Open zrks opened 1 year ago
eresgie
commented
1 year ago @zrks I don't know how you have it configured locally, but I have OIDC configuration deployed on Kubernetes publicly available and it's working using Web UI. However, it's not working with standalone Headlamp application.
For me it displays the following message:
Failed to get authentication information: Request timed-outI'm using kubelogin plugin.
joaquimrocha
commented
1 year ago We have mostly tested OIDC with the web deployment of Headlamp, since it needs to run with certain parameters which means it doesn't make a lot of sense for the desktop app. That said, if all the info needed in your OIDC setup is present in the kubeconfig, then we should be able to pick it up from Headlamp but often that's not the case, certainly not before something else sets up the data in the kubeconfig.
yuzhichang
commented
1 year ago I got similar problem. headlamp client 0.15.1 doesn't load insecure-skip-tls-verify: true clusters. The error is:
16:34:39.972 › server process stderr: 2023/02/20 16:34:39 Error setting up proxy for context ecs-admin@ecs: no certificate authority data found for cluster ecs-admin@ecsThe cluster definition inside $HOME/.kube/config:
- cluster:
server: https://EXTERNAL_IP:6443
insecure-skip-tls-verify: true
name: ecsThis cluster runs on a public cloud. Its API server certificate associates with the internal IP of the master host. The master host has an external IP EXTERNAL_IP. kubectl work well for this setup.
Current situation
When client is launched locally headlamp doesn't support oidc authentication -
no certificate authority data found for clusterImpact
Can't use preferred authentication
Ideal future situation
Headlamp supports oidc when it is launched as client