Closed SergK closed 1 year ago
Hey @SergK Can you confirm if this is happening only for websockets?
Hi @yolossn, it's true that I can log in with OIDC, but I'm unable to receive "live updates" and have to refresh the page instead.
Just an update on the progress. I am able to reproduce this issue and the websocket connection issue is happening only when using OIDC authentication. The No valid id-token, and cannot refresh without refresh-token
response is from the Kubernetes API server and I don't see any difference in the request made from the frontend or the request that is forwarded to the Kubernetes API server by the backend.
Hello @SergK, I've created a Docker image that includes the necessary fix and pushed it to docker.io/yolossn/headlamp-oidc-fix:latest
. Could you please check to confirm if this resolves the problem?
Hello @yolossn, everything seems to be working perfectly without any issues.
Hey, Thanks for the update. Ill try to get this released ASAP.
@yolossn Thank you for quick feedback
After Upgrading from Headlamp 0.18.0 to 0.19.0, my OIDC configuration stops working for WebSocket connections.
Headlamp 0.18.0 checking with websocat I have 403 - which is expected:
Headlamp 0.19.0 checking with websocat I have 502 - which is not expected:
And in the headlamp logs, I see:
here is the complete log from the container start
It seems that the error returns from here: https://github.com/headlamp-k8s/headlamp/blob/v0.19.0/backend/pkg/kubeconfig/kubeconfig.go#L113