Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please configure authentication to use the web console #14270

Open
jsakil14 opened this issue Sep 10, 2024 · 2 comments
Open

Please configure authentication to use the web console #14270

jsakil14 opened this issue Sep 10, 2024 · 2 comments

Comments

@jsakil14
Copy link

Hi,

today when I was trying to launch the okd console , I was greeted with below message
:
Please configure authentication to use the web console.

Not sure , if there is a new image pushed and might be need to patch notes...Trying to troubleshoot this one, any help appreciated

a. Kubevirt cluster - 3 node physical
b. Used ci/deploy-console.sh & additional components from the ci/ & yaml/ folders
c. I cant attach images here , it is basically node port connected over browser giving the output as below:

Please configure authentication to use the web console.

logs from console pod

k logs console-798cf56f96-xh88k
I0902 07:16:33.814995 1 main.go:214] The following console plugins are enabled:
I0902 07:16:33.815031 1 main.go:216] - forklift-console-plugin
W0902 07:16:33.815039 1 authoptions.go:112] Flag inactivity-timeout is set to less then 300 seconds and will be ignored!
W0902 07:16:33.815211 1 authoptions.go:259] console is disabled -- no authentication method configured
I0902 07:16:33.815256 1 main.go:634] Binding to 0.0.0.0:9000...
I0902 07:16:33.815272 1 main.go:636] using TLS
2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:57769: remote error: tls: unknown certificate
2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:51679: remote error: tls: unknown certificate
2024/09/02 07:16:40 http: TLS handshake error from 172.16.149.19:62944: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:45346: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:43350: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:36632: remote error: tls: unknown certificate
console deployment output:

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "2"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"console","namespace":"konveyor-forklift"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"console"}},"template":{"metadata":{"labels":{"name":"console"}},"spec":{"containers":[{"env":[{"name":"BRIDGE_USER_AUTH","value":"disabled"},{"name":"BRIDGE_LISTEN","value":"https://0.0.0.0:9000"},{"name":"BRIDGE_TLS_CERT_FILE","value":"/var/run/secrets/console-serving-cert/tls.crt"},{"name":"BRIDGE_TLS_KEY_FILE","value":"/var/run/secrets/console-serving-cert/tls.key"},{"name":"BRIDGE_PLUGINS","value":"forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080"},{"name":"BRIDGE_PLUGIN_PROXY","value":"{"services":[\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",\n "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n },\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",\n "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n }]}\n"}],"image":"quay.io/openshift/origin-console:latest","name":"console","volumeMounts":[{"mountPath":"/var/run/secrets/console-serving-cert","name":"console-serving-cert"},{"mountPath":"/etc/ssl/certs/forklift-ca.crt","name":"forklift-cert","subPath":"ca.crt"}]}],"serviceAccountName":"console","volumes":[{"name":"forklift-cert","secret":{"secretName":"forklift-cert"}},{"name":"console-serving-cert","secret":{"secretName":"console-serving-cert"}}]}}}}
creationTimestamp: "2024-09-02T07:10:02Z"
generation: 2
name: console
namespace: konveyor-forklift
resourceVersion: "187602490"
uid: cd3cc6a3-3aa3-4788-867f-1beb44a5c9db
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: console
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
name: console
spec:
containers:

  • env:
  • name: BRIDGE_USER_AUTH
    value: disabled
  • name: BRIDGE_LISTEN
    value: https://0.0.0.0:9000
  • name: BRIDGE_TLS_CERT_FILE
    value: /var/run/secrets/console-serving-cert/tls.crt
  • name: BRIDGE_TLS_KEY_FILE
    value: /var/run/secrets/console-serving-cert/tls.key
  • name: BRIDGE_PLUGINS
    value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
  • name: BRIDGE_PLUGIN_PROXY
    value: |
    {"services":[
    {
    "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",
    "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",
    "authorize":true
    },
    {
    "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",
    "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",
    "authorize":true
    }]}
    image: quay.io/openshift/origin-console:latest
    imagePullPolicy: Always
    name: console
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
  • mountPath: /var/run/secrets/console-serving-cert
    name: console-serving-cert
  • mountPath: /etc/ssl/certs/forklift-ca.crt
    name: forklift-cert
    subPath: ca.crt
    dnsPolicy: ClusterFirst
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext: {}
    serviceAccount: console
    serviceAccountName: console
    terminationGracePeriodSeconds: 30
    volumes:
  • name: forklift-cert
    secret:
    defaultMode: 420
    secretName: forklift-cert
  • name: console-serving-cert
    secret:
    defaultMode: 420
    secretName: console-serving-cert
    status:
    availableReplicas: 1
    conditions:

lastTransitionTime: "2024-09-02T07:10:22Z"
lastUpdateTime: "2024-09-02T07:10:22Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
lastTransitionTime: "2024-09-02T07:10:02Z"
lastUpdateTime: "2024-09-02T07:16:31Z"
message: ReplicaSet "console-798cf56f96" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 2
readyReplicas: 1
replicas: 1
updatedReplicas: 1
@jsakil14
Copy link
Author

I reverted to old version of image: quay.io/openshift/origin-console:4.9.0 instead of image: quay.io/openshift/origin-console:latest ; which seems to have resolved the issue with authentication - Going through the image files, seems like only noticeable change is OS is moved to rhel9 from older rhel8 - but dont know what VAR it is looking for...

spec:
containers:

@jsakil14 jsakil14 mentioned this issue Sep 12, 2024
Open
@jsakil14
Copy link
Author

BUMP!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jsakil14