-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configuring OIDC with Dex causes weave-gitops to crash #3963
Comments
hey @kjhadd I've had a look at this. While I accept that it definitely shouldn't crash, it's not clear what's going on. I've tried reproducing it, and invalid credentials for Dex are correctly reported in the UI. From Dex
And Weave GitOps
Do you have any further logs at all? |
Since Weave Gitops pod crashes on init I am never able to run an auth request, so it is all the logs I have. Dex pod has nothing related in the logs. Do you have any proposal for logs I should look for? During registration of clients, is there anything that Weave Gitops does that should leave a mark in my kubernetes logs somewhere? |
@kjhadd I'm looking through the code for any cases where we would just terminate. How about |
I'm going to close this, if it's not fixed, please feel free to reopen. |
Just a heads up @kjhadd I thought I was running into this too, but I realized the issuer URL for my Dex service wasn't actually accessible inside my cluster. Not sure if it's the same case for you, but it's possible a call to Dex is hanging when the server is starting. |
Describe the bug
Configuring OIDC with Dex and Google/Github causes the
weave-gitops
to go into a crashloop.Using HelmRelease for both
weave-gitops
anddex
.Essentially following the guide here https://docs.gitops.weave.works/docs/guides/setting-up-dex/.
Also attempted using the Google connector instead of the Github connector in Dex, with the same result.
weave-gitops crashes when the
oidc-auth
secret exists with the client configuration defined in thestaticClients
section of Dex Config. It does however not crash if instead theoidc-auth
client credentials are set directly to credentials issued by Google.Environment
v0.28.0
v2.37.0
(also triedv2.31.0
)v0.41.2
v1.26.5-gke.1400
TLS with Traefik ingress controller and cert-manager.
To Reproduce
Steps to reproduce the behavior:
oidc-auth
secret with client configuration as defined in Dex configExpected behavior
I access the
weave-gitops
frontend, press the login with OIDC button and get redirected through Dex to login with Google/Github.Actual Behavior
Pod crashes on init with the following logs, and goes into a crashloop.
Additional Context (screenshots, logs, etc)
dex-helmrelease.yaml
weave-gitops oidc config in k8s secret
weave-gitops-helmrelease.yaml
The text was updated successfully, but these errors were encountered: