kafka-ui icon indicating copy to clipboard operation
kafka-ui copied to clipboard

Published 20 hours ago verified publisher icon provectus

Basic Auth and multiple instances of Kafka-UI - deployed - Authentication failure

Open javapapo opened this issue 1 year ago • 3 comments

Issue submitter TODO list

  • [X] I've looked up my issue in FAQ
  • [X] I've searched for an already existing issues here
  • [X] I've tried running master-labeled docker image and the issue still persists there
  • [X] I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

Hello folks I am not sure if this is a bug or in general how its supposed to be but this is on the intersection of Ops and Dev.

So my case is that I deploy kafka-ui on a k8s cluster, with basic auth enabled.

AUTH_TYPE: "LOGIN_FORM"
SPRING_SECURITY_USER_NAME: admin
  SPRING_SECURITY_USER_PASSWORD: ${PROD_PWD}

Everything is fine - Until I try to naively scale the deployment from 1 instance to 2. Replicas to K8s lingo on the helm deployment.

replicas: 1

What I think is happening is that you get 2 identical instances of Kafka-UI - (pods) deployed.

  • You hit the Service URL - k8s - service - Instance 1 is serving the login page
  • You submit the credentials you get authenticated on that instance
  • But due to the load balancer - you get your next request to render the dashboard - to the other instance where you are are not authenticated.

Expected behavior

Naively I would expect It would work,

Your installation details

  • Latest docker image of kafka-UI

Steps to reproduce

Deploy 2 instances of kafka-ui under the same k8s service or behind a Load Balancer no sticky sessions.

replicas: 2

What I think is happening is that you get 2 identical instances of Kafka-UI - (pods) deployed.

  • You hit the Service URL - k8s - service - Instance 1 is serving the login page
  • You submit the credentials you get authenticated on that instance
  • But due to the load balancer - you get your next request to render the dashboard - to the other instance where you are are not authenticated.

Screenshots

Not Available

Logs

Authentication failures

Additional context

No response

javapapo avatar May 13 '24 11:05 javapapo

Hello there javapapo! 👋

Thank you and congratulations 🎉 for opening your very first issue in this project! 💖

In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀

github-actions[bot] avatar May 13 '24 11:05 github-actions[bot]

I guess there is no solution - since the Spring Security context is not shared... so you can not loadbalance.

javapapo avatar May 13 '24 11:05 javapapo

Hi, this repo is not maintained (#4255). Glad to help you here though: https://github.com/kafbat/kafka-ui

Haarolean avatar May 13 '24 16:05 Haarolean

oops!

javapapo avatar May 14 '24 11:05 javapapo

Thanks @Haarolean - will try to migrate to the new-deployment.

javapapo avatar May 14 '24 11:05 javapapo