Exec/Log functionality broken for --in-cluster deployment

[SquupS]

Since headlamp v0.13.0 I can't shell into pods anymore. It is just cycling through the different options and then finally fails.

Same for checking logs. The window just stays empty.

Anyone else discovered this kind of issues? Having the problem with onPrem and Cloud clusters.

Thanks and best regards

[joaquimrocha]

@SquupS , I confirm I am able to exec into pods with version 0.19.0. Maybe your container is not running one of the shells we test. For helping figure out why it's not working for you, please give us the following details:

1. Can you exec into the pod using kubectl? (to discard any permissions issues)
2. What flavor of Kubernetes (and cloud) are you using?
3. What sort of pod/container are you trying? Is it a Linux container? What shell is it using?

Thank you.

[SquupS]

Good morning @joaquimrocha and thanks for the reply.

1. Yes, I can access all of my pods via kubectl or something like Lens without any issues.
2. for onPrem mostly RKE and for Cloud AWS EKS
3. All Linux based containers (mostly Apline, but also Debian) using default shell

Hope that helps for finding then my very specific error because I would really love to use your apllication!

Nevertheless, great work!

Thanks and best regards

[eresgie]

Hi @joaquimrocha. It's similar to the issue I reported here.

Once again, I recorded a quick movie to get better understanding. Here's the link: https://www.youtube.com/watch?v=MqSKdhKt4YE

This particular pod uses /bin/bash as a shell. I can exec into this pod from commandline without any problems. It is working also in Headlamp version: 0.18.0. I'm using web interface, not a Headlamp application and I'm logging in using OIDC.

If you need some more info, let me know, please.

Thank you.

[SquupS]

Found the root cause after some troubleshooting. I removed the ENV variables for OIDC login from the helm chart and now I can also shell into all my pods and also gather logfiles. So there seems to be some sort of connection.

I never used the OIDC login though, since the keycloak backend is lacking some config, but wanted to have it prepared. Always used the Token login.

However, removing those parts fixed my issue.

Not sure if further investigation makes sense on your end?

[joaquimrocha]

@eresgie , @SquupS , the OIDC related issue should be fixed now since yesterday's bugfix release: 0.19.1. I will close the issue, but please reopen or comment on it if this it's not fixed yet.

[eresgie]

@eresgie , @SquupS , the OIDC related issue should be fixed now since yesterday's bugfix release: 0.19.1. I will close the issue, but please reopen or comment on it if this it's not fixed yet.

@joaquimrocha Thank you. Works perfectly with OIDC configured web interface.