Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create devworkspace: Unauthorized #21325

Closed
Ryder05 opened this issue Apr 8, 2022 · 8 comments
Closed

Unable to create devworkspace: Unauthorized #21325

Ryder05 opened this issue Apr 8, 2022 · 8 comments
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.

Comments

@Ryder05
Copy link

Ryder05 commented Apr 8, 2022
edited
Loading

Describe the bug

When i try to create a new devworkspace an error shows up saying " Failed to create a workspace. Failed to create a new workspace from the devfile, reason: Failed to create a new workspace. Unable to create devworkspace: Unauthorized "

image

Che version

7.44@latest

Steps to reproduce

  1. chectl server:deploy --domain=che.xxx.eu --platform=k8s --che-operator-cr-yaml=checluster.yml --skip-oidc-provider-check -n che

Expected behavior

A devworkspace starts up =.

Runtime

Kubernetes (vanilla)

Screenshots

image

Installation method

chectl/latest

Environment

Windows

Eclipse Che Logs

No response

Additional context

Checluster file used in deployment.

apiVersion: org.eclipse.che/v1
kind: CheCluster
metadata:
  name: eclipse-che
spec:
  auth:
    externalIdentityProvider: true
    #identityProviderIngress: traefik
    identityProviderClientId: 'eclispe-che'
    identityProviderRealm: opencell
    identityProviderURL:  https://kc.osama-che.me/auth/realms/opencell/
    openShiftoAuth: false
    updateAdminPassword: false
    identityProviderPassword: 'admin' 

  server:
    serverExposureStrategy: 'multi-host'
    workspaceNamespaceDefault: che-ws-<username>
    #cheServerIngress: "traefik"
    customCheProperties:
      CHE_OIDC_USERNAME__CLAIM: "email"
      CHE_INFRA_KUBERNETES_TLS__SECRET: ''
      CHE_KEYCLOAK_CLIENT__ID: 'eclipse-che'
      CHE_KEYCLOAK_REALM: 'opencell'

      CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: 
        '{
          "kubernetes.io/ingress.class": "nginx", 
          "nginx.ingress.kubernetes.io/affinity": "true", 
          "nginx.ingress.kubernetes.io/rewrite-target": "/",
          "ingress.kubernetes.io/ssl-redirect": "true",
          "ingress.kubernetes.io/force-ssl-redirect": "true" 
        }'
  database:
    externalDb: false

  k8s:
    tlsSecretName: 'che-tls'
    ingressClass: 'nginx'
    ingressDomain: 'che.xxx.eu'  
    ingressStrategy: 'multi-host'
    securityContextRunAsUser: '0'
    securityContextFsGroup: '0'
@Ryder05 Ryder05 added the kind/bug Outline of a bug - must adhere to the bug report template. label Apr 8, 2022
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Apr 8, 2022
@benoitf
Copy link
Contributor

benoitf commented Apr 8, 2022

Hello, we can see a certificate error
Do you have validated the self-signed certificate ?

@benoitf benoitf added severity/P1 Has a major impact to usage or development of the system. area/install Issues related to installation, including offline/air gap and initial setup and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Apr 8, 2022
@Ryder05
Copy link
Author

Ryder05 commented Apr 8, 2022

Hello, we can see a certificate error Do you have validated the self-signed certificate ?

i downloaded the self signed certificate and imported it in Trusted Root Certificate Authorities, but it is still not valid "windows does not have enough information to verify this certificate"

@Ryder05
Copy link
Author

Ryder05 commented Apr 11, 2022

It seems roles, bindings and serviceaccounts are not created. Should this be done by eclipse che ?

@l0rd
Copy link
Contributor

l0rd commented Apr 11, 2022

@Ryder05 have you setup an OIDC provider for authentication on your cluster? On what Kubernetes are you testing this (minikube, eks, gke...) ?

@Ryder005
Copy link

@Ryder05 have you setup an OIDC provider for authentication on your cluster? On what Kubernetes are you testing this (minikube, eks, gke...) ?

Hello, I am using an externeal keycloak as an OIDC and i am using a full managed kubernetes provided by OVH cloud.

@homains-ou
Copy link

Having the same issue with version 7.46.0

@Ryder05
Copy link
Author

Ryder05 commented Apr 28, 2022
edited
Loading

Having the same issue with version 7.46.0

I finally resolved the problem by configuring Keycloak as an OIDC provider for my Kubernetes cluster.
#21049 (comment)

@tolusha tolusha mentioned this issue May 3, 2022
Open
@tolusha
Copy link
Contributor

tolusha commented May 11, 2022

Can we close this issue?

@Ryder05 Ryder05 closed this as completed May 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@benoitf @l0rd @tolusha @che-bot @Ryder005 @Ryder05 @homains-ou