Unsuccessfull login with keycloak oidc over k8s dashboard

[samsja]

Environment

Installation method: via helm with this chart https://github.com/funkypenguin/helm-kubernetes-dashboard
Kubernetes version: v1.14.10-gke.27
Dashboard version: 2.0.0

Steps to reproduce

helm install --namespace monitoring k8s-dashboard funkypenguin-kubernetes-dashboard/kubernetes-dashboard -f k8s/monitoring/staging/k8s-dashboard/values.yaml

protocolHttp: True
extraArgs:
--enable-insecure-login

I got a Https redirection that is why protocol http is allowed.

Then I add a open id connect gateway : keycloak , via a kong ingress plugin.

Observed result

When I connect via the Kong ( based on nginx) loadbalancer and with the keycloak protection, when I hit sign in nothing happened, no errors in the logs, and I can't pass the login pages ...

Expected result

When I do a portforward of the dashboard service, I am able to connect with the kubeconfig, so I am assuming the issue come from a incompatibility with the oidc protocol somewhere.

Comments

It looks like it is a frontend protection and that the button does not work in this case.

Any idea on what could stop me from login in ?

Thanks in advance.

Samsja

[samsja]

turns out that with the same config it worked on google chrome, but not on firefox. I am suspected a bug.

Any idea ?

[floreks]

If you want to access Dashboard via HTTP it is only possible if domain/ip is localhost/127.0.0.1. URL in the browser is the on that matters. In every other case, you have to use HTTPS. You can also skip login view if your proxy forwards an Authorization header to the Dashboard. I don't think browser matters here. I have tested such setups both in Firefox and in Chrome.