-
Notifications
You must be signed in to change notification settings - Fork 616
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please configure authentication to use the web console #14270
Comments
I reverted to old version of image: quay.io/openshift/origin-console:4.9.0 instead of image: quay.io/openshift/origin-console:latest ; which seems to have resolved the issue with authentication - Going through the image files, seems like only noticeable change is OS is moved to rhel9 from older rhel8 - but dont know what VAR it is looking for... spec:
|
BUMP! |
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
Hi,
today when I was trying to launch the okd console , I was greeted with below message
:
Please configure authentication to use the web console.
Not sure , if there is a new image pushed and might be need to patch notes...Trying to troubleshoot this one, any help appreciated
a. Kubevirt cluster - 3 node physical
b. Used ci/deploy-console.sh & additional components from the ci/ & yaml/ folders
c. I cant attach images here , it is basically node port connected over browser giving the output as below:
Please configure authentication to use the web console.
logs from console pod
k logs console-798cf56f96-xh88k
I0902 07:16:33.814995 1 main.go:214] The following console plugins are enabled:
I0902 07:16:33.815031 1 main.go:216] - forklift-console-plugin
W0902 07:16:33.815039 1 authoptions.go:112] Flag inactivity-timeout is set to less then 300 seconds and will be ignored!
W0902 07:16:33.815211 1 authoptions.go:259] console is disabled -- no authentication method configured
I0902 07:16:33.815256 1 main.go:634] Binding to 0.0.0.0:9000...
I0902 07:16:33.815272 1 main.go:636] using TLS
2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:57769: remote error: tls: unknown certificate
2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:51679: remote error: tls: unknown certificate
2024/09/02 07:16:40 http: TLS handshake error from 172.16.149.19:62944: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:45346: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:43350: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:36632: remote error: tls: unknown certificate
console deployment output:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "2"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"console","namespace":"konveyor-forklift"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"console"}},"template":{"metadata":{"labels":{"name":"console"}},"spec":{"containers":[{"env":[{"name":"BRIDGE_USER_AUTH","value":"disabled"},{"name":"BRIDGE_LISTEN","value":"https://0.0.0.0:9000"},{"name":"BRIDGE_TLS_CERT_FILE","value":"/var/run/secrets/console-serving-cert/tls.crt"},{"name":"BRIDGE_TLS_KEY_FILE","value":"/var/run/secrets/console-serving-cert/tls.key"},{"name":"BRIDGE_PLUGINS","value":"forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080"},{"name":"BRIDGE_PLUGIN_PROXY","value":"{"services":[\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",\n "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n },\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",\n "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n }]}\n"}],"image":"quay.io/openshift/origin-console:latest","name":"console","volumeMounts":[{"mountPath":"/var/run/secrets/console-serving-cert","name":"console-serving-cert"},{"mountPath":"/etc/ssl/certs/forklift-ca.crt","name":"forklift-cert","subPath":"ca.crt"}]}],"serviceAccountName":"console","volumes":[{"name":"forklift-cert","secret":{"secretName":"forklift-cert"}},{"name":"console-serving-cert","secret":{"secretName":"console-serving-cert"}}]}}}}
creationTimestamp: "2024-09-02T07:10:02Z"
generation: 2
name: console
namespace: konveyor-forklift
resourceVersion: "187602490"
uid: cd3cc6a3-3aa3-4788-867f-1beb44a5c9db
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: console
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
name: console
spec:
containers:
value: disabled
value: https://0.0.0.0:9000
value: /var/run/secrets/console-serving-cert/tls.crt
value: /var/run/secrets/console-serving-cert/tls.key
value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
value: |
{"services":[
{
"consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",
"endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",
"authorize":true
},
{
"consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",
"endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",
"authorize":true
}]}
image: quay.io/openshift/origin-console:latest
imagePullPolicy: Always
name: console
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
name: console-serving-cert
name: forklift-cert
subPath: ca.crt
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: console
serviceAccountName: console
terminationGracePeriodSeconds: 30
volumes:
secret:
defaultMode: 420
secretName: forklift-cert
secret:
defaultMode: 420
secretName: console-serving-cert
status:
availableReplicas: 1
conditions:
lastTransitionTime: "2024-09-02T07:10:22Z"
lastUpdateTime: "2024-09-02T07:10:22Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
lastTransitionTime: "2024-09-02T07:10:02Z"
lastUpdateTime: "2024-09-02T07:16:31Z"
message: ReplicaSet "console-798cf56f96" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 2
readyReplicas: 1
replicas: 1
updatedReplicas: 1
The text was updated successfully, but these errors were encountered: