Skip to content
This repository has been archived by the owner on Dec 7, 2020. It is now read-only.

Auth headers not transmitted through web socket #682

Open
yuripastushenko opened this issue Aug 20, 2020 · 0 comments
Open

Auth headers not transmitted through web socket #682

yuripastushenko opened this issue Aug 20, 2020 · 0 comments
Labels
kind/bug

Comments

@yuripastushenko
Copy link

Title

Auth headers not transmitted through web socket

Summary

We are using louketo-proxy as auth proxy between DEX and kubernetes dashboard.
Everything is working fine expect exec to pods from Kubernetes dashboard (via web socket).
When we open exec window in the dashboard we get a 404 error,
If we are going in kubernetes dashboard directly (with its default auth) this functionality works.

Environment

Version of everything that it's running in your environment:

  • Server: DEX
  • Louketo: keycloak-gatekeeper:10.0.0

Expected Results

The the connection through web socket works fine.

Actual Results

Logs in gatekeeper container:

1.597662803019813e+09    info    client request    {"latency": 0.576744601, "status": 500, "bytes": 17, "client_ip": "172.20.110.179:59380", "method": "POST", "path": "/api/sockjs/874/ejqrs3ob/xhr_streaming"}
1.5976628031897597e+09    info    client request    {"latency": 0.162154246, "status": 500, "bytes": 17, "client_ip": "172.20.86.86:46394", "method": "GET", "path": "/api/sockjs/874/aearzhw0/eventsource"}
1.5976628032091296e+09    info    client request    {"latency": 0.005461419, "status": 200, "bytes": 496, "client_ip": "172.20.127.189:59228", "method": "GET", "path": "/api/sockjs/iframe.html"}
1.5976628032336612e+09    error    no session found in request, redirecting for authorization    {"error": "authentication session not found"}

Logs in kubernetes dashboard container:

2020/08/17 11:13:21 [2020-08-17T11:13:21Z] Incoming HTTP/1.1 GET /api/v1/pod/nginx-ingress/nginx-ingress-controller-jxlmx/shell/nginx-ingress-controller request from 172.20.110.179:47412:
2020/08/17 11:13:23 handleTerminalSession: can't Recv: sockjs: session not in open state
E0817 11:13:29.573589   	1 v2.go:105] sockjs: session not in open state
2020/08/17 11:13:31 sockjs: session not in open state

Logs in browser terminal:

scripts.391d299173602e261418.js:1 WebSocket connection to 'wss://k8s-dashboard-int-sigma.mobbtech.com/api/sockjs/834/vjzhzfbi/websocket?d427352d241c6b5160618fa894f71da6' failed: Error during WebSocket handshake: Unexpected response code: 400

Steps to reproduce

Setup kubernetes dashboard and keycloak-gatekeeper as its auth proxy.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abstractj @yuripastushenko