Closed kjhadd closed 1 year ago
hey @kjhadd I've had a look at this.
While I accept that it definitely shouldn't crash, it's not clear what's going on.
I've tried reproducing it, and invalid credentials for Dex are correctly reported in the UI.
From Dex
time="2023-08-24T14:04:58Z" level=info msg="invalid client_secret on token request for client: example-app"
And Weave GitOps
dev-weave-gi… │ 2023-08-24T14:04:58.958Z ERROR gitops.auth-server auth/server.go:341 failed to exchange auth code for token {"code": "<snip>", "error": "oauth2: cannot fetch token: 401 Unauthorized\nResponse: {\"error\":\"invalid_client\",\"error_description\":\"Invalid client credentials.\"}"}
Do you have any further logs at all?
Since Weave Gitops pod crashes on init I am never able to run an auth request, so it is all the logs I have. Dex pod has nothing related in the logs.
Do you have any proposal for logs I should look for? During registration of clients, is there anything that Weave Gitops does that should leave a mark in my kubernetes logs somewhere?
@kjhadd I'm looking through the code for any cases where we would just terminate.
How about -p
in kubectl logs
do you have any more information there?
Hey @kjhadd I think this should be fixed, we bumped a dependency which I think was the cause of this one https://github.com/weaveworks/weave-gitops/pull/3968
I'm going to close this, if it's not fixed, please feel free to reopen.
Just a heads up @kjhadd I thought I was running into this too, but I realized the issuer URL for my Dex service wasn't actually accessible inside my cluster.
Not sure if it's the same case for you, but it's possible a call to Dex is hanging when the server is starting.
Describe the bug Configuring OIDC with Dex and Google/Github causes the
weave-gitops
to go into a crashloop.Using HelmRelease for both
weave-gitops
anddex
.Essentially following the guide here https://docs.gitops.weave.works/docs/guides/setting-up-dex/. Also attempted using the Google connector instead of the Github connector in Dex, with the same result.
weave-gitops crashes when the
oidc-auth
secret exists with the client configuration defined in thestaticClients
section of Dex Config. It does however not crash if instead theoidc-auth
client credentials are set directly to credentials issued by Google.Environment
v0.28.0
v2.37.0
(also triedv2.31.0
)v0.41.2
v1.26.5-gke.1400
TLS with Traefik ingress controller and cert-manager.To Reproduce Steps to reproduce the behavior:
oidc-auth
secret with client configuration as defined in Dex configExpected behavior
I access the
weave-gitops
frontend, press the login with OIDC button and get redirected through Dex to login with Google/Github.Actual Behavior
Pod crashes on init with the following logs, and goes into a crashloop.
Additional Context (screenshots, logs, etc)
dex-helmrelease.yaml
weave-gitops oidc config in k8s secret
weave-gitops-helmrelease.yaml