kube-oidc-proxy
kube-oidc-proxy copied to clipboard
Published
20 hours ago •
jetstack
jetstack
helm chart install : problem with 127.0.0.1:8080
I deployed the helm chart, and started the port forwarding as suggested in the helm output. When navigating to http://127.0.0.1:8080/ , the browser tells me
This page isn’t working
127.0.0.1 didn’t send any data.
ERR_EMPTY_RESPONSE
And the port-forward messages give:
E0103 20:23:11.509155 11270 portforward.go:400] an error occurred forwarding 8080 -> 80: error forwarding port 80 to pod 88fd7849efde6c4bbed4ea689bcfb4b3bdf155b29259fd0f5c1c5a1d6ef570eb, uid : exit status 1: 2020/01/03 19:23:11 socat[28745] E connect(5, AF=2 127.0.0.1:80, 16): Connection refused
Any idea if I am doing something wrong ?
Not too sure what would be going wrong here. Are the any logs in kube-oidc-proxy you can post?
@JoshVanL I had the same problem. Here is the helm file I used: Any suggestion here?
# Default values for kube-oidc-proxy.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: quay.io/jetstack/kube-oidc-proxy
tag: v0.3.0
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
service:
type: ClusterIP
port: 443
annotations:
# You can use this field to add annotations to the Service.
# Define it in a key-value pairs. E.g.
# service.beta.kubernetes.io/aws-load-balancer-internal: true
loadBalancerIP: ""
loadBalancerSourceRanges: []
tls:
# `secretName` must be a name of Secret of TLS type. If not provided a
# self-signed certificate will get generated.
secretName:
# These values needs to be set in overrides in order to get kube-oidc-proxy
# working.
oidc:
# A minimal configuration requires setting clientId, issuerUrl and usernameClaim
# values.
clientId: "my-client"
issuerUrl: "https://login.microsoftonline.com/${MYTENANTID}/v2.0"
usernameClaim: "email"
# PEM encoded value of CA cert that will verify TLS connection to
# OIDC issuer URL. If not provided, default hosts root CA's will be used.
caPEM:
usernamePrefix:
groupsClaim:
groupsPrefix:
signingAlgs:
- RS256
requiredClaims: {}
# To enable token passthrough feature
# https://github.com/jetstack/kube-oidc-proxy/blob/master/docs/tasks/token-passthrough.md
tokenPassthrough:
enabled: false
audiences: []
# To add extra impersonation headers
# https://github.com/jetstack/kube-oidc-proxy/blob/master/docs/tasks/extra-impersonation-headers.md
extraImpersonationHeaders:
clientIP: false
#headers: key1=foo,key2=bar,key1=bar
extraArgs: {}
#audit-log-path: /audit-log
#audit-policy-file: /audit/audit.yaml
extraVolumeMounts: {}
#- name: audit
# mountPath: /audit
# readOnly: true
extraVolumes: {}
#- configMap:
#defaultMode: 420
#name: kube-oidc-proxy-policy
#name: audit
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Enable Pod Disruption Budget
podDisruptionBudget:
enabled: false
minAvailable: 1
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
#
initContainers: []
nodeSelector: {}
tolerations: []
