Closed mmartin24 closed 1 year ago
On Linux the problem is with --set global.domain=127.0.0.1.nip.io
(sets ingress endpoints) which works well for external RD network/cluster communication. But epinio-ui
pod is trying to communicate with auth.127.0.0.1.nip.io
within the RD network which also translates to 127.0.0.1:443 but there is no ingress listening to respond.
The ingress in RD actually listens on 192.168.5.15:
k get svc traefik -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik LoadBalancer 10.43.201.109 192.168.5.15,fec0::5055:55ff:fe21:b7d7 80:30654/TCP,443:31600/TCP 3h
Maybe there is a simpler way how to workaround that via helm charts but this approach worked for me without extra epinio configuration:
sudo iptables -t nat -I OUTPUT --dst <host-ip> -p tcp --dport 443 -j REDIRECT --to-ports 443
--set global.domain=<host-ip>.nip.io
<host-ip>:443
and forwards that to 127.0.0.1:443
<host-ip>:443
where the ingress listenI'm going to reopen this because we still need to bump the charts.
Revalidated in Epinio v1.7.1-rc1
:
Issue:
Cannot login with OIDC / DEX when deploying Epinio
v1.7.0
on Rancher Desktopv1.7.0
with Kubernetes version1.25.4
Checked on Mac, Windows and Linux. CLI connection is working ok. Note: verified same error with Docker DesktopError logs: