Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error reading BasicDigestAuth annotation #3493

Closed
andrewnazarov opened this issue Nov 30, 2018 · 8 comments · Fixed by #3875
Closed

Error reading BasicDigestAuth annotation #3493

andrewnazarov opened this issue Nov 30, 2018 · 8 comments · Fixed by #3875

Comments

@andrewnazarov
Copy link

BUG REPORT

NGINX Ingress controller version:
0.20.0

Kubernetes version (use kubectl version):
v1.10.6-gke.11

Environment:

  • Cloud provider or hardware configuration: GKE
  • OS (e.g. from /etc/os-release): cos
  • Kernel (e.g. uname -a):
  • Install tools: helm
  • Others:

What happened:
I'm getting the following error
E1130 02:45:08.134955 9 annotations.go:177] error reading BasicDigestAuth annotation in Ingress review/dbs-ingress: unexpected error reading secret review/kube-public/basic-auth-db: no object matching key "review/kube-public/basic-auth-db" in local store
when I want to use a secret from a different namespace. The namespace of the ingress resource is appended to the object's path ('review' is the namespace).

What you expected to happen:
kube-public/basic-auth-db secret is taken by the ingress controller as stated here.

How to reproduce it (as minimally and precisely as possible):
annotate your ingress resource with
nginx.ingress.kubernetes.io/auth-secret: kube-public/basic-auth-db
and deploy it to a namespace different from kube-public.

@esudyin
Copy link

esudyin commented Dec 11, 2018

This could be related to the helm, because I could not reproduce the issue using minikube and the yaml file (see below):

Minikube: v0.31.0
Kubernetes v1.10.6
NGINX Ingress controller Release: 0.20.0

Secret in the "kube-public" namespace:

host$ kubectl describe -n kube-public secrets basic-auth
Name:         basic-auth
Namespace:    kube-public
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
auth:  42 bytes

Ingress can be created in the the namespace "ns01" and reference the secret from other namespace:

host$ kubectl describe -n ns01 ingresses.extensions app01-ingress
Name:             app01-ingress
Namespace:        ns01
Address:          192.168.122.127
Default backend:  default-http-backend:80 (172.17.0.4:8080)
Rules:
  Host  Path  Backends
  ----  ----  --------
  *     
        /app01   app01-svc:80 (<none>)
Annotations:
  nginx.ingress.kubernetes.io/auth-realm:    Authentication Required - foo
  nginx.ingress.kubernetes.io/auth-secret:   kube-public/basic-auth
  nginx.ingress.kubernetes.io/auth-type:     basic
  nginx.ingress.kubernetes.io/ssl-redirect:  false
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  109s  nginx-ingress-controller  Ingress ns01/app01-ingress
  Normal  UPDATE  101s  nginx-ingress-controller  Ingress ns01/app01-ingress

my yaml file:

host$ cat ns01-app-ingress-auth.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: app01-ingress
  namespace: ns01
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: 'false'
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: 'kube-public/basic-auth'
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'    
spec:
  rules:
  - http:
      paths:
      - path: /app01
        backend:
          serviceName: app01-svc
          servicePort: 80

@captncraig
Copy link

I am experiencing this same failure with ingress-nginx 0.22.0.

Looks to me like this code is not properly recognizing the namespace/name format of the auth-secret annotation.

@dmitryzykov
Copy link

I'm having the same problem with 0.22.0

      nginx.ingress.kubernetes.io/auth-secret: "ingress/basic-auth"
E0309 13:23:42.820487       6 annotations.go:183] error reading BasicDigestAuth annotation in Ingress logging/elastic-stack-kibana: unexpected error reading secret logging/ingress/basic-auth: no object matching key "logging/ingress/basic-auth" in local store

@zeph
Copy link

zeph commented Apr 3, 2020

same on 0.27.1 ...
E0403 13:01:51.116636 8 annotations.go:200] error reading BasicDigestAuth annotation in Ingress <ns>/<ingress>: unexpected error reading secret <ns>/<secret>: no object matching key "<ns>/<secret>" in local store

1 similar comment
@zeph
Copy link

zeph commented Apr 3, 2020

same on 0.27.1 ...
E0403 13:01:51.116636 8 annotations.go:200] error reading BasicDigestAuth annotation in Ingress <ns>/<ingress>: unexpected error reading secret <ns>/<secret>: no object matching key "<ns>/<secret>" in local store

@zeph
Copy link

zeph commented Apr 3, 2020

/reopen

@k8s-ci-robot
Copy link
Contributor

@zeph: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@zeph
Copy link

zeph commented Apr 3, 2020

@andrewnazarov could u? I mean, this is a regression... if it was expected to work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants