Hamid Narimani
08/27/2021, 4:55 AMRobert Moucha
08/27/2021, 11:04 AMkubectl get <http://ingressclasses.networking.k8s.io|ingressclasses.networking.k8s.io> -A
)
I will try to simulate your problem and propose a solutionRobert Moucha
08/27/2021, 11:24 AMingress:
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
(assuming your ingressclass is called nginx
)Hamid Narimani
08/27/2021, 4:14 PMkubectl get <http://ingressclasses.networking.k8s.io|ingressclasses.networking.k8s.io> -A
NAME CONTROLLER PARAMETERS AGE
nginx <http://k8s.io/ingress-nginx|k8s.io/ingress-nginx> <none> 16h
I did some changes :
Removed
tls:
authSecretName: gooddata-cn-auth-tls
Hamid Narimani
08/27/2021, 4:15 PMdex:
ingress:
authHost: '<http://auth.mydomain.com|auth.mydomain.com>'
tls:
authSecretName: gooddata-cn-auth-tls
What should be my authHost:
And do I need tls:
since I am using TLS terminated on a Load BalancerHamid Narimani
08/27/2021, 4:29 PMRobert Moucha
08/27/2021, 4:29 PMtls
section both in dex.ingress
as well as in your organization custom resource (alpha-org).Robert Moucha
08/27/2021, 4:30 PM<http://auth.mydomain.com|auth.mydomain.com>
is a hostname where the authentication endpoint lives - it's common for all organizations.Robert Moucha
08/27/2021, 4:31 PMHamid Narimani
08/27/2021, 4:32 PMHamid Narimani
08/27/2021, 4:46 PMHamid Narimani
08/27/2021, 4:46 PMHamid Narimani
08/27/2021, 5:22 PMRobert Moucha
08/28/2021, 8:43 AM<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
annotation also to dex.ingress.annotations
2. make sure the .<http://mydomin.com|mydomin.com>
is the same as .##.dev
in your example
3. I can see redirect_uri=http://...
- it should use the https scheme. It seems that you're accessing http endpoint and http->https redirect is not in place. Try adding <http://nginx.ingress.kubernetes.io/force-ssl-redirect|nginx.ingress.kubernetes.io/force-ssl-redirect>: "true"
to ingress.annotations in customized-values-gooddata-cn.yamlHamid Narimani
08/28/2021, 8:42 PMHamid Narimani
08/28/2021, 8:42 PMHamid Narimani
08/28/2021, 8:44 PMHamid Narimani
08/28/2021, 8:44 PMHamid Narimani
08/28/2021, 8:44 PMHamid Narimani
08/28/2021, 8:45 PMHamid Narimani
08/29/2021, 1:20 AM<http://nginx.ingress.kubernetes.io/force-ssl-redirect|nginx.ingress.kubernetes.io/force-ssl-redirect>: "true"
Hamid Narimani
08/29/2021, 1:21 AM# file name: customized-values-gooddata-cn.yaml
deployRedisHA: true
deployPostgresHA: true
ingress:
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
<http://nginx.ingress.kubernetes.io/force-ssl-redirect|nginx.ingress.kubernetes.io/force-ssl-redirect>: "true"
dex:
ingress:
authHost: 'auth.##.dev'
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
license:
key: "key/egggg
Robert Moucha
08/30/2021, 8:49 AMcontroller:
config:
# use X-Forwarded-* received from ELB
use-forwarded-headers: 'true'
# This should improve performance
client-body-buffer-size: '1m'
# This should resolve possible issue with big headers
proxy-buffer-size: '16k'
Then, redeploy ingress-nginx, perform rollout restart.
You should then remove the Organization resource (kubectl -n yournamespace delete org -f your-org-definition.yaml) to clean old data from Gooddata.CN internal databases.
One note - I can see you're still running old release 1.1.1 - I suggest upgrading to 1.3.0. If you don't have any data yet, perform a fresh install. Ortherwise follow upgrade procedures described in documentation.
It seems that the nginx config snippet above is missing in our documentation. I will update it.Hamid Narimani
08/30/2021, 3:52 PMHamid Narimani
08/30/2021, 3:53 PMHamid Narimani
08/30/2021, 3:55 PMhelm3 upgrade --version 1.3.0 gooddata-cn gooddata/gooddata-cn -f customized-values-gooddata-cn.yaml -n gooddata-cn
Robert Moucha
08/30/2021, 4:40 PM<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
annotation)Hamid Narimani
08/30/2021, 4:41 PM# file name: customized-values-gooddata-cn.yaml
deployRedisHA: true
deployPostgresHA: true
ingress:
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
<http://nginx.ingress.kubernetes.io/force-ssl-redirect|nginx.ingress.kubernetes.io/force-ssl-redirect>: "true"
dex:
ingress:
authHost: 'auth.atheer.dev'
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
license:
key: "key/eyJ
Hamid Narimani
08/30/2021, 6:51 PMHamid Narimani
08/30/2021, 6:52 PMHamid Narimani
08/30/2021, 10:08 PMRobert Moucha
08/31/2021, 8:36 AMdex:
ingress:
authHost: 'auth.atheer.dev'
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
should be:
dex:
ingress:
authHost: 'auth.atheer.dev'
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
Hamid Narimani
08/31/2021, 9:04 PMHamid Narimani
08/31/2021, 9:07 PMRobert Moucha
09/01/2021, 7:26 AMHamid Narimani
09/02/2021, 11:02 PMHamid Narimani
09/02/2021, 11:02 PMHamid Narimani
09/02/2021, 11:57 PM{
"title": "Not Found",
"status": 404,
"detail": "404 NOT_FOUND \"User is not registered\"",
"traceId": "d2c69f02831f516f"
}
Robert Moucha
09/03/2021, 7:42 AMHamid Narimani
09/03/2021, 7:57 AMHamid Narimani
09/03/2021, 7:58 AMHamid Narimani
09/03/2021, 7:59 AMHamid Narimani
09/03/2021, 7:59 AM{
"title": "Not Found",
"status": 404,
"detail": "404 NOT_FOUND \"User is not registered\"",
"traceId": "361874644453adf6"
}
Hamid Narimani
09/03/2021, 8:01 AMHamid Narimani
09/03/2021, 8:02 AMcurl --request POST \
--header "Authorization: Bearer $GDC_API_TOKEN" \
--header 'Content-Type: application/vnd.gooddata.api+json' \
--data '{
"data": {
"id": "Atheer",
"type": "user",
"attributes": {
"authenticationId": "<mailto:hnarimani@atheerair.com|hnarimani@atheerair.com>"
},
"relationships": {
"userGroups": {
"data": [ {
"id": "adminGroup",
"type": "userGroup"
} ]
}
}
}
}' <https://gooddata.atheer.dev/api/entities/users>
{"detail":"Entity of ID 'StockId(apiId=Atheer, scope=OrganizationScope(organization=alpha))' is already stored in database.","status":400,"title":"Bad Request","traceId":"449837b6e90b5e3c"}%
Hamid Narimani
09/03/2021, 8:04 AM<https://gooddata.atheer.dev/appLogin?redirectTo=%2F>
Hamid Narimani
09/03/2021, 8:04 AM{
"title": "Not Found",
"status": 404,
"detail": "404 NOT_FOUND \"User is not registered\"",
"traceId": "9d02460143404c3a"
}
Robert Moucha
09/03/2021, 8:55 AMRobert Moucha
09/03/2021, 8:55 AMRobert Moucha
09/03/2021, 8:58 AMpeople.get
method and set resourceName to people/me
Hamid Narimani
09/03/2021, 9:25 AMRobert Moucha
09/03/2021, 9:42 AM