search

openshift / console

OpenShift Cluster Console UI
https://www.openshift.org
Apache License 2.0
401 stars 613 forks source link

Cant access openshift web console #14229

Open jsakil14 opened 2 months ago

jsakil14 commented 2 months ago

today when I was trying to launch the okd console , I was greeted with below message :

Screenshot 2024-09-02 at 12 44 43 PM

Please configure authentication to use the web console.

Not sure , if there is a new image pushed and might be need to patch notes...Trying to troubleshoot this one, any help appreciated

jsakil14 commented 2 months ago

hi, thanks for the issue, can you describe the proccess of launching the okd console ? a. what cluster, what is installed on it b. how did you install the console, namespacee, image, CRDs ... c. if you can screenshot of problem

1 reply 1 new @jsakil14 jsakil14 3 hours ago Author a. Kubevirt cluster - 3 node physical b. Used ci/deploy-console.sh & additional components from the ci/ & yaml/ folders c. I cant attach images here , it is basically node port connected over browser giving the output as below:

Please configure authentication to use the web console.

logs from console pod

k logs console-798cf56f96-xh88k I0902 07:16:33.814995 1 main.go:214] The following console plugins are enabled: I0902 07:16:33.815031 1 main.go:216] - forklift-console-plugin W0902 07:16:33.815039 1 authoptions.go:112] Flag inactivity-timeout is set to less then 300 seconds and will be ignored! W0902 07:16:33.815211 1 authoptions.go:259] console is disabled -- no authentication method configured I0902 07:16:33.815256 1 main.go:634] Binding to 0.0.0.0:9000... I0902 07:16:33.815272 1 main.go:636] using TLS 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:57769: remote error: tls: unknown certificate 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:51679: remote error: tls: unknown certificate 2024/09/02 07:16:40 http: TLS handshake error from 172.16.149.19:62944: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:45346: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:43350: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:36632: remote error: tls: unknown certificate console deployment output:

apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "2" kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"console","namespace":"konveyor-forklift"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"console"}},"template":{"metadata":{"labels":{"name":"console"}},"spec":{"containers":[{"env":[{"name":"BRIDGE_USER_AUTH","value":"disabled"},{"name":"BRIDGE_LISTEN","value":"https://0.0.0.0:9000"},{"name":"BRIDGE_TLS_CERT_FILE","value":"/var/run/secrets/console-serving-cert/tls.crt"},{"name":"BRIDGE_TLS_KEY_FILE","value":"/var/run/secrets/console-serving-cert/tls.key"},{"name":"BRIDGE_PLUGINS","value":"forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080"},{"name":"BRIDGE_PLUGIN_PROXY","value":"{\"services\":[\n {\n \"consoleAPIPath\":\"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/\",\n \"endpoint\":\"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443\",\n \"authorize\":true\n },\n {\n \"consoleAPIPath\":\"/api/proxy/plugin/forklift-console-plugin/must-gather-api/\",\n \"endpoint\":\"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443\",\n \"authorize\":true\n }]}\n"}],"image":"quay.io/openshift/origin-console:latest","name":"console","volumeMounts":[{"mountPath":"/var/run/secrets/console-serving-cert","name":"console-serving-cert"},{"mountPath":"/etc/ssl/certs/forklift-ca.crt","name":"forklift-cert","subPath":"ca.crt"}]}],"serviceAccountName":"console","volumes":[{"name":"forklift-cert","secret":{"secretName":"forklift-cert"}},{"name":"console-serving-cert","secret":{"secretName":"console-serving-cert"}}]}}}} creationTimestamp: "2024-09-02T07:10:02Z" generation: 2 name: console namespace: konveyor-forklift resourceVersion: "187602490" uid: cd3cc6a3-3aa3-4788-867f-1beb44a5c9db spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: name: console strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: name: console spec: containers:

jsakil14 commented 2 months ago

UPDATE: I reverted to old version of image: quay.io/openshift/origin-console:4.9.0 instead of image: quay.io/openshift/origin-console:latest ; which seems to have resolved the issue with authentication - Going through the image files, seems like only noticeable change is OS is moved to rhel9 from older rhel8 - but dont know what env. variable it is looking for...

spec:
      containers:
      - env:
        - name: BRIDGE_USER_AUTH
          value: disabled
        - name: BRIDGE_LISTEN
          value: https://0.0.0.0:9000
        - name: BRIDGE_TLS_CERT_FILE
          value: /var/run/secrets/console-serving-cert/tls.crt
        - name: BRIDGE_TLS_KEY_FILE
          value: /var/run/secrets/console-serving-cert/tls.key
        - name: BRIDGE_PLUGINS
          value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
        - name: BRIDGE_PLUGIN_PROXY
jsakil14 commented 2 months ago

BUMP!