search

provectus / kafka-ui

Open-Source Web UI for Apache Kafka Management
Apache License 2.0
9.51k stars 1.16k forks source link

Error 302 on basic-auth POST request #4320

Open ledoc opened 10 months ago

ledoc commented 10 months ago

Issue submitter TODO list

Describe the bug (actual behavior)

Hi, I've installed kafka-ui with Helm

kafka-ui works fine without authentication.

But as soon as I set basic-auth authentication and access to kafka-ui via ingress or port-forward, the login form is displayed but when I enter my credentials and confirm with the button, the form shows me invalid user / password, but when I go to the developer console I see that the request is in error with the code 302 not found

Expected behavior

When I submit my basic-auth credentials kzfka-ui handle well the POST request and kafka-ui opens.

Your installation details

Helm versions:

Here's my configuration:

Context Load Balancer Nginx Plus in front of kubernetes clusters with upstream on nodeport of ingress controller

Kubernetes: 1.21 with nutanix karbon

Ingress Controller Nginx Ingress controller inc version 2.3

Ingress in Helm's values file:

...
ingress:
  enabled: true
  annotations: {}
  ingressClassName: "nginx230"
  path: "/"
  pathType: "Prefix"  
  host: "kafka-ui-example.priv"

configmap:

data:

  KAFKA_CLUSTERS_0_NAME: "$KAFKA_CLUSTER_NAME"
  KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: "kafka/kafka-cluster-kafka-bootstrap:9093"
  AUTH_TYPE: "LOGIN_FORM"
  MANAGEMENT_HEALTH_LDAP_ENABLED: "FALSE" 
  DYNAMIC_CONFIG_ENABLED: "true"

the secret:

type: Opaque
data:
 KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD: $B64_TRUSTORE_PASSWORD
 KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_PASSWORD: $B64_KEYSTORE_PASSWORD
 SPRING_SECURITY_USER_NAME: b64_user
 SPRING_SECURITY_USER_PASSWORD: b64_password

Steps to reproduce

Apply the configuration describe in my installation details

Screenshots

No response

Logs

No response

Additional context

No response

github-actions[bot] commented 10 months ago

Hello there ledoc! πŸ‘‹

Thank you and congratulations πŸŽ‰ for opening your very first issue in this project! πŸ’–

In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. πŸ‘€

ledoc commented 10 months ago

Hello, Does anyone have an idea for correcting this behavior? It bothers me a lot to get stuck on something as simple as this.

p-eye commented 10 months ago

@ledoc hi, it looks like the secret values are not passed to configmap. did you test a static value like this?

data:
  KAFKA_CLUSTERS_0_NAME: "$KAFKA_CLUSTER_NAME"
  KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: "kafka/kafka-cluster-kafka-bootstrap:9093"
  AUTH_TYPE: "LOGIN_FORM"
  SPRING_SECURITY_USER_NAME: "admin"
  SPRING_SECURITY_USER_PASSWORD: "pass"

if it not works, it problems with ingress config. if it works, how about trying to read value from secret and pass it?

ledoc commented 10 months ago

thx @p-eye The values of SPRING_SECURITY_USER_NAME and SPRING_SECURITY_USER_PASSWORD are correct in the Pod and the Ingress works without basic-auth implementation, but when I activate it , I have a response code "302 found" for the POST request when I submit the credentials. I don't understand why this request is returning this error code.

p-eye commented 10 months ago

i think it is related to the redirected path, which appears before "302 found" in your pod logs. And there are some cases in here issues, solved with SERVER_SERVLET_CONTEXT_PATH. but in your case, because 'basePath' is not set on your ingress, so i'm not sure if it works in the same way..πŸ€”