search

kubecost / features-bugs

A public repository for filing of Kubecost feature requests and bugs. Please read the issue guidelines before filing an issue here.
0 stars 0 forks source link

[Bug] OIDC doesn't work with self-signed certificate #29

Open IvanovOleg opened 9 months ago

IvanovOleg commented 9 months ago

Kubecost Version

cost-analyzer-1.107.1

Kubernetes Version

v1.27.6+f67aeb3

Kubernetes Platform

OpenShift

Description


panic: Error in OIDC discovery 'https://keycloak-keycloak-operator.apps-crc.testing/realms/sso/.well-known/openid-configuration': Get "https://keycloak-keycloak-operator.apps-crc.testing/realms/sso/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authoritygoroutine 1 [running]:github.com/kubecost/kubecost-cost-model/pkg/cmd/costmodel.Execute(0x1?)  /app/kubecost-cost-model/pkg/cmd/costmodel/costmodel.go:2650 +0x8b9dgithub.com/kubecost/kubecost-cost-model/pkg/cmd.Execute.newCostModelCommand.func1(0xc001528800?, {0x4855d85?, 0x4?, 0x4855d89?})    /app/kubecost-cost-model/pkg/cmd/commands.go:68 +0x2fgithub.com/spf13/cobra.(*Command).execute(0xc001526000, {0x75ac380, 0x0, 0x0}) /go/pkg/mod/github.com/spf13/cobra@v1.6.0/command.go:916 +0x87cgithub.com/spf13/cobra.(*Command).ExecuteC(0xc001527800) /go/pkg/mod/github.com/spf13/cobra@v1.6.0/command.go:1040 +0x38dgithub.com/spf13/cobra.(*Command).Execute(...)  /go/pkg/mod/github.com/spf13/cobra@v1.6.0/command.go:968github.com/opencost/opencost/pkg/cmd.Execute(0x0?, {0xc00143fec0, 0x7, 0x7})    /app/opencost/pkg/cmd/commands.go:61 +0x3a5github.com/kubecost/kubecost-cost-model/pkg/cmd.Execute()    /app/kubecost-cost-model/pkg/cmd/commands.go:43 +0x353main.main()   /app/kubecost-cost-model/cmd/costmodel/main.go:12 +0x13

### Steps to reproduce

Create a keycloak with self-signed certificate and try to run kubecost

### Expected behavior

OIDC connection works with self-signed certs

### Impact

_No response_

### Screenshots

_No response_

### Logs

_No response_

### Slack discussion

_No response_

### Troubleshooting

- [X] I have read and followed the [issue guidelines](https://github.com/kubecost/features-bugs/blob/main/ISSUE_GUIDELINES.md) and this is a bug impacting only the Kubecost application.
- [X] I have searched other issues in this repository and mine is not recorded.
dwbrown2 commented 9 months ago

@AjayTripathy can you help triage? Is this currently WAI?

AjayTripathy commented 9 months ago

We should add support here at the enterprise level but it is currently not supported. I don't think the lift is too high.

dwbrown2 commented 9 months ago

@IvanovOleg team is working hard on 108 release today. We'd plan to review soon after. What tier are you currently on today? We can work with your CS lead if enterprise to get more input.

IvanovOleg commented 9 months ago

@dwbrown2 We are just investigating a free tier in order to understand if kubecost meets our needs. I fixed a problem in our environment by mounting ca certificate to /etc/ssl/certs/ of the kubecost container. So for us it is not urgent at the moment.

dwbrown2 commented 9 months ago

Nice! Glad to hear that worked. Let us know if this becomes higher priority for you or if there are others items we can help with.