dosubot[bot] commented on issue #7928:
URL:
https://github.com/apache/incubator-devlake/issues/7928#issuecomment-2316284240
<!-- Answer -->
To resolve the issue of the basic auth username/password pop-up still
appearing after adding `oauth2-proxy`, you may need to ensure that the
`oauth2-proxy` is correctly configured and that the old configurations are not
interfering. Here are a few steps to troubleshoot and resolve this:
1. **Verify `oauth2-proxy` Configuration**:
Ensure that the `oauth2-proxy` configuration is correct and that it is
properly integrated with your OKTA settings.
2. **Check Ingress Configuration**:
Make sure that your Ingress configuration is routing traffic through the
`oauth2-proxy`. This typically involves updating the Ingress annotations to use
`oauth2-proxy`.
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: devlake-ingress
annotations:
nginx.ingress.kubernetes.io/auth-url:
"https://<your-domain>/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin:
"https://<your-domain>/oauth2/start?rd=$request_uri"
spec:
rules:
- host: <your-domain>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: devlake
port:
number: 80
```
3. **Delete and Recreate Pods**:
If the configuration changes are not taking effect, you may need to
delete the existing pods to ensure that the new configuration is applied. You
can do this by deleting the pods, and Kubernetes will automatically recreate
them with the updated configuration.
```shell
kubectl delete pod -l app=devlake
```
4. **Check Logs**:
Check the logs of the `oauth2-proxy` and `devlake` pods to ensure that
there are no errors and that the authentication flow is working as expected.
```shell
kubectl logs <oauth2-proxy-pod-name>
kubectl logs <devlake-pod-name>
```
5. **Update Helm Chart**:
Ensure that your Helm chart values are correctly set to use
`oauth2-proxy`. Here is an example of what your `values.yaml` might look like:
```yaml
authproxy:
enabled: true
image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0-amd64
env:
- name: OAUTH2_PROXY_PROVIDER
value: oidc
- name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME
value: OKTA
- name: OAUTH2_PROXY_COOKIE_SECRET
value: s3cr3tK3yTh4tIsV3ryS3cur3AndR4nd0m==
- name: OAUTH2_PROXY_COOKIE_DOMAINS
value: localhost:4180
- name: OAUTH2_PROXY_COOKIE_SECURE
value: 'false'
- name: OAUTH2_PROXY_EMAIL_DOMAINS
value: '*'
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: https://<your-okta-domain>/oauth2/default
- name: OAUTH2_PROXY_CLIENT_ID
value: <your-client-id>
- name: OAUTH2_PROXY_CLIENT_SECRET
value: <your-client-secret>
- name: OAUTH2_PROXY_UPSTREAMS
value: http://localhost:4000
- name: OAUTH2_PROXY_HTTP_ADDRESS
value: http://0.0.0.0:4180
- name: OAUTH2_PROXY_REVERSE_PROXY
value: 'true'
- name: OAUTH2_PROXY_SKIP_AUTH_ROUTES
value: ^/grafana.*
```
After making these changes, redeploy the Helm chart:
```shell
helm upgrade devlake devlake/devlake --values values.yaml
```
By following these steps, you should be able to resolve the issue and ensure
that the `oauth2-proxy` is correctly handling authentication.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
