Issue Type
Bug
Description
When testing instructions for Dex configuration, there's an issue with authenticating. As a user after running kubectl --user=oidc get pods as per instructions the call times out with following error:
error: get-token: authentication error: oidc error: oidc discovery error: Get "https://dex.kube.local/.well-known/openid-configuration": dial tcp 172.18.255.200:443: connect: operation timed out
I0130 13:29:58.519861 69629 helpers.go:240] Connection error: Get https://127.0.0.1:60024/api/v1/pods?limit=500: getting credentials: exec: executable kubectl failed with exit code 1
In the logs of istio-ingress pod (with debug level) we can see:
--
2023-01-30T12:47:09.061046Z debug envoy pool [C18] destroying stream: 0 remaining
2023-01-30T12:47:09.061272Z debug envoy connection [C933] write flush complete
2023-01-30T12:47:09.061288Z debug envoy connection [C933] closing socket: 1
2023-01-30T12:47:09.061333Z debug envoy conn_handler [C933] adding to cleanup list
2023-01-30T12:47:09.469591Z debug envoy filter tls inspector: new connection accepted
2023-01-30T12:47:09.469924Z debug envoy filter tls:onServerName(), requestedServerName: dex.kube.local
2023-01-30T12:47:09.470012Z debug envoy conn_handler [C934] new connection from 10.244.0.1:52739
2023-01-30T12:47:09.472347Z debug envoy connection [C934] remote address:10.244.0.1:52739,TLS error: 268436498:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
2023-01-30T12:47:09.473267Z debug envoy connection [C934] closing socket: 0
2023-01-30T12:47:09.473491Z debug envoy connection [C934] remote address:10.244.0.1:52739,TLS error: 268436498:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
2023-01-30T12:47:09.473535Z debug envoy conn_handler [C934] adding to cleanup list
Detailed steps
OSX Monterey
Rancher Desktop or Colima with 4 core 8 GB of ram
Follow instructions from `docs/DEX_GITHUB_INTEGRATION.md`. The error occurs when trying to get the pods with the new `oidc` user.
Screenshots
Logs
kubectl --user=oidc get pods -A
error: get-token: authentication error: oidc error: oidc discovery error: Get "https://dex.kube.local/.well-known/openid-configuration": dial tcp 172.18.255.200:443: connect: operation timed out
I0130 13:29:58.519861 69629 helpers.go:240] Connection error: Get https://127.0.0.1:60024/api/v1/pods?limit=500: getting credentials: exec: executable kubectl failed with exit code 1
istio-ingress logs
--
2023-01-30T12:47:09.061046Z debug envoy pool [C18] destroying stream: 0 remaining
2023-01-30T12:47:09.061272Z debug envoy connection [C933] write flush complete
2023-01-30T12:47:09.061288Z debug envoy connection [C933] closing socket: 1
2023-01-30T12:47:09.061333Z debug envoy conn_handler [C933] adding to cleanup list
2023-01-30T12:47:09.469591Z debug envoy filter tls inspector: new connection accepted
2023-01-30T12:47:09.469924Z debug envoy filter tls:onServerName(), requestedServerName: dex.kube.local
2023-01-30T12:47:09.470012Z debug envoy conn_handler [C934] new connection from 10.244.0.1:52739
2023-01-30T12:47:09.472347Z debug envoy connection [C934] remote address:10.244.0.1:52739,TLS error: 268436498:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
2023-01-30T12:47:09.473267Z debug envoy connection [C934] closing socket: 0
2023-01-30T12:47:09.473491Z debug envoy connection [C934] remote address:10.244.0.1:52739,TLS error: 268436498:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
2023-01-30T12:47:09.473535Z debug envoy conn_handler [C934] adding to cleanup list
Issue Type
Bug
Description
When testing instructions for Dex configuration, there's an issue with authenticating. As a user after running
kubectl --user=oidc get podsas per instructions the call times out with following error:In the logs of istio-ingress pod (with debug level) we can see:
Detailed steps
OSX Monterey
Rancher Desktop or Colima with 4 core 8 GB of ram
Screenshots
Logs
istio-ingress logs