search

DependencyTrack / helm-charts

Helm Charts for Dependency-Track
https://dependencytrack.org
Apache License 2.0
13 stars 14 forks source link

Can't able to login to frontend.(405 Not Allowed) #72

Closed numa1985 closed 1 month ago

numa1985 commented 1 month ago

Hi,

In the production can't able to connect to frontend with default credentails.PFB details.

Ingress for frontend

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: meta.helm.sh/release-name: "dependency-track" meta.helm.sh/release-namespace: "dependency-track"
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k nginx.ingress.kubernetes.io/proxy-buffering: "on" nginx.ingress.kubernetes.io/rewrite-target: /$1
generation: 1 labels: app: "dependency-track" app.kubernetes.io/instance: "dependency-track" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: "dependency-track" helm.sh/chart: platform-0.1.0 name: "dependency-track" namespace: "dependency-track" spec:
ingressClassName: nginx
rules:

Ingress for apiserver

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: meta.helm.sh/release-name: "dependency-track-api" meta.helm.sh/release-namespace: "dependency-track" nginx.ingress.kubernetes.io/proxy-buffer-size: 128k nginx.ingress.kubernetes.io/proxy-buffering: "on" nginx.ingress.kubernetes.io/rewrite-target: /$1 generation: 1 labels: app: "dependency-track" app.kubernetes.io/instance: "dependency-track" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: "dependency-track-api" helm.sh/chart: platform-0.1.0 name: "dependency-track-api" namespace: "dependency-track" spec: ingressClassName: nginx rules:

Values.yaml

apiServer: resources: requests: cpu: "2" memory: "4Gi" limits: cpu: "2" memory: "4Gi" persistentVolume: enabled: true size: 30Gi nodeSelector: agentpool: npuser3 kubernetes.io/os: linux extraEnv: ALPINE_DATABASE_MODE: "external" ALPINE_DATABASE_URL: "jdbc:sqlserver://.database.windows.net:1433;databaseName=SBOM;sendStringParametersAsUnicode=false;trustServerCertificate=false" ALPINE_DATABASE_DRIVER: "com.microsoft.sqlserver.jdbc.SQLServerDriver" ALPINE_DATABASE_USERNAME: "admin@" ALPINE_DATABASE_PASSWORD: '#{databasePassword}' SYSTEM_REQUIREMENT_CHECK_ENABLED: "false" initContainers:

frontend: apiBaseUrl: 'https://dependency-track-api.****.com/'

Error Info

nginx-ingress-nginx-controller-68466c9758-4mmm5:/etc/nginx$ curl -vlk https://dependency-track.private.***.com/api/v1/user/login -d "username=admin&password=admin"

image

image

image

api server webpage

image

Frontend webpage image

nscuro commented 1 month ago

You have a few options in your ingress (i.e. nginx.ingress.kubernetes.io/rewrite-target) that will affect how request paths are forwarded to the pod.

If you're getting a 405 you're hitting the wrong endpoint on the API server. For reference, when you click Login, a POST request is sent to /api/v1/user/login on the API server.

You'll need to debug if and where path segments are dropped or added. I can't help with that, and this is not an issue with the Helm chart.

numa1985 commented 1 month ago

@nscuro : Thanks for letting me know , I will try to modify rewrite targets and path prefix accordingly. In below snapshot of frontend login page ,when I tried logging in manually with default credentials , its throwing error with 304 error .Is there any variable that needs to be set for frontend in values.yaml or is there any port conflict that both the frontend and api server are using 8080. ?

image

ubuntu@NARU-Pr5530:~/sbom$ kubectl logs dependency-track-frontend-54b75f9644-7m7fk -n dependency-track |tail -10 10.100.0.172 - - [27/May/2024:13:31:26 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-" 10.100.0.172 - - [27/May/2024:13:31:26 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-" 10.100.0.172 - - [27/May/2024:13:31:41 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-" 10.100.0.172 - - [27/May/2024:13:31:41 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-" 10.100.0.172 - - [27/May/2024:13:31:56 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-" 10.100.0.172 - - [27/May/2024:13:31:56 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-" 10.100.0.105 - - [27/May/2024:13:32:05 +0000] "GET /login?redirect=%2Fdashboard HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0" "172.20.30.24" 10.100.0.105 - - [27/May/2024:13:32:05 +0000] "GET /static/config.json HTTP/1.1" 304 0 "https://dependency-track.private.*****.com/login?redirect=%2Fdashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0" "172.20.30.24" 10.100.0.172 - - [27/May/2024:13:32:11 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-" 10.100.0.172 - - [27/May/2024:13:32:11 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"

numa1985 commented 1 month ago

@nscuro : Am able to fix the ingress issue and currently was able to reach the login api with default credentials. Thanks

WantDead commented 2 weeks ago

@nscuro : Am able to fix the ingress issue and currently was able to reach the login api with default credentials. Thanks

please share how exactly you solved this problem because I faced the same thing

numa1985 commented 2 weeks ago

@WantDead : I had tried with below in the values.yaml and worked as expected for me.

ingress: enabled: true annotations: nginx.ingress.kubernetes.io/client-max-body-size: 5m nginx.ingress.kubernetes.io/proxy-body-size: 5m nginx.ingress.kubernetes.io/proxy-buffer-size: 128k nginx.ingress.kubernetes.io/proxy-buffering: "on" hostname: "dependency-track.*****.com"
ingressClassName: "nginx" tls:

WantDead commented 2 weeks ago

@WantDead : I had tried with below in the values.yaml and worked as expected for me.

ingress: enabled: true annotations: nginx.ingress.kubernetes.io/client-max-body-size: 5m nginx.ingress.kubernetes.io/proxy-body-size: 5m nginx.ingress.kubernetes.io/proxy-buffer-size: 128k nginx.ingress.kubernetes.io/proxy-buffering: "on" hostname: "dependency-track.*****.com" ingressClassName: "nginx" tls:

* secretName: ****.com
  hosts:

  * "dependency-track.****.com"

thanks, dude