console icon indicating copy to clipboard operation
console copied to clipboard
verified publisher icon openshift

Please configure authentication to use the web console

Open jsakil14 opened this issue 1 year ago • 2 comments

Hi,

today when I was trying to launch the okd console , I was greeted with below message : Please configure authentication to use the web console.

Not sure , if there is a new image pushed and might be need to patch notes...Trying to troubleshoot this one, any help appreciated

a. Kubevirt cluster - 3 node physical b. Used ci/deploy-console.sh & additional components from the ci/ & yaml/ folders c. I cant attach images here , it is basically node port connected over browser giving the output as below:

Please configure authentication to use the web console.

logs from console pod

k logs console-798cf56f96-xh88k I0902 07:16:33.814995 1 main.go:214] The following console plugins are enabled: I0902 07:16:33.815031 1 main.go:216] - forklift-console-plugin W0902 07:16:33.815039 1 authoptions.go:112] Flag inactivity-timeout is set to less then 300 seconds and will be ignored! W0902 07:16:33.815211 1 authoptions.go:259] console is disabled -- no authentication method configured I0902 07:16:33.815256 1 main.go:634] Binding to 0.0.0.0:9000... I0902 07:16:33.815272 1 main.go:636] using TLS 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:57769: remote error: tls: unknown certificate 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:51679: remote error: tls: unknown certificate 2024/09/02 07:16:40 http: TLS handshake error from 172.16.149.19:62944: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:45346: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:43350: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:36632: remote error: tls: unknown certificate console deployment output:

apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "2" kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"console","namespace":"konveyor-forklift"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"console"}},"template":{"metadata":{"labels":{"name":"console"}},"spec":{"containers":[{"env":[{"name":"BRIDGE_USER_AUTH","value":"disabled"},{"name":"BRIDGE_LISTEN","value":"https://0.0.0.0:9000"},{"name":"BRIDGE_TLS_CERT_FILE","value":"/var/run/secrets/console-serving-cert/tls.crt"},{"name":"BRIDGE_TLS_KEY_FILE","value":"/var/run/secrets/console-serving-cert/tls.key"},{"name":"BRIDGE_PLUGINS","value":"forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080"},{"name":"BRIDGE_PLUGIN_PROXY","value":"{"services":[\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",\n "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n },\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",\n "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n }]}\n"}],"image":"quay.io/openshift/origin-console:latest","name":"console","volumeMounts":[{"mountPath":"/var/run/secrets/console-serving-cert","name":"console-serving-cert"},{"mountPath":"/etc/ssl/certs/forklift-ca.crt","name":"forklift-cert","subPath":"ca.crt"}]}],"serviceAccountName":"console","volumes":[{"name":"forklift-cert","secret":{"secretName":"forklift-cert"}},{"name":"console-serving-cert","secret":{"secretName":"console-serving-cert"}}]}}}} creationTimestamp: "2024-09-02T07:10:02Z" generation: 2 name: console namespace: konveyor-forklift resourceVersion: "187602490" uid: cd3cc6a3-3aa3-4788-867f-1beb44a5c9db spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: name: console strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: name: console spec: containers:

  • env:
  • name: BRIDGE_USER_AUTH value: disabled
  • name: BRIDGE_LISTEN value: https://0.0.0.0:9000
  • name: BRIDGE_TLS_CERT_FILE value: /var/run/secrets/console-serving-cert/tls.crt
  • name: BRIDGE_TLS_KEY_FILE value: /var/run/secrets/console-serving-cert/tls.key
  • name: BRIDGE_PLUGINS value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
  • name: BRIDGE_PLUGIN_PROXY value: | {"services":[ { "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/", "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443", "authorize":true }, { "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/", "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443", "authorize":true }]} image: quay.io/openshift/origin-console:latest imagePullPolicy: Always name: console resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts:
  • mountPath: /var/run/secrets/console-serving-cert name: console-serving-cert
  • mountPath: /etc/ssl/certs/forklift-ca.crt name: forklift-cert subPath: ca.crt dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: console serviceAccountName: console terminationGracePeriodSeconds: 30 volumes:
  • name: forklift-cert secret: defaultMode: 420 secretName: forklift-cert
  • name: console-serving-cert secret: defaultMode: 420 secretName: console-serving-cert status: availableReplicas: 1 conditions:

lastTransitionTime: "2024-09-02T07:10:22Z" lastUpdateTime: "2024-09-02T07:10:22Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available lastTransitionTime: "2024-09-02T07:10:02Z" lastUpdateTime: "2024-09-02T07:16:31Z" message: ReplicaSet "console-798cf56f96" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 2 readyReplicas: 1 replicas: 1 updatedReplicas: 1

jsakil14 avatar Sep 10 '24 16:09 jsakil14

I reverted to old version of image: quay.io/openshift/origin-console:4.9.0 instead of image: quay.io/openshift/origin-console:latest ; which seems to have resolved the issue with authentication - Going through the image files, seems like only noticeable change is OS is moved to rhel9 from older rhel8 - but dont know what VAR it is looking for...

spec: containers:

  • env:
  • name: BRIDGE_USER_AUTH value: disabled
  • name: BRIDGE_LISTEN value: https://0.0.0.0:9000
  • name: BRIDGE_TLS_CERT_FILE value: /var/run/secrets/console-serving-cert/tls.crt
  • name: BRIDGE_TLS_KEY_FILE value: /var/run/secrets/console-serving-cert/tls.key
  • name: BRIDGE_PLUGINS value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
  • name: BRIDGE_PLUGIN_PROXY

jsakil14 avatar Sep 10 '24 16:09 jsakil14

BUMP!

jsakil14 avatar Sep 12 '24 13:09 jsakil14

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Dec 12 '24 01:12 openshift-bot

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot avatar Jan 11 '25 08:01 openshift-bot

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-bot avatar Feb 11 '25 00:02 openshift-bot

@openshift-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci[bot] avatar Feb 11 '25 00:02 openshift-ci[bot]