openshift / console

OpenShift Cluster Console UI
https://www.openshift.org
Apache License 2.0
400 stars 612 forks source link

Please configure authentication to use the web console #14270

Open jsakil14 opened 1 month ago

jsakil14 commented 1 month ago

Hi,

today when I was trying to launch the okd console , I was greeted with below message : Please configure authentication to use the web console.

Not sure , if there is a new image pushed and might be need to patch notes...Trying to troubleshoot this one, any help appreciated

a. Kubevirt cluster - 3 node physical b. Used ci/deploy-console.sh & additional components from the ci/ & yaml/ folders c. I cant attach images here , it is basically node port connected over browser giving the output as below:

Please configure authentication to use the web console.

logs from console pod

k logs console-798cf56f96-xh88k I0902 07:16:33.814995 1 main.go:214] The following console plugins are enabled: I0902 07:16:33.815031 1 main.go:216] - forklift-console-plugin W0902 07:16:33.815039 1 authoptions.go:112] Flag inactivity-timeout is set to less then 300 seconds and will be ignored! W0902 07:16:33.815211 1 authoptions.go:259] console is disabled -- no authentication method configured I0902 07:16:33.815256 1 main.go:634] Binding to 0.0.0.0:9000... I0902 07:16:33.815272 1 main.go:636] using TLS 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:57769: remote error: tls: unknown certificate 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:51679: remote error: tls: unknown certificate 2024/09/02 07:16:40 http: TLS handshake error from 172.16.149.19:62944: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:45346: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:43350: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:36632: remote error: tls: unknown certificate console deployment output:

apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "2" kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"console","namespace":"konveyor-forklift"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"console"}},"template":{"metadata":{"labels":{"name":"console"}},"spec":{"containers":[{"env":[{"name":"BRIDGE_USER_AUTH","value":"disabled"},{"name":"BRIDGE_LISTEN","value":"https://0.0.0.0:9000"},{"name":"BRIDGE_TLS_CERT_FILE","value":"/var/run/secrets/console-serving-cert/tls.crt"},{"name":"BRIDGE_TLS_KEY_FILE","value":"/var/run/secrets/console-serving-cert/tls.key"},{"name":"BRIDGE_PLUGINS","value":"forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080"},{"name":"BRIDGE_PLUGIN_PROXY","value":"{"services":[\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",\n "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n },\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",\n "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n }]}\n"}],"image":"quay.io/openshift/origin-console:latest","name":"console","volumeMounts":[{"mountPath":"/var/run/secrets/console-serving-cert","name":"console-serving-cert"},{"mountPath":"/etc/ssl/certs/forklift-ca.crt","name":"forklift-cert","subPath":"ca.crt"}]}],"serviceAccountName":"console","volumes":[{"name":"forklift-cert","secret":{"secretName":"forklift-cert"}},{"name":"console-serving-cert","secret":{"secretName":"console-serving-cert"}}]}}}} creationTimestamp: "2024-09-02T07:10:02Z" generation: 2 name: console namespace: konveyor-forklift resourceVersion: "187602490" uid: cd3cc6a3-3aa3-4788-867f-1beb44a5c9db spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: name: console strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: name: console spec: containers:

lastTransitionTime: "2024-09-02T07:10:22Z" lastUpdateTime: "2024-09-02T07:10:22Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available lastTransitionTime: "2024-09-02T07:10:02Z" lastUpdateTime: "2024-09-02T07:16:31Z" message: ReplicaSet "console-798cf56f96" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 2 readyReplicas: 1 replicas: 1 updatedReplicas: 1

jsakil14 commented 1 month ago

I reverted to old version of image: quay.io/openshift/origin-console:4.9.0 instead of image: quay.io/openshift/origin-console:latest ; which seems to have resolved the issue with authentication - Going through the image files, seems like only noticeable change is OS is moved to rhel9 from older rhel8 - but dont know what VAR it is looking for...

spec: containers:

jsakil14 commented 1 month ago

BUMP!