Closed 01000101 closed 1 year ago
I also tried disabling TLS validation as per the docs (and re-deploying fresh) but no change -
insecure:
oidcIdpInsecure: true
ocisHttpApiInsecure: true
Today I re-generated all secrets from scratch and updated the config to this -
externalDomain: owncloud.apps.k8s.example.com
namespaceOverride: owncloud
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
cert-manager.io/cluster-issuer: ingress-issuer
tls:
- hosts:
- owncloud.apps.k8s.example.com
secretName: owncloud-tls-secret
insecure:
oidcIdpInsecure: true
ocisHttpApiInsecure: true
features:
basicAuthentication: true
demoUsers: true
externalUserManagement:
enabled: false
logging:
level: 'info'
In addition, I tried a fresh Kubernetes cluster hosted by Vultr (VKE) running Kubernetes v1.25.4. Exactly the same result - I login, it's successful, but then I'm sent into an "Access Denied" loop.
I figured it out. The issue was that the public FQDN was not resolvable by 1.1.1.1
(Cloudflare, the default DNS resolver I guess) and was causing OAuth/OIDC to fail. I'll look into how to change the resolver later, but for now I'm up and running.
Problem
The deployment seems to go OK and I can reach the web UI using a LE-signed certificate. I get the login prompt and enter the credentials ("admin" and the password from secret). It logs me in but then immediately redirects to a brief "access denied" message before looping endlessly.
Technical Information
Kubernetes: v1.25.4 (microk8s, latest) Helm: v3.10.3 OCIS: v0.1.0 (git tag)
Install
values.yaml
Web browser console output