jsakil14
commented
1 month ago I reverted to old version of image: quay.io/openshift/origin-console:4.9.0 instead of image: quay.io/openshift/origin-console:latest ; which seems to have resolved the issue with authentication - Going through the image files, seems like only noticeable change is OS is moved to rhel9 from older rhel8 - but dont know what VAR it is looking for...
spec: containers:
- env:
- name: BRIDGE_USER_AUTH value: disabled
- name: BRIDGE_LISTEN value: https://0.0.0.0:9000
- name: BRIDGE_TLS_CERT_FILE value: /var/run/secrets/console-serving-cert/tls.crt
- name: BRIDGE_TLS_KEY_FILE value: /var/run/secrets/console-serving-cert/tls.key
- name: BRIDGE_PLUGINS value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
- name: BRIDGE_PLUGIN_PROXY
Hi,
today when I was trying to launch the okd console , I was greeted with below message : Please configure authentication to use the web console.
Not sure , if there is a new image pushed and might be need to patch notes...Trying to troubleshoot this one, any help appreciated
a. Kubevirt cluster - 3 node physical b. Used ci/deploy-console.sh & additional components from the ci/ & yaml/ folders c. I cant attach images here , it is basically node port connected over browser giving the output as below:
Please configure authentication to use the web console.
logs from console pod
k logs console-798cf56f96-xh88k I0902 07:16:33.814995 1 main.go:214] The following console plugins are enabled: I0902 07:16:33.815031 1 main.go:216] - forklift-console-plugin W0902 07:16:33.815039 1 authoptions.go:112] Flag inactivity-timeout is set to less then 300 seconds and will be ignored! W0902 07:16:33.815211 1 authoptions.go:259] console is disabled -- no authentication method configured I0902 07:16:33.815256 1 main.go:634] Binding to 0.0.0.0:9000... I0902 07:16:33.815272 1 main.go:636] using TLS 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:57769: remote error: tls: unknown certificate 2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:51679: remote error: tls: unknown certificate 2024/09/02 07:16:40 http: TLS handshake error from 172.16.149.19:62944: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:45346: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:43350: remote error: tls: unknown certificate 2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:36632: remote error: tls: unknown certificate console deployment output:
apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "2" kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"console","namespace":"konveyor-forklift"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"console"}},"template":{"metadata":{"labels":{"name":"console"}},"spec":{"containers":[{"env":[{"name":"BRIDGE_USER_AUTH","value":"disabled"},{"name":"BRIDGE_LISTEN","value":"https://0.0.0.0:9000"},{"name":"BRIDGE_TLS_CERT_FILE","value":"/var/run/secrets/console-serving-cert/tls.crt"},{"name":"BRIDGE_TLS_KEY_FILE","value":"/var/run/secrets/console-serving-cert/tls.key"},{"name":"BRIDGE_PLUGINS","value":"forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080"},{"name":"BRIDGE_PLUGIN_PROXY","value":"{"services":[\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",\n "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n },\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",\n "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n }]}\n"}],"image":"quay.io/openshift/origin-console:latest","name":"console","volumeMounts":[{"mountPath":"/var/run/secrets/console-serving-cert","name":"console-serving-cert"},{"mountPath":"/etc/ssl/certs/forklift-ca.crt","name":"forklift-cert","subPath":"ca.crt"}]}],"serviceAccountName":"console","volumes":[{"name":"forklift-cert","secret":{"secretName":"forklift-cert"}},{"name":"console-serving-cert","secret":{"secretName":"console-serving-cert"}}]}}}} creationTimestamp: "2024-09-02T07:10:02Z" generation: 2 name: console namespace: konveyor-forklift resourceVersion: "187602490" uid: cd3cc6a3-3aa3-4788-867f-1beb44a5c9db spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: name: console strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: name: console spec: containers:
lastTransitionTime: "2024-09-02T07:10:22Z" lastUpdateTime: "2024-09-02T07:10:22Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available lastTransitionTime: "2024-09-02T07:10:02Z" lastUpdateTime: "2024-09-02T07:16:31Z" message: ReplicaSet "console-798cf56f96" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 2 readyReplicas: 1 replicas: 1 updatedReplicas: 1