Closed orefalo closed 10 months ago
mlbiam
commented
1 year ago interesting, that JMS one I actually did run into on another deployment but wasn't able to reproduce in any local clusters (I use civo, kubeadm, aks, eks for testing). But I think I know what that issue is. Let me put together a testing container for you to try. Can you please tell me specifically:
orefalo
commented
1 year ago 1.
I use 'v1.23.6+k3s1' but can really move to any version, as the infra is fully scripted. In fact, why don't you just connect to my k8s instance, I will discard it once you are done.
We just need to find a way to share credentials securely, my id is "kamikaze1001" on https://keybase.io/
2.
# https://openunison.github.io/deployauth/#host-names-and-networking
network:
openunison_host: 'k8sou.snapcore.com'
dashboard_host: 'k8sdb.snapcore.com'
api_server_host: 'k8sapi.snapcore.com'
session_inactivity_timeout_seconds: 900
k8s_url: https://192.168.2.130:6443
force_redirect_to_tls: true
# create a self signed certificate, I use a wildcard
createIngressCertificate: false
ingress_type: nginx
ingress_annotations: {}
# I believe this section is not usefull with createIngressCertificate: false
cert_template:
ou: 'Kubernetes'
o: 'SnapCore'
l: 'My Cluster'
st: 'Florida'
c: 'USA'
image: docker.io/tremolosecurity/openunison-k8s
myvd_config_path: 'WEB-INF/myvd.conf'
k8s_cluster_name: openunison-cp
# Determine if you want to integrate your cluster directly with OpenUnison using OpenID Connect (false), or use OpenUnison's integrated impersonating
# reverse proxy when interacting with the API server (true). In general, if you're working with an on-premises cluster this will be false.
# If you're using a hosted, or managed, cluster such as EKS or Civo this would by true.
enable_impersonation: false
impersonation:
use_jetstack: true
jetstack_oidc_proxy_image: docker.io/tremolosecurity/kube-oidc-proxy:latest
explicit_certificate_trust: true
dashboard:
enabled: false
# namespace: 'kubernetes-dashboard'
# cert_name: 'kubernetes-dashboard-certs'
# label: 'k8s-app=kubernetes-dashboard'
# service_name: kubernetes-dashboard
# require_session: true
certs:
use_k8s_cm: false
trusted_certs: []
monitoring:
prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s
github:
# GitHub configure 'OAuth Apps' -> 'New OAuth App', add callback URL
# https://github.com/settings/developers
client_id: 1234
teams: SnapCore/
services:
enable_tokenrequest: false
token_request_audience: api
token_request_expiration_seconds: 600
node_selectors: []
openunison:
replicas: 1
non_secret_data:
K8S_DB_SSO: oidc
PROMETHEUS_SERVICE_ACCOUNT: system:serviceaccount:monitoring:prometheus-k8s
SHOW_PORTAL_ORGS: 'false'
secrets: []
html:
image: docker.io/tremolosecurity/openunison-k8s-html
enable_provisioning: false
use_standard_jit_workflow: true2023-04-26 13:48:16,479][XNIO-1 task-2] ERROR request - UT005023: Exception handling request to /check_alive │ │ org.apache.jasper.JasperException: javax.servlet.ServletException: java.lang.IllegalStateException: JBWEB004239: Page needs a sessi │
i think i fixed the main issue. Delete the openunison-operator pod, then re-run ouctl you should be up and running again. (the other exception shouldn't hamper you while I figure that one out)
orefalo
commented
1 year ago just retried - getting a little further. orchestra won't start
it's hard to get the logs with k9s b/c the pod keeps on restarting...
but I can get the events easy... I was getting the same error when running via helmsman: failed for volume "secret-volume" : secret "orchestra" not found
not sure what this orchestra secret is, the main reason I am trying with 'ouctl'
│ Events: │
│ Type Reason Age From Message │
│ ---- ------ ---- ---- ------- │
│ Normal Scheduled 43s default-scheduler Successfully assigned openunison/openunison-orchestra-5bbd547cdd-r6w5h to s1 │
│ Warning FailedMount 40s (x4 over 44s) kubelet MountVolume.SetUp failed for volume "secret-volume" : secret "orchestra" not found │
│ Normal Pulled 17s kubelet Successfully pulled image "docker.io/tremolosecurity/openunison-k8s" in 18.351006289s (18.3510137 │
│ 69s including waiting) │
│ Normal Pulling 11s (x2 over 36s) kubelet Pulling image "docker.io/tremolosecurity/openunison-k8s" │
│ Normal Created 10s (x2 over 17s) kubelet Created container openunison-orchestra │
│ Normal Pulled 10s kubelet Successfully pulled image "docker.io/tremolosecurity/openunison-k8s" in 836.423205ms (836.462568m │
│ s including waiting) │
│ Normal Started 9s (x2 over 17s) kubelet Started container openunison-orchestra │
│ Warning BackOff 2s kubelet Back-off restarting failed container openunison-orchestra in pod openunison-orchestra-5bbd547cdd- │
│ r6w5h_openunison(f6bc63c4-1061-4f20-9359-505e28a34ed2)turns out, the secret is actually defined
│ Name: orchestra │
│ Namespace: openunison │
│ Labels: <none> │
│ Annotations: tremolo.io/last_updated: 2023-04-26T17:16:26.877Z │
│ │
│ Type: Opqaue │
│ │
│ Data │
│ ==== │
│ cacerts.jks: 146661 bytes │
│ openunison.yaml: 583 bytes │
│ ou.env: 833 bytes │
│ unisonKeyStore.p12: 164794 bytesand I got the logs this time
[2023-04-26 17:24:28,126][main] INFO OpenUnisonOnUndertow - Adding property : 'SHOW_PORTAL_ORGS' │
│ [2023-04-26 17:24:28,126][main] INFO OpenUnisonOnUndertow - Adding property : 'OPENUNISON_PROVISIONING_ENABLED' │
│ [2023-04-26 17:24:28,134][main] INFO OpenUnisonOnUndertow - Adding property : 'MYVD_CONFIG_PATH' │
│ [2023-04-26 17:24:28,134][main] INFO OpenUnisonOnUndertow - Adding property : 'K8S_CLUSTER_NAME' │
│ [2023-04-26 17:24:28,134][main] INFO OpenUnisonOnUndertow - Loading keystore for Undertow │
│ [2023-04-26 17:24:28,139][main] INFO OpenUnisonOnUndertow - OpenUnison XML File : '/usr/local/openunison/work/webapp/WEB-INF/unison.xml' │
│ [2023-04-26 17:24:28,167][main] INFO OpenUnisonConfigLoader - No config from include files, using original │
│ Exception in thread "main" javax.xml.bind.UnmarshalException │
│ - with linked exception: │
│ [org.xml.sax.SAXParseException; lineNumber: 180; columnNumber: 62; An invalid XML character (Unicode: 0x1a) was found in the element content of the document.] │
│ at javax.xml.bind.helpers.AbstractUnmarshallerImpl.createUnmarshalException(AbstractUnmarshallerImpl.java:340) │
│ at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.createUnmarshalException(UnmarshallerImpl.java:578) │
│ at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:264) │
│ at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:229) │
│ at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:170) │
│ at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:209) │
│ at com.tremolosecurity.openunison.undertow.OpenUnisonOnUndertow.main(OpenUnisonOnUndertow.java:251) │
│ Caused by: org.xml.sax.SAXParseException; lineNumber: 180; columnNumber: 62; An invalid XML character (Unicode: 0x1a) was found in the element content of the d │
│ at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) │
│ at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source) │
│ at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) │
│ at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) │
│ at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) │
│ at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source) │
│ at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) │
│ at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) │
│ at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) │
│ at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) │
│ at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) │
│ at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) │
│ at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) │
│ at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:258) │
│ ... 4 more │
│ Stream closed EOF for openunison/openunison-orchestra-5bbd547cdd-fh9cd (openunison-orchestra)operator logs
│ Autoscroll:On FullScreen:Off Timestamps:Off Wrap:Off │
│ command: operator │
│ url: https://kubernetes.default.svc │
│ namespace: openunison │
│ path to token: /var/run/secrets/kubernetes.io/serviceaccount/token │
│ path to certificate: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt │
│ versions: 2,3,4,5,6 │
│ Testing version 6 │
│ URL: https://kubernetes.default.svc/apis/openunison.tremolo.io/v6/namespaces/openunison/openunisons │
│ Watch URL: https://kubernetes.default.svc/apis/openunison.tremolo.io/v6/namespaces/openunison/openunisons │
│ Processing {"apiVersion":"openunison.tremolo.io/v6","items":[{"apiVersion":"openunison.tremolo.io/v6","kind":"OpenUnison","metadata":{"annotations":{"argocd.ar │
│ │
│ Processing 2821 │
│ Resource 2821 has not changed, not processing │
│ Watching https://kubernetes.default.svc/apis/openunison.tremolo.io/v6/namespaces/openunison/openunisons?watch=true&timeoutSeconds=10&allowWatchBookmarks=true&r │
│ Type: BOOKMARK │
│ Resource Version: 12959 │
│ Type: BOOKMARK │
│ Resource Version: 12959 │
│ Watching https://kubernetes.default.svc/apis/openunison.tremolo.io/v6/namespaces/openunison/openunisons?watch=true&timeoutSeconds=10&allowWatchBookmarks=true&r │
│ Watching https://kubernetes.default.svc/apis/openunison.tremolo.io/v6/namespaces/openunison/openunisons?watch=true&timeoutSeconds=10&allowWatchBookmarks=true&r │
│ │
│ │
│ │
│I was getting the same error when running via helmsman: failed for volume "secret-volume" : secret "orchestra" not found
The operator generates that secret based on your orchestra-secrets-source and the certificates. The openunison-orchestra Deployment is created before the operator is done running, so in an eventually consistent world this error goes away once the operator is done running.
An invalid XML character (Unicode: 0x1a) was found in the element content of the document.]
One of the key values in the orchestra-secrets-source Secret must contain this character. That's a new one, I've never seen that. if you look at the ou.env key in the orchestra Secret you can find which value specifically has it.
orefalo
commented
1 year ago yeah, quite a few Unicode indeed ;-)
│ GITHUB_SECRET_ID: nono12345 │
│ K8S_DB_SECRET: "�qR�\x03�P�ʌ�i�s�z8�̂e�H�c�L�ƶ�\x17Q��vr�>&\x18l�\x0F\x01��\0\x0F\x06�aX�c��~T�/���" │
│ unisonKeystorePassword: "�.���E���Ī����\x1A?Q�����\x16S��F�i�U-��u��nO���\x197J��tڅ���)�6�36�n�V"Interesting, I didn't pick these random values - ouctl did.
my installation ouctl line is
ouctl install-auth-portal -s secret.txt openunison_values.yamlin fact.. it's like if they were not base64 encoded
mlbiam
commented
1 year ago Interesting, I didn't pick these random values - ouctl did.
wow. that's...wow. i'm ooking at the code and the source material is abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
you're right, it looks like it didn't get base64 encoded properly, which is odd because its the kubernetes client sdk that does that. We're using the standard Secret objects. if you delete orchestra-secrets-source and try again does it give you a similar looking secret?
orefalo
commented
1 year ago No... Now that very interesting...
the secret is properly encoded this time around.
.. and orchestra is properly starting.. barking on the logs
javax.servlet.ServletException: Unknown URI : /auth/idp/k8sIdp/.well-known/openid-configuration │
│ at com.tremolosecurity.proxy.auth.AuthMgrSys.doAuthMgr(AuthMgrSys.java:116) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:126) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.proxy.auth.AzSys.doAz(AzSys.java:89) ~[unison-sdk-1.0.34.jar:?] │
│ at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:111) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.proxy.auth.AuthSys.doAuth(AuthSys.java:88) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:105) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.proxy.ConfigSys.doConfig(ConfigSys.java:269) [unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:93) [unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.filter.UnisonServletFilter.doFilter(UnisonServletFilter.java:299) [unison-server-core-1.0.34.jar:?] │
│ at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67) [undertow-servlet-2.2.23.Final.jar:2.2.23.Final] │
│ at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.2.23.Final.jar:2.2.23 │
│ at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.2.23.Final.jar:2.2.23.Final] │
│ at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet- │
│ at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.2.23.Final.jar:2.2.23.Final] │
│ at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.2.23.Fina │
│ at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.2.23.Final.jar:2.2.23.F │
│ at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117) [unde │
│ at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [under │
│ at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.2.23.Final.jar:2.2.23.Final] │
│ at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.2 │
│ at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.j │
│ at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2 │
│ at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [und │
│ at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java: │
│ at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.2.23.Final.jar:2.2.23.Final] │
│ at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52) [undertow-servlet-2.2.23.Final.jar:2.2. │
│ at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.2.23.Final.jar:2.2.23.Final] │
│ at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275) [undertow-servlet-2.2.23.Final. │
│ at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79) [undertow-servlet-2.2.23.Final.jar:2.2.2 │
│ at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134) [undertow-servlet-2.2.23.Final.jar:2.2.23.F │
│ at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131) [undertow-servlet-2.2.23.Final.jar:2.2.23.F │
│ at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-serv │
│ at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.2.23.Final.j │
│ at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255) [undertow-servlet-2.2.23.Final.jar │
│ at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79) [undertow-servlet-2.2.23.Final.jar:2.2.2 │
│ at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100) [undertow-servlet-2.2.23.Final.jar │
│ at io.undertow.server.Connectors.executeRootHandler(Connectors.java:393) [undertow-core-2.2.23.Final.jar:2.2.23.Final] │
│ at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852) [undertow-core-2.2.23.Final.jar:2.2.23.Final] │
│ at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-2.3.6.Final.jar:2.3.6 │
│ at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) [jboss-threads-2.3.6.Final.jar:2.3.6.Final] │
│ at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) [jboss-threads-2.3.6.Final.jar:2.3.6.Fi │
│ at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) [jboss-threads-2.3.6.Final.jar:2.3.6.Final] │
│ at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282) [xnio-api-3.8.8.Final.jar:3.8.8.Final] │
│ at java.lang.Thread.run(Thread.java:829) [?:?][2023-04-26 18:59:26,828][XNIO-1 task-2] INFO AccessLog - [Error] - UNKNOWN - https://127.0.0.1:8443/auth/idp/k8sIdp/.well-known/openid-con │
│ [2023-04-26 18:59:26,828][XNIO-1 task-2] ERROR ConfigSys - Could not process request │
│ javax.servlet.ServletException: Unknown URI : /auth/idp/k8sIdp/.well-known/openid-configuration │
│ at com.tremolosecurity.proxy.auth.AuthMgrSys.doAuthMgr(AuthMgrSys.java:116) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:126) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.proxy.auth.AzSys.doAz(AzSys.java:89) ~[unison-sdk-1.0.34.jar:?] │
│ at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:111) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.proxy.auth.AuthSys.doAuth(AuthSys.java:88) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:105) ~[unison-server-core-1.0.34.jar:?][2023-04-26 18:59:16,805][XNIO-1 task-1] INFO AccessLog - [AzSuccess] - CheckAlive - https://127.0.0.1:8443/check_alive - uid=Anonymous,o=T │
│ [2023-04-26 18:59:26,754][XNIO-1 task-1] INFO AccessLog - [Error] - UNKNOWN - https://127.0.0.1:8443/auth/idp/k8sIdp/.well-known/openid-con │
│ [2023-04-26 18:59:26,756][XNIO-1 task-1] ERROR ConfigSys - Could not process request │
│ javax.servlet.ServletException: Unknown URI : /auth/idp/k8sIdp/.well-known/openid-configuration │
│ at com.tremolosecurity.proxy.auth.AuthMgrSys.doAuthMgr(AuthMgrSys.java:116) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.embedd.NextEmbSys.nextSys(NextEmbSys.java:126) ~[unison-server-core-1.0.34.jar:?] │
│ at com.tremolosecurity.proxy.auth.AzSys.doAz(AzSys.java:89) ~[unison-sdk-1.0.34.jar:?]going to bed now, will continue tomorrow
mlbiam
commented
1 year ago │ javax.servlet.ServletException: Unknown URI : /auth/idp/k8sIdp/.well-known/openid-configuration
this is expected until the final chart is deployed. did the ouctl command finish?
orefalo
commented
1 year ago Morning, no
2023/04/27 06:50:34 Ignoring delete failure for "metrics" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "metrics" not found
2023/04/27 06:50:34 Ignoring delete failure for "anonfiles" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "anonfiles" not found
2023/04/27 06:50:34 Ignoring delete failure for "k8sidp" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8sidp" not found
2023/04/27 06:50:34 Ignoring delete failure for "completelogin" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "completelogin" not found
2023/04/27 06:50:34 Ignoring delete failure for "completelogin-cli" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "completelogin-cli" not found
2023/04/27 06:50:34 Ignoring delete failure for "k8s-login-cli-redirect" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-cli-redirect" not found
2023/04/27 06:50:34 Ignoring delete failure for "k8s-login-cli" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-cli" not found
2023/04/27 06:50:34 Ignoring delete failure for "k8s-login-tokens" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-tokens" not found
2023/04/27 06:50:34 Ignoring delete failure for "root-redirect" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "root-redirect" not found
2023/04/27 06:50:34 Ignoring delete failure for "logout" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "logout" not found
2023/04/27 06:50:34 Starting delete for "oauth2jwt-login" AuthenticationChain
2023/04/27 06:50:34 Starting delete for "login-service-cli" AuthenticationChain
2023/04/27 06:50:34 Starting delete for "enterprise-idp-cli" AuthenticationChain
2023/04/27 06:50:34 Starting delete for "login-service" AuthenticationChain
2023/04/27 06:50:34 Starting delete for "enterprise-idp" AuthenticationChain
2023/04/27 06:50:34 Starting delete for "oauth2k8s" AuthenticationChain
2023/04/27 06:50:35 Ignoring delete failure for "enterprise-idp" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "enterprise-idp" not found
2023/04/27 06:50:35 Ignoring delete failure for "oauth2jwt-login" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "oauth2jwt-login" not found
2023/04/27 06:50:35 Ignoring delete failure for "oauth2k8s" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "oauth2k8s" not found
2023/04/27 06:50:35 Ignoring delete failure for "login-service" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "login-service" not found
2023/04/27 06:50:35 Ignoring delete failure for "login-service-cli" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "login-service-cli" not found
2023/04/27 06:50:35 Ignoring delete failure for "enterprise-idp-cli" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "enterprise-idp-cli" not found
2023/04/27 06:50:35 Starting delete for "include" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "saml2" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "oauth2jwt" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "oauth2k8s" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "map" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "github" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "az" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "js" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "jit" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "login-service" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "login-form" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "genoidctoken" AuthenticationMechanism
2023/04/27 06:50:35 Starting delete for "oidc" AuthenticationMechanism
2023/04/27 06:50:35 Ignoring delete failure for "include" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "include" not found
2023/04/27 06:50:35 Ignoring delete failure for "saml2" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "saml2" not found
2023/04/27 06:50:35 Ignoring delete failure for "oauth2jwt" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oauth2jwt" not found
2023/04/27 06:50:35 Ignoring delete failure for "github" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "github" not found
2023/04/27 06:50:35 Ignoring delete failure for "oauth2k8s" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oauth2k8s" not found
2023/04/27 06:50:35 Ignoring delete failure for "az" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "az" not found
2023/04/27 06:50:35 Ignoring delete failure for "jit" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "jit" not found
2023/04/27 06:50:35 Ignoring delete failure for "map" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "map" not found
2023/04/27 06:50:35 Ignoring delete failure for "js" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "js" not found
2023/04/27 06:50:35 Ignoring delete failure for "login-service" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "login-service" not found
2023/04/27 06:50:35 Ignoring delete failure for "oidc" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oidc" not found
2023/04/27 06:50:35 Ignoring delete failure for "login-form" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "login-form" not found
2023/04/27 06:50:35 Ignoring delete failure for "genoidctoken" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "genoidctoken" not found
2023/04/27 06:50:35 Starting delete for "github" CustomAuthorization
2023/04/27 06:50:35 Ignoring delete failure for "github" openunison.tremolo.io/v1, Kind=CustomAuthorization: customazs.openunison.tremolo.io "github" not found
2023/04/27 06:50:35 Starting delete for "clear-sessions" OUJob
2023/04/27 06:50:35 Ignoring delete failure for "clear-sessions" openunison.tremolo.io/v1, Kind=OUJob: oujobs.openunison.tremolo.io "clear-sessions" not found
2023/04/27 06:50:35 Starting delete for "local-deployment" Org
2023/04/27 06:50:35 Ignoring delete failure for "local-deployment" openunison.tremolo.io/v1, Kind=Org: orgs.openunison.tremolo.io "local-deployment" not found
2023/04/27 06:50:35 Starting delete for "oauth2token" PortalUrl
2023/04/27 06:50:35 Ignoring delete failure for "oauth2token" openunison.tremolo.io/v1, Kind=PortalUrl: portalurls.openunison.tremolo.io "oauth2token" not found
2023/04/27 06:50:35 Starting delete for "scale-redirect" ResultGroup
2023/04/27 06:50:35 Starting delete for "logout-dashboard" ResultGroup
2023/04/27 06:50:35 Starting delete for "oauth2bearer" ResultGroup
2023/04/27 06:50:35 Starting delete for "default-login-failure" ResultGroup
2023/04/27 06:50:35 Starting delete for "force-logout" ResultGroup
2023/04/27 06:50:35 Starting delete for "logout" ResultGroup
2023/04/27 06:50:35 Starting delete for "redirect-to-local-login" ResultGroup
2023/04/27 06:50:35 Ignoring delete failure for "logout-dashboard" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "logout-dashboard" not found
2023/04/27 06:50:35 Ignoring delete failure for "scale-redirect" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "scale-redirect" not found
2023/04/27 06:50:35 Ignoring delete failure for "logout" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "logout" not found
2023/04/27 06:50:35 Ignoring delete failure for "oauth2bearer" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "oauth2bearer" not found
2023/04/27 06:50:35 Ignoring delete failure for "force-logout" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "force-logout" not found
2023/04/27 06:50:35 Ignoring delete failure for "default-login-failure" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "default-login-failure" not found
2023/04/27 06:50:35 Ignoring delete failure for "redirect-to-local-login" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "redirect-to-local-login" not found
2023/04/27 06:50:35 Starting delete for "jitdb" Target
2023/04/27 06:50:36 Ignoring delete failure for "jitdb" openunison.tremolo.io/v1, Kind=Target: targets.openunison.tremolo.io "jitdb" not found
2023/04/27 06:50:36 Starting delete for "jitdb" Workflow
2023/04/27 06:50:36 Ignoring delete failure for "jitdb" openunison.tremolo.io/v1, Kind=Workflow: workflows.openunison.tremolo.io "jitdb" not found
2023/04/27 06:50:36 purge requested for orchestra-login-portal
Waiting a few seconds...
Try #%!i(int=3)
2023/04/27 06:50:49 creating 48 resource(s)
Error installing chart orchestra-login-portal - Internal error occurred: failed calling webhook "applications-openunison.tremolo.io": failed to call webhook: Post "https://openunison-orchestra.openunison.svc:443/k8s/webhooks/v1/applications?timeout=5s": x509: certificate signed by unknown authority, deleting and retrying
2023/04/27 06:50:51 uninstall: Deleting orchestra-login-portal
2023/04/27 06:50:51 Starting delete for "ouhtml-orchestra-login-portal" Service
2023/04/27 06:50:51 Starting delete for "ouhtml-orchestra-login-portal" Deployment
2023/04/27 06:50:51 Starting delete for "ouhtml-orchestra-login-portal" ServiceAccount
2023/04/27 06:50:51 Starting delete for "logout" Application
2023/04/27 06:50:51 Starting delete for "scale" Application
2023/04/27 06:50:51 Starting delete for "completelogin-cli" Application
2023/04/27 06:50:51 Starting delete for "k8s-login-cli-redirect" Application
2023/04/27 06:50:51 Starting delete for "k8s-login-cli" Application
2023/04/27 06:50:51 Starting delete for "k8s-login-tokens" Application
2023/04/27 06:50:51 Starting delete for "anonfiles" Application
2023/04/27 06:50:51 Starting delete for "token" Application
2023/04/27 06:50:51 Starting delete for "completelogin" Application
2023/04/27 06:50:51 Starting delete for "k8sidp" Application
2023/04/27 06:50:51 Starting delete for "metrics" Application
2023/04/27 06:50:51 Starting delete for "root-redirect" Application
2023/04/27 06:50:51 Starting delete for "scale-session-check" Application
2023/04/27 06:50:52 Ignoring delete failure for "token" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "token" not found
2023/04/27 06:50:52 Ignoring delete failure for "k8s-login-tokens" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-tokens" not found
2023/04/27 06:50:52 Ignoring delete failure for "root-redirect" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "root-redirect" not found
2023/04/27 06:50:52 Ignoring delete failure for "logout" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "logout" not found
2023/04/27 06:50:52 Ignoring delete failure for "k8s-login-cli" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-cli" not found
2023/04/27 06:50:52 Ignoring delete failure for "scale-session-check" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "scale-session-check" not found
2023/04/27 06:50:52 Ignoring delete failure for "metrics" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "metrics" not found
2023/04/27 06:50:52 Ignoring delete failure for "k8sidp" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8sidp" not found
2023/04/27 06:50:52 Ignoring delete failure for "completelogin" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "completelogin" not found
2023/04/27 06:50:52 Ignoring delete failure for "anonfiles" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "anonfiles" not found
2023/04/27 06:50:52 Ignoring delete failure for "k8s-login-cli-redirect" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-cli-redirect" not found
2023/04/27 06:50:52 Ignoring delete failure for "completelogin-cli" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "completelogin-cli" not found
2023/04/27 06:50:52 Ignoring delete failure for "scale" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "scale" not found
2023/04/27 06:50:52 Starting delete for "oauth2jwt-login" AuthenticationChain
2023/04/27 06:50:52 Starting delete for "login-service-cli" AuthenticationChain
2023/04/27 06:50:52 Starting delete for "enterprise-idp-cli" AuthenticationChain
2023/04/27 06:50:52 Starting delete for "enterprise-idp" AuthenticationChain
2023/04/27 06:50:52 Starting delete for "login-service" AuthenticationChain
2023/04/27 06:50:52 Starting delete for "oauth2k8s" AuthenticationChain
2023/04/27 06:50:52 Ignoring delete failure for "oauth2jwt-login" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "oauth2jwt-login" not found
2023/04/27 06:50:52 Ignoring delete failure for "login-service" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "login-service" not found
2023/04/27 06:50:52 Ignoring delete failure for "login-service-cli" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "login-service-cli" not found
2023/04/27 06:50:52 Ignoring delete failure for "enterprise-idp" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "enterprise-idp" not found
2023/04/27 06:50:52 Ignoring delete failure for "enterprise-idp-cli" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "enterprise-idp-cli" not found
2023/04/27 06:50:52 Ignoring delete failure for "oauth2k8s" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "oauth2k8s" not found
2023/04/27 06:50:52 Starting delete for "include" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "login-form" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "map" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "github" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "login-service" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "js" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "oidc" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "oauth2jwt" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "saml2" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "jit" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "oauth2k8s" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "genoidctoken" AuthenticationMechanism
2023/04/27 06:50:52 Starting delete for "az" AuthenticationMechanism
2023/04/27 06:50:52 Ignoring delete failure for "login-form" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "login-form" not found
2023/04/27 06:50:52 Ignoring delete failure for "oidc" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oidc" not found
2023/04/27 06:50:52 Ignoring delete failure for "oauth2k8s" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oauth2k8s" not found
2023/04/27 06:50:52 Ignoring delete failure for "js" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "js" not found
2023/04/27 06:50:52 Ignoring delete failure for "oauth2jwt" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oauth2jwt" not found
2023/04/27 06:50:52 Ignoring delete failure for "saml2" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "saml2" not found
2023/04/27 06:50:52 Ignoring delete failure for "genoidctoken" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "genoidctoken" not found
2023/04/27 06:50:52 Ignoring delete failure for "jit" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "jit" not found
2023/04/27 06:50:52 Ignoring delete failure for "az" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "az" not found
2023/04/27 06:50:52 Ignoring delete failure for "github" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "github" not found
2023/04/27 06:50:52 Ignoring delete failure for "map" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "map" not found
2023/04/27 06:50:52 Ignoring delete failure for "include" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "include" not found
2023/04/27 06:50:52 Ignoring delete failure for "login-service" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "login-service" not found
2023/04/27 06:50:52 Starting delete for "github" CustomAuthorization
2023/04/27 06:50:52 Ignoring delete failure for "github" openunison.tremolo.io/v1, Kind=CustomAuthorization: customazs.openunison.tremolo.io "github" not found
2023/04/27 06:50:52 Starting delete for "clear-sessions" OUJob
2023/04/27 06:50:52 Ignoring delete failure for "clear-sessions" openunison.tremolo.io/v1, Kind=OUJob: oujobs.openunison.tremolo.io "clear-sessions" not found
2023/04/27 06:50:52 Starting delete for "local-deployment" Org
2023/04/27 06:50:52 Ignoring delete failure for "local-deployment" openunison.tremolo.io/v1, Kind=Org: orgs.openunison.tremolo.io "local-deployment" not found
2023/04/27 06:50:52 Starting delete for "oauth2token" PortalUrl
2023/04/27 06:50:53 Ignoring delete failure for "oauth2token" openunison.tremolo.io/v1, Kind=PortalUrl: portalurls.openunison.tremolo.io "oauth2token" not found
2023/04/27 06:50:53 Starting delete for "scale-redirect" ResultGroup
2023/04/27 06:50:53 Starting delete for "logout-dashboard" ResultGroup
2023/04/27 06:50:53 Starting delete for "oauth2bearer" ResultGroup
2023/04/27 06:50:53 Starting delete for "default-login-failure" ResultGroup
2023/04/27 06:50:53 Starting delete for "redirect-to-local-login" ResultGroup
2023/04/27 06:50:53 Starting delete for "force-logout" ResultGroup
2023/04/27 06:50:53 Starting delete for "logout" ResultGroup
2023/04/27 06:50:53 Ignoring delete failure for "oauth2bearer" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "oauth2bearer" not found
2023/04/27 06:50:53 Ignoring delete failure for "scale-redirect" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "scale-redirect" not found
2023/04/27 06:50:53 Ignoring delete failure for "logout" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "logout" not found
2023/04/27 06:50:53 Ignoring delete failure for "redirect-to-local-login" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "redirect-to-local-login" not found
2023/04/27 06:50:53 Ignoring delete failure for "logout-dashboard" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "logout-dashboard" not found
2023/04/27 06:50:53 Ignoring delete failure for "default-login-failure" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "default-login-failure" not found
2023/04/27 06:50:53 Ignoring delete failure for "force-logout" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "force-logout" not found
2023/04/27 06:50:53 Starting delete for "jitdb" Target
2023/04/27 06:50:53 Ignoring delete failure for "jitdb" openunison.tremolo.io/v1, Kind=Target: targets.openunison.tremolo.io "jitdb" not found
2023/04/27 06:50:53 Starting delete for "jitdb" Workflow
2023/04/27 06:50:53 Ignoring delete failure for "jitdb" openunison.tremolo.io/v1, Kind=Workflow: workflows.openunison.tremolo.io "jitdb" not found
2023/04/27 06:50:53 purge requested for orchestra-login-portal
Waiting a few seconds...
Try #%!i(int=4)
2023/04/27 06:51:06 creating 48 resource(s)
Error installing chart orchestra-login-portal - Internal error occurred: failed calling webhook "applications-openunison.tremolo.io": failed to call webhook: Post "https://openunison-orchestra.openunison.svc:443/k8s/webhooks/v1/applications?timeout=5s": x509: certificate signed by unknown authority, deleting and retrying
2023/04/27 06:51:08 uninstall: Deleting orchestra-login-portal
2023/04/27 06:51:08 Starting delete for "ouhtml-orchestra-login-portal" Service
2023/04/27 06:51:08 Starting delete for "ouhtml-orchestra-login-portal" Deployment
2023/04/27 06:51:09 Starting delete for "ouhtml-orchestra-login-portal" ServiceAccount
2023/04/27 06:51:09 Starting delete for "logout" Application
2023/04/27 06:51:09 Starting delete for "scale-session-check" Application
2023/04/27 06:51:09 Starting delete for "k8sidp" Application
2023/04/27 06:51:09 Starting delete for "metrics" Application
2023/04/27 06:51:09 Starting delete for "root-redirect" Application
2023/04/27 06:51:09 Starting delete for "completelogin-cli" Application
2023/04/27 06:51:09 Starting delete for "scale" Application
2023/04/27 06:51:09 Starting delete for "token" Application
2023/04/27 06:51:09 Starting delete for "anonfiles" Application
2023/04/27 06:51:09 Starting delete for "k8s-login-cli-redirect" Application
2023/04/27 06:51:09 Starting delete for "completelogin" Application
2023/04/27 06:51:09 Starting delete for "k8s-login-cli" Application
2023/04/27 06:51:09 Starting delete for "k8s-login-tokens" Application
2023/04/27 06:51:09 Ignoring delete failure for "k8sidp" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8sidp" not found
2023/04/27 06:51:09 Ignoring delete failure for "scale-session-check" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "scale-session-check" not found
2023/04/27 06:51:09 Ignoring delete failure for "logout" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "logout" not found
2023/04/27 06:51:09 Ignoring delete failure for "k8s-login-cli-redirect" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-cli-redirect" not found
2023/04/27 06:51:09 Ignoring delete failure for "scale" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "scale" not found
2023/04/27 06:51:09 Ignoring delete failure for "k8s-login-cli" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-cli" not found
2023/04/27 06:51:09 Ignoring delete failure for "k8s-login-tokens" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "k8s-login-tokens" not found
2023/04/27 06:51:09 Ignoring delete failure for "metrics" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "metrics" not found
2023/04/27 06:51:09 Ignoring delete failure for "anonfiles" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "anonfiles" not found
2023/04/27 06:51:09 Ignoring delete failure for "token" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "token" not found
2023/04/27 06:51:09 Ignoring delete failure for "completelogin" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "completelogin" not found
2023/04/27 06:51:09 Ignoring delete failure for "root-redirect" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "root-redirect" not found
2023/04/27 06:51:09 Ignoring delete failure for "completelogin-cli" openunison.tremolo.io/v1, Kind=Application: applications.openunison.tremolo.io "completelogin-cli" not found
2023/04/27 06:51:09 Starting delete for "oauth2jwt-login" AuthenticationChain
2023/04/27 06:51:09 Starting delete for "login-service-cli" AuthenticationChain
2023/04/27 06:51:09 Starting delete for "login-service" AuthenticationChain
2023/04/27 06:51:09 Starting delete for "enterprise-idp" AuthenticationChain
2023/04/27 06:51:09 Starting delete for "oauth2k8s" AuthenticationChain
2023/04/27 06:51:09 Starting delete for "enterprise-idp-cli" AuthenticationChain
2023/04/27 06:51:09 Ignoring delete failure for "oauth2jwt-login" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "oauth2jwt-login" not found
2023/04/27 06:51:09 Ignoring delete failure for "login-service" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "login-service" not found
2023/04/27 06:51:09 Ignoring delete failure for "enterprise-idp" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "enterprise-idp" not found
2023/04/27 06:51:09 Ignoring delete failure for "oauth2k8s" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "oauth2k8s" not found
2023/04/27 06:51:09 Ignoring delete failure for "enterprise-idp-cli" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "enterprise-idp-cli" not found
2023/04/27 06:51:09 Ignoring delete failure for "login-service-cli" openunison.tremolo.io/v1, Kind=AuthenticationChain: authchains.openunison.tremolo.io "login-service-cli" not found
2023/04/27 06:51:09 Starting delete for "include" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "login-form" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "jit" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "genoidctoken" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "login-service" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "oidc" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "saml2" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "oauth2jwt" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "oauth2k8s" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "map" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "az" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "js" AuthenticationMechanism
2023/04/27 06:51:09 Starting delete for "github" AuthenticationMechanism
2023/04/27 06:51:09 Ignoring delete failure for "oauth2k8s" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oauth2k8s" not found
2023/04/27 06:51:09 Ignoring delete failure for "include" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "include" not found
2023/04/27 06:51:09 Ignoring delete failure for "oauth2jwt" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oauth2jwt" not found
2023/04/27 06:51:09 Ignoring delete failure for "saml2" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "saml2" not found
2023/04/27 06:51:09 Ignoring delete failure for "oidc" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "oidc" not found
2023/04/27 06:51:09 Ignoring delete failure for "login-service" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "login-service" not found
2023/04/27 06:51:09 Ignoring delete failure for "genoidctoken" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "genoidctoken" not found
2023/04/27 06:51:09 Ignoring delete failure for "login-form" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "login-form" not found
2023/04/27 06:51:09 Ignoring delete failure for "map" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "map" not found
2023/04/27 06:51:09 Ignoring delete failure for "jit" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "jit" not found
2023/04/27 06:51:09 Ignoring delete failure for "az" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "az" not found
2023/04/27 06:51:09 Ignoring delete failure for "github" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "github" not found
2023/04/27 06:51:09 Ignoring delete failure for "js" openunison.tremolo.io/v1, Kind=AuthenticationMechanism: authmechs.openunison.tremolo.io "js" not found
2023/04/27 06:51:09 Starting delete for "github" CustomAuthorization
2023/04/27 06:51:09 Ignoring delete failure for "github" openunison.tremolo.io/v1, Kind=CustomAuthorization: customazs.openunison.tremolo.io "github" not found
2023/04/27 06:51:09 Starting delete for "clear-sessions" OUJob
2023/04/27 06:51:10 Ignoring delete failure for "clear-sessions" openunison.tremolo.io/v1, Kind=OUJob: oujobs.openunison.tremolo.io "clear-sessions" not found
2023/04/27 06:51:10 Starting delete for "local-deployment" Org
2023/04/27 06:51:10 Ignoring delete failure for "local-deployment" openunison.tremolo.io/v1, Kind=Org: orgs.openunison.tremolo.io "local-deployment" not found
2023/04/27 06:51:10 Starting delete for "oauth2token" PortalUrl
2023/04/27 06:51:10 Ignoring delete failure for "oauth2token" openunison.tremolo.io/v1, Kind=PortalUrl: portalurls.openunison.tremolo.io "oauth2token" not found
2023/04/27 06:51:10 Starting delete for "scale-redirect" ResultGroup
2023/04/27 06:51:10 Starting delete for "default-login-failure" ResultGroup
2023/04/27 06:51:10 Starting delete for "logout" ResultGroup
2023/04/27 06:51:10 Starting delete for "oauth2bearer" ResultGroup
2023/04/27 06:51:10 Starting delete for "redirect-to-local-login" ResultGroup
2023/04/27 06:51:10 Starting delete for "force-logout" ResultGroup
2023/04/27 06:51:10 Starting delete for "logout-dashboard" ResultGroup
2023/04/27 06:51:10 Ignoring delete failure for "scale-redirect" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "scale-redirect" not found
2023/04/27 06:51:10 Ignoring delete failure for "default-login-failure" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "default-login-failure" not found
2023/04/27 06:51:10 Ignoring delete failure for "logout" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "logout" not found
2023/04/27 06:51:10 Ignoring delete failure for "redirect-to-local-login" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "redirect-to-local-login" not found
2023/04/27 06:51:10 Ignoring delete failure for "oauth2bearer" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "oauth2bearer" not found
2023/04/27 06:51:10 Ignoring delete failure for "logout-dashboard" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "logout-dashboard" not found
2023/04/27 06:51:10 Ignoring delete failure for "force-logout" openunison.tremolo.io/v1, Kind=ResultGroup: resultgroups.openunison.tremolo.io "force-logout" not found
2023/04/27 06:51:10 Starting delete for "jitdb" Target
2023/04/27 06:51:10 Ignoring delete failure for "jitdb" openunison.tremolo.io/v1, Kind=Target: targets.openunison.tremolo.io "jitdb" not found
2023/04/27 06:51:10 Starting delete for "jitdb" Workflow
2023/04/27 06:51:10 Ignoring delete failure for "jitdb" openunison.tremolo.io/v1, Kind=Workflow: workflows.openunison.tremolo.io "jitdb" not found
2023/04/27 06:51:10 purge requested for orchestra-login-portal
Waiting a few seconds...
Try #%!i(int=5)
panic: Failed to install chart orchestra-login-portal after five tries
goroutine 1 [running]:
github.com/tremolosecurity/openunison-control/cmd.glob..func2(0x107ae41e0?, {0x14000594630?, 0x3?, 0x3?})
github.com/tremolosecurity/openunison-control/cmd/installAuthPortal.go:51 +0x2bc
github.com/spf13/cobra.(*Command).execute(0x107ae41e0, {0x140005945d0, 0x3, 0x3})
github.com/spf13/cobra@v1.6.1/command.go:920 +0x5b0
github.com/spf13/cobra.(*Command).ExecuteC(0x107ae3f00)
github.com/spf13/cobra@v1.6.1/command.go:1044 +0x35c
github.com/spf13/cobra.(*Command).Execute(...)
github.com/spf13/cobra@v1.6.1/command.go:968
github.com/tremolosecurity/openunison-control/cmd.Execute()
github.com/tremolosecurity/openunison-control/cmd/root.go:51 +0x28
main.main()
github.com/tremolosecurity/openunison-control/main.go:16 +0x80what a complex installation process - I am starting to understand your struggles and why you built ouctl
I would recommend adding validations in the image to detect wrongly formatted data, and adding messaging to ease expectations and troubleshooting. Like; "waiting on operator to generate X" "waiting on portal to start..."
orefalo
commented
1 year ago one thing I noticed in the "orchestra-secrets-source" secret, it that GITHUB_SECRET_ID is cleartext (read non base64 encoded) while the others are.
mlbiam
commented
1 year ago Error installing chart orchestra-login-portal - Internal error occurred: failed calling webhook "applications-openunison.tremolo.io": failed to call webhook: Post "https://openunison-orchestra.openunison.svc:443/k8s/webhooks/v1/applications?timeout=5s": x509: certificate signed by unknown authority, deleting and retrying
this sometimes happens when there are several re-installs. The admission controllers have the webhook configuration, but have to have a cert in order to be created. The operator generates and creates the cert. Sometimes these get crossed up. It's pretty rare with ouctl. Since openunison doesn't have any state, try deleting it entirely.
helm delete orchestra-login-portal -n openunison;helm delete orchestra -n openunison;helm delete openunison -n openunison;k delete ns openunison;then running the install.
Like; "waiting on operator to generate X" "waiting on portal to start..."
that's a good idea to add more labels then just the helm chart
one thing I noticed in the "orchestra-secrets-source" secret, it that GITHUB_SECRET_ID is cleartext (read non base64 encoded) while the others are.
They're all base64 encoded. They're stored as binary data. the K8S_DB_SECRET and unisonKeystorePassword look like they're base64 encoded even after decoding because they're just random ascii characters.
mlbiam
commented
10 months ago closing due to inactivity
Hi again,
I am trying to deploy unison on K3S - https://www.rancher.com/products/k3s I used the standard method with ouctl. ;-)
it partially works - operator and orchestra are started, portal-login keeps on crashing
orchestra gives me the follow logs
Any idea?