oauth2-proxy
oauth2-proxy copied to clipboard
oauth2-proxy
cookied session Oauth-proxy not found
OAuth2-Proxy Version
quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
Provider
oidc
Expected Behaviour
using OIDC client id and secret i have created k8s secrets using below command. After creating secret using kubectl describe tekton-oauth-proxy i have taken the password filed from the k8s describe command then i passed inside the k8s application deployment yaml file. I will add the error logs.
kubectl create secret generic tekton-oauth-proxy --from-literal=username=username --from- literal=password=password
kubectl describe secret tekton-oauth-proxy
Current Behaviour
oauth proxy container log
k logs -f automatiko-approval-task-598c4b576f-9dxvk -n tekton-pipelines -c oauth-proxy
[2024/02/02 12:40:12] [oauthproxy.go:219] mapping path "/" => upstream "http://localhost:8080/"
[2024/02/02 12:40:12] [oauthproxy.go:265] OAuthProxy configured for OpenID Connect Client ID: my-client-id
[2024/02/02 12:40:12] [oauthproxy.go:271] Cookie settings: name:_oauth2_proxy secure(https):false httponly:true expiry:168h0m0s domain: path:/ samesite: refresh:disabled
[2024/02/02 12:40:12] [http.go:92] HTTP: listening on :8888
[2024/02/02 12:40:19] [oauthproxy.go:871] Error loading cookied session: Cookie "_oauth2_proxy" not present
10.125.12.252 - - [2024/02/02 12:40:19] 10.125.14.90:8888 GET - "/" HTTP/1.1 "ELB-HealthChecker/2.0" 403 2621 0.000
[2024/02/02 12:40:19] [oauthproxy.go:871] Error loading cookied session: Cookie "_oauth2_proxy" not present
10.125.14.205 - - [2024/02/02 12:40:19] 10.125.14.90:8888 GET - "/" HTTP/1.1 "ELB-HealthChecker/2.0" 403 2621 0.000
Steps To Reproduce
Deployment.yaml file
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/version: 0.7.0
app.kubernetes.io/name: automatiko-approval-task
name: automatiko-approval-task
namespace: tekton-pipelines
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/version: 0.7.0
app.kubernetes.io/name: automatiko-approval-task
template:
metadata:
labels:
app.kubernetes.io/version: 0.7.0
app.kubernetes.io/name: automatiko-approval-task
spec:
volumes: null
containers:
- env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: QUARKUS_OPERATOR_SDK_NAMESPACES
value: default
- name: QUARKUS_AUTOMATIKO_SERVICE_URL
value: https://my-dns-name
- name: QUARKUS_PROFILE
value: secured
- name: QUARKUS_AUTOMATIKO_NOTIFICATIONS_TEAMS_MYCHANNEL
value: "https://my-webhook-url"
image: automatiko/automatiko-approval-task
imagePullPolicy: Always
name: automatiko-approval-task
livenessProbe:
failureThreshold: 3
httpGet:
path: /q/health/live
port: 8080
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /q/health/ready
port: 8080
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
- name: oauth-proxy
args:
- --cookie-secure=false
- --provider=oidc
- --https-address=
- --http-address=:8888
- --prefer-email-to-user=true
- --email-domain=*
- --cookie-name=_oauth2_proxy
#- --prefer-email-to-user=true
- --upstream=http://localhost:8080
- --client-id=my-client-id
- --client-secret=my-client-secret
- --pass-access-token=false
- --pass-basic-auth=false
- --oidc-issuer-url=my-issuer-url
- --cookie-secret=my-cookies-secret # which is taken by kubectl describe secret tekton-oauth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
imagePullPolicy: IfNotPresent
ports:
- name: oauth-proxy
containerPort: 8888
protocol: TCP
serviceAccountName: automatiko-approval-task
Possible Solutions
No response
Configuration details or additional information
No response
