search

oauth2-proxy / manifests

For hosting manifests to allow for the deployment of OAuth2-Proxy/OAuth2-Proxy
Apache License 2.0
170 stars 153 forks source link

Enabling alpha config gives error "decoding: * '' has invalid keys: upstreams" #111

Closed EinarArnason closed 2 years ago

EinarArnason commented 2 years ago

I'm installing via helm using Keycloak with this config:

helm install oauth2-proxy-dashboard-$domain oauth2-proxy/oauth2-proxy --namespace $namespace \
      --set redis.enabled=true \
      --set redis.replica.replicaCount=1 \
      --set ingress.enabled=true \
      --set ingress.className=nginx \
      --set ingress.path="/oauth2" \
      --set ingress.hosts[0]=k8s.$domain \
      --set ingress.tls[0].hosts[0]=k8s.$domain \
      --set ingress.tls[0].secretName=k8s.$domain-tls \
      --set ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-production \
      --set ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-buffer-size"="8k" \
      --set extraArgs.redirect-url="https://k8s.$domain/oauth2/callback" \
      --set alphaConfig.enabled=true \
      --set alphaConfig.configData.injectRequestHeaders[0].name=Authorization \
      --set alphaConfig.configData.injectRequestHeaders[0].values[0].claim="$(kubectl create token $username)" \
      --set alphaConfig.configData.injectRequestHeaders[0].values[0].prefix="Bearer" \
      --set alphaConfig.configData.providers[0].provider="keycloak-oidc" \
      --set alphaConfig.configData.providers[0].clientID="kubernetes-dashboard" \
      --set alphaConfig.configData.providers[0].clientSecret="$CLIENT_SECRET" \
      --set alphaConfig.configData.providers[0].id="keycloak" \
      --set alphaConfig.configData.providers[0].oidcConfig.issuerURL="https://login.$domain/realms/master"

The log from the pod outputs:

[2022/10/06 10:09:33] [main.go:43] ERROR: failed to load core options: failed to load config: error unmarshalling config: 1 error(s) decoding: * '' has invalid keys: upstreams

Seems to me it is trying to use both configurations, or am I missing something?

pierluigilenoci commented 2 years ago

@EinarArnason the error you are showing is due to the file generated by this template: https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/templates/configmap.yaml

So from these lines: https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/values.yaml#L34-L36

According to the documentation, upstream is not a valid option with alpha config.

Try removing this default option from your values. https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/alpha-config/#removed-options

Ref: https://github.com/oauth2-proxy/oauth2-proxy/blob/master/main_test.go#L252-L256

EinarArnason commented 2 years ago

I just removed the - --config=/etc/oauth2_proxy/oauth2_proxy.conf line from the deployment config and then it worked fine. Was the alpha config not supposed to replace the original config?

pierluigilenoci commented 2 years ago

Was the alpha config not supposed to replace the original config?

Nope. https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/templates/deployment.yaml#L200-L209

pierluigilenoci commented 2 years ago

@EinarArnason can this issue then be closed?