#args: ["standalone.sh --start-mode=admin-only "]
imagePullPolicy: "Always"
env:
-
name: "KEYCLOAK_USER"
value: "admin"
-
name: "KEYCLOAK_PASSWORD"
value: "admin"
-
name: "PROXY_ADDRESS_FORWARDING"
value: "true"
-
name: "DB_ADDR"
value: "postgres"
-
name: "DB_VENDOR"
value: "POSTGRES"
-
name: DB_USER
value: "postgres"
-
name: DB_PASSWORD
value: "postgres"
-
name: DB_DATABASE
value: keycloak
-
name : KEYCLOAK_HTTP_PORT
value : "80"
-
name: KEYCLOAK_HTTPS_PORT
value: "443"
-
name: VIRTUAL_PORT
value: "8080"
-
name: JDBC_PARAMS
value: useSSL=false
ports:
- name: "http"
containerPort: 8080
- name: "https"
containerPort: 8443
readinessProbe:
httpGet:
path: "/auth/realms/master"
port: 8080
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-development
#namespace: "che"
labels:
app: keycloak-development
spec:
ports:
- name: http
port: 443
targetPort: 8080
selector:
app: keycloak-development
type: LoadBalancer
ingress.yml file
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
che.eclipse.org/managed-annotations-digest: huexcUXXfXkuznMPAOTnseyJZYt08fRuvuyCj5uAzFE=
field.cattle.io/publicEndpoints: "null"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.org/websocket-services: che-gateway
creationTimestamp: "2022-03-21T15:21:31Z"
generation: 1
labels:
app.kubernetes.io/component: che
app.kubernetes.io/instance: che
app.kubernetes.io/managed-by: che-operator
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che
namespace: eclipse-che
ownerReferences:
- apiVersion: org.eclipse.che/v1
blockOwnerDeletion: true
controller: true
kind: CheCluster
name: eclipse-che
uid: b583ff83-47e5-4944-9c3e-e557d558edeb
resourceVersion: "6810829416"
uid: c1df3019-e15c-4fad-88ec-802a0a4b72a9
spec:
rules:
- host: osama.oc-perf.eu
http:
paths:
- backend:
service:
name: che-gateway
port:
number: 8080
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- osama.oc-perf.eu
secretName: che-tls
status:
loadBalancer: {}
@tolusha maybe you have some ideas smth. What caught my attention is the keycloak deployment which I think we removed in 7.42 https://github.com/eclipse/che/issues/21036
@tolusha maybe you have some ideas smth. What caught my attention is the keycloak deployment which I think we removed in 7.42 #21036
I manually deployed keycloak using the keycloak.yml file.
Keycloak is no longer part of Che deployment and can't be added.
I don't understand, should i use an OIDC providers other than keycloak or what ?
Maybe I misunderstood your request. I thought you wanted to add keycloak as a part of Eclipse Che deployment. That's way I closed the issue.
I am having the same problem, with almost same configuration as mentioned in this issue. The keyclock authentication page shown and after successful login, the '404 page not found' comes. This attached log of oauth-proxy container inside che-gateway, shows that authentication but subsequent gets are failing.
The only change compared to configs in this issue i have is as below:
kind: CheCluster
metadata:
name: eclipse-che
spec:
components:
cheServer:
extraProperties:
CHE_OIDC_USERNAME__CLAIM: email
serverExposureStrategy: 'single-host'
workspaceNamespaceDefault: 'che-<username>'
ingressStrategy: 'single-host'
networking:
auth:
identityProviderURL: 'https://keyxxxxxxxx/auth/realms/xxxrealm'
oAuthClientName: 'kubeclient'
oAuthSecret: BExxxxxxxxxxxxxxxxxxxx
Any other logs would be helpful? Is there a way to do a curl based checking from inside any of the che's containers?
@vsndev3 Could you file a separate issue and provide all needed details? https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.yml
@vsndev3 Could you file a separate issue and provide all needed details? https://github.com/eclipse/che/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.yml
I left the configuration running and when checked after two days, it seems now I am able to access the dashboard. Not sure what happened, but as is it working, will not file a new issue as of now.
Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.
Mark the issue as fresh with /remove-lifecycle stale in a new comment.
If this issue is safe to close now please do so.
Moderators: Add lifecycle/frozen label to avoid stale mode.
