Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: supporting unauthenticated version endpoint #327

Closed
wants to merge 2 commits into from

Conversation

prometherion
Copy link
Member

Closes #315.

@prometherion
Copy link
Member Author

@sybnex I tested this personally and seems fixing what you're looking for.

$: curl -k https://127.0.0.1:9001/version
{
  "major": "1",
  "minor": "25",
  "gitVersion": "v1.25.3",
  "gitCommit": "434bfd82814af038ad94d62ebe59b133fcb50506",
  "gitTreeState": "clean",
  "buildDate": "2022-10-25T19:35:11Z",
  "goVersion": "go1.19.2",
  "compiler": "gc",
  "platform": "linux/amd64"
}

For the /version endpoint we're skipping the error in case of retrieval of authentication data, bypassing the user impersonation and decorating the request with the bearer token which would be required to perform the necessary user impersonation.

I wanted to give it a try also if we support a protected endpoint, and it seems to do the trick:

$: curl -k -H 'Authorization: Bearer <REDACTED>' https://127.0.0.1:9001/version
{
  "major": "1",
  "minor": "25",
  "gitVersion": "v1.25.3",
  "gitCommit": "434bfd82814af038ad94d62ebe59b133fcb50506",
  "gitTreeState": "clean",
  "buildDate": "2022-10-25T19:35:11Z",
  "goVersion": "go1.19.2",
  "compiler": "gc",
  "platform": "linux/amd64"
}

This would be required for those Kubernetes distributions which are protecting the version endpoint, thus a valid token, and a user along with groups, must be enforced.

It would be great if you could give it a try, ensuring it works as expected in your environment.

@sybnex
Copy link

sybnex commented Oct 31, 2023

Hi,

thanks for your big effort! The part, you developed, with the version works as designed!

Unfortunately it didn't solved the problem. I increased all debug logs to the max but couldn't find any hint what's the problem with the dashboard. It is still not starting and hangs in a CrashLoopBackOff.

I even tried to create an own tenant for the dashboard with his serviceaccount as owner but wasn't successfully.
Last thing would be sniffing the network ...

Is there any change to increase the logs of the capsule-proxy by more than 10?

@prometherion
Copy link
Member Author

Unless sharing more details, such the reason for the crashloopbackoff, dashboard logs, and further details, I cannot help you.

I would suggest moving the discussion to the issue itself, since this place must be used mostly to address changes and technical discussions.

@oliverbaehler
Copy link
Collaborator

Stale, Reopen on activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Kubernetes Dashboard crashing on startup with capsule-proxy
3 participants