Cant access openshift web console

[jsakil14]

today when I was trying to launch the okd console , I was greeted with below message
:

Please configure authentication to use the web console.

Not sure , if there is a new image pushed and might be need to patch notes...Trying to troubleshoot this one, any help appreciated

[jsakil14]

hi, thanks for the issue,
can you describe the proccess of launching the okd console ?
a. what cluster, what is installed on it
b. how did you install the console, namespacee, image, CRDs ...
c. if you can screenshot of problem

1 reply 1 new
@jsakil14
jsakil14
3 hours ago
Author
a. Kubevirt cluster - 3 node physical
b. Used ci/deploy-console.sh & additional components from the ci/ & yaml/ folders
c. I cant attach images here , it is basically node port connected over browser giving the output as below:

Please configure authentication to use the web console.

logs from console pod

k logs console-798cf56f96-xh88k
I0902 07:16:33.814995 1 main.go:214] The following console plugins are enabled:
I0902 07:16:33.815031 1 main.go:216] - forklift-console-plugin
W0902 07:16:33.815039 1 authoptions.go:112] Flag inactivity-timeout is set to less then 300 seconds and will be ignored!
W0902 07:16:33.815211 1 authoptions.go:259] console is disabled -- no authentication method configured
I0902 07:16:33.815256 1 main.go:634] Binding to 0.0.0.0:9000...
I0902 07:16:33.815272 1 main.go:636] using TLS
2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:57769: remote error: tls: unknown certificate
2024/09/02 07:16:39 http: TLS handshake error from 172.16.149.19:51679: remote error: tls: unknown certificate
2024/09/02 07:16:40 http: TLS handshake error from 172.16.149.19:62944: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:45346: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:43350: remote error: tls: unknown certificate
2024/09/02 07:16:42 http: TLS handshake error from 172.16.149.19:36632: remote error: tls: unknown certificate
console deployment output:

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "2"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"console","namespace":"konveyor-forklift"},"spec":{"replicas":1,"selector":{"matchLabels":{"name":"console"}},"template":{"metadata":{"labels":{"name":"console"}},"spec":{"containers":[{"env":[{"name":"BRIDGE_USER_AUTH","value":"disabled"},{"name":"BRIDGE_LISTEN","value":"https://0.0.0.0:9000"},{"name":"BRIDGE_TLS_CERT_FILE","value":"/var/run/secrets/console-serving-cert/tls.crt"},{"name":"BRIDGE_TLS_KEY_FILE","value":"/var/run/secrets/console-serving-cert/tls.key"},{"name":"BRIDGE_PLUGINS","value":"forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080"},{"name":"BRIDGE_PLUGIN_PROXY","value":"{"services":[\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",\n "endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n },\n {\n "consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",\n "endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",\n "authorize":true\n }]}\n"}],"image":"quay.io/openshift/origin-console:latest","name":"console","volumeMounts":[{"mountPath":"/var/run/secrets/console-serving-cert","name":"console-serving-cert"},{"mountPath":"/etc/ssl/certs/forklift-ca.crt","name":"forklift-cert","subPath":"ca.crt"}]}],"serviceAccountName":"console","volumes":[{"name":"forklift-cert","secret":{"secretName":"forklift-cert"}},{"name":"console-serving-cert","secret":{"secretName":"console-serving-cert"}}]}}}}
creationTimestamp: "2024-09-02T07:10:02Z"
generation: 2
name: console
namespace: konveyor-forklift
resourceVersion: "187602490"
uid: cd3cc6a3-3aa3-4788-867f-1beb44a5c9db
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: console
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
name: console
spec:
containers:
- env:
- name: BRIDGE_USER_AUTH
value: disabled
- name: BRIDGE_LISTEN
value: https://0.0.0.0:9000
- name: BRIDGE_TLS_CERT_FILE
value: /var/run/secrets/console-serving-cert/tls.crt
- name: BRIDGE_TLS_KEY_FILE
value: /var/run/secrets/console-serving-cert/tls.key
- name: BRIDGE_PLUGINS
value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
- name: BRIDGE_PLUGIN_PROXY
value: |
{"services":[
{
"consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/forklift-inventory/",
"endpoint":"https://forklift-inventory.konveyor-forklift.svc.cluster.local:8443",
"authorize":true
},
{
"consoleAPIPath":"/api/proxy/plugin/forklift-console-plugin/must-gather-api/",
"endpoint":"https://must-gather-api.konveyor-forklift.svc.cluster.local:8443",
"authorize":true
}]}
image: quay.io/openshift/origin-console:latest
imagePullPolicy: Always
name: console
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/console-serving-cert
name: console-serving-cert
- mountPath: /etc/ssl/certs/forklift-ca.crt
name: forklift-cert
subPath: ca.crt
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: console
serviceAccountName: console
terminationGracePeriodSeconds: 30
volumes:
- name: forklift-cert
secret:
defaultMode: 420
secretName: forklift-cert
- name: console-serving-cert
secret:
defaultMode: 420
secretName: console-serving-cert
status:
availableReplicas: 1
conditions:

• lastTransitionTime: "2024-09-02T07:10:22Z"
  lastUpdateTime: "2024-09-02T07:10:22Z"
  message: Deployment has minimum availability.
  reason: MinimumReplicasAvailable
  status: "True"
  type: Available
• lastTransitionTime: "2024-09-02T07:10:02Z"
  lastUpdateTime: "2024-09-02T07:16:31Z"
  message: ReplicaSet "console-798cf56f96" has successfully progressed.
  reason: NewReplicaSetAvailable
  status: "True"
  type: Progressing
  observedGeneration: 2
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

[jsakil14]

UPDATE:
I reverted to old version of image: quay.io/openshift/origin-console:4.9.0 instead of image: quay.io/openshift/origin-console:latest ; which seems to have resolved the issue with authentication - Going through the image files, seems like only noticeable change is OS is moved to rhel9 from older rhel8 - but dont know what env. variable it is looking for...

spec:
      containers:
      - env:
        - name: BRIDGE_USER_AUTH
          value: disabled
        - name: BRIDGE_LISTEN
          value: https://0.0.0.0:9000
        - name: BRIDGE_TLS_CERT_FILE
          value: /var/run/secrets/console-serving-cert/tls.crt
        - name: BRIDGE_TLS_KEY_FILE
          value: /var/run/secrets/console-serving-cert/tls.key
        - name: BRIDGE_PLUGINS
          value: forklift-console-plugin=http://forklift-console-plugin.konveyor-forklift.svc.cluster.local:8080
        - name: BRIDGE_PLUGIN_PROXY

[jsakil14]

BUMP!

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale