Cannot start ocis 5.0.0-beta.2 using helm charts

[saw-jan]

Description

Trying to deploy ocis in k8s using helm in minikube single cluster setup but some service pods cannot start.

Tools:

• minikube: v1.32.0
• helm: v3.13.3
• k8s: v1.28.1

❗ Most of the pods cannot start.

$ kubectl get pods
                         
NAME                                 READY   STATUS             RESTARTS      AGE
appregistry-7f8889995f-9kkdm         0/1     CrashLoopBackOff   7 (37s ago)   13m
audit-cc7fbb7df-9vhs7                1/1     Running            0             13m
authmachine-f648ff95d-gm5fw          0/1     CrashLoopBackOff   7 (18s ago)   13m
eventhistory-54d7bbf758-ntgjk        1/1     Running            0             13m
frontend-865987d757-rlm6t            0/1     CrashLoopBackOff   7 (41s ago)   13m
gateway-7846c55c5f-l8zdc             0/1     CrashLoopBackOff   7 (66s ago)   13m
graph-7874c9b4f6-sfhl5               0/1     CrashLoopBackOff   7 (26s ago)   13m
groups-6fb495457f-lrgcb              0/1     CrashLoopBackOff   7 (28s ago)   13m
idm-5cc5754f99-s6vfh                 1/1     Running            0             13m
idp-66b5b45b68-s8wpn                 0/1     CrashLoopBackOff   7 (40s ago)   13m
nats-f769886cc-bh7b8                 1/1     Running            0             13m
ocdav-5d56899745-8lg5v               1/1     Running            0             13m
ocs-7b8468f4dd-bf548                 0/1     CrashLoopBackOff   7 (30s ago)   13m
postprocessing-86478694df-pgrqd      1/1     Running            0             13m
proxy-9c75874b6-ghcbm                0/1     CrashLoopBackOff   7 (32s ago)   13m
search-f95ff6798-6gjkn               1/1     Running            0             13m
settings-6ffb895b74-d4njc            0/1     CrashLoopBackOff   7 (27s ago)   13m
sharing-fbd659dd5-p6cnw              0/1     CrashLoopBackOff   7 (58s ago)   13m
storagepubliclink-54859d8c75-n759q   0/1     CrashLoopBackOff   7 (16s ago)   13m
storageshares-5c667bcfc9-7f2dt       0/1     CrashLoopBackOff   7 (61s ago)   13m
storagesystem-d5d858fc-d2t96         0/1     CrashLoopBackOff   7 (65s ago)   13m
storageusers-77559997f6-s7dzt        0/1     CrashLoopBackOff   7 (70s ago)   13m
store-7584cd9676-t5kms               1/1     Running            0             13m
thumbnails-5b9bfb7c5-ms6v7           0/1     CrashLoopBackOff   7 (36s ago)   13m
userlog-7c49954785-r92wm             0/1     CrashLoopBackOff   7 (7s ago)    13m
users-5b54c6c949-kr4k7               0/1     CrashLoopBackOff   7 (22s ago)   13m
web-5bb47794bd-4sxsk                 0/1     CrashLoopBackOff   7 (37s ago)   13m
webdav-c67f5fd46-qzx2f               0/1     CrashLoopBackOff   7 (45s ago)   13m
webfinger-84c95c56b9-fdp2k           1/1     Running            0             13m

$ kubectl logs appregistry-7f8889995f-9kkdm

{"level":"info","service":"app-registry","time":"2023-12-27T10:24:47Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:17","message":"registering external service com.owncloud.api.app-registry-8096f32e-2add-4897-a520-115de14f7f08@10.244.0.205:9242"}
{"level":"fatal","service":"app-registry","error":"parse \"127.0.0.1:9233/api/v1/namespaces/default/pods/appregistry-7f8889995f-9kkdm\": first path segment in URL cannot contain colon","time":"2023-12-27T10:24:47Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:21","message":"Registration error for external service com.owncloud.api.app-registry"}

Steps:

1. Change ocis tag in charts/ocis/Chart.yaml

   appVersion: 5.0.0-beta.2
   

2. Follow docs: https://doc.owncloud.com/ocis/next/deployment/container/orchestration/orchestration.html#helm

[saw-jan]

Same with next branch

Logs:

$ kubectl get pods

NAME                                 READY   STATUS             RESTARTS        AGE
appregistry-6b964464fc-htm6j         0/1     CrashLoopBackOff   6 (3m4s ago)    10m
audit-948d7b87c-9rpdj                1/1     Running            0               10m
authmachine-77547b56f8-hrs7p         0/1     CrashLoopBackOff   6 (71s ago)     10m
authservice-66c65f6555-kspms         0/1     CrashLoopBackOff   6 (2m41s ago)   10m
clientlog-cdb76fb4c-k9wzs            1/1     Running            0               10m
eventhistory-5c7477c958-7879j        1/1     Running            0               10m
frontend-654c8d7cb5-rmhr8            0/1     CrashLoopBackOff   6 (3m3s ago)    10m
gateway-ff7b95b4c-wrrcn              0/1     CrashLoopBackOff   6 (99s ago)     10m
graph-564d459bc5-b966m               0/1     CrashLoopBackOff   6 (24s ago)     10m
groups-c47cfc58c-z6cwz               0/1     CrashLoopBackOff   6 (87s ago)     10m
idm-7b864c494c-zv9zc                 1/1     Running            0               10m
idp-66f96544d4-vkpn5                 0/1     CrashLoopBackOff   6 (107s ago)    10m
nats-6cb5fc6449-mvknv                1/1     Running            0               10m
ocdav-868969bdd9-qhhs8               1/1     Running            0               10m
ocs-8669796fd7-9hmqb                 0/1     CrashLoopBackOff   6 (2m52s ago)   10m
postprocessing-796cb4584f-hdbgn      1/1     Running            0               10m
proxy-b588948fb-4tw5b                0/1     CrashLoopBackOff   6 (2m58s ago)   10m
search-8bb99fc86-5rcfw               1/1     Running            0               10m
settings-85bcdd6f8f-4g2d8            0/1     CrashLoopBackOff   6 (81s ago)     10m
sharing-c9bf5fdb5-9bljw              0/1     CrashLoopBackOff   6 (2m47s ago)   10m
sse-6d5f865575-n7qs7                 0/1     CrashLoopBackOff   6 (2m39s ago)   10m
storagepubliclink-7d794db69f-bjn8r   0/1     CrashLoopBackOff   6 (2m50s ago)   10m
storageshares-7d8b584bf9-hpg8x       0/1     CrashLoopBackOff   6 (109s ago)    10m
storagesystem-7dc57c465c-m2s54       0/1     CrashLoopBackOff   6 (111s ago)    10m
storageusers-6dc747ccbb-ltl8m        0/1     CrashLoopBackOff   6 (49s ago)     10m
store-6f7d54769b-zzwlr               1/1     Running            0               10m
thumbnails-67549497c5-jhg6l          0/1     CrashLoopBackOff   6 (64s ago)     10m
userlog-fbddbfc9f-8mzsg              0/1     CrashLoopBackOff   6 (17s ago)     10m
users-77bfb4b77c-f98t6               0/1     CrashLoopBackOff   6 (90s ago)     10m
web-6899bd87b-twpv9                  0/1     CrashLoopBackOff   6 (2m43s ago)   10m
webdav-576cbd4958-m2ftt              0/1     CrashLoopBackOff   6 (29s ago)     10m
webfinger-57f4d5f669-f8n6g           1/1     Running            0               10m

$ kubectl logs appregistry-6b964464fc-htm6j

{"level":"info","service":"app-registry","time":"2023-12-28T10:53:28Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:17","message":"registering external service com.owncloud.api.app-registry-7067c237-9919-4714-8e75-6b8b597d164b@10.244.0.6:9242"}
{"level":"fatal","service":"app-registry","error":"parse \"127.0.0.1:9233/api/v1/namespaces/default/pods/appregistry-6b964464fc-htm6j\": first path segment in URL cannot contain colon","time":"2023-12-28T10:53:28Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:21","message":"Registration error for external service com.owncloud.api.app-registry"}

[wkloucek]

master branch is only compatible to oCIS 4
next branch is only compatible to oCIS 5, but I didn't test 5.0.0-beta.2 so far

[kobergj]

next is currently broken. I'm working on it.

[wkloucek]

@saw-jan next now supports oCIS 5.0.0-rc.2

[saw-jan]

Tried to run again with minikube following docs.

• All pods are running ✔️
• Cannot login to ocis ❌ (500 error)
  

CC @wkloucek

[wkloucek]

@saw-jan are all pods up and running?

Could you please paste the output of kubectl -n ocis get pods ?

[saw-jan]

are all pods up and running?

yeah, they all seem running

I ran with default namespace. here's the output

$ kubectl -n default get pods

NAME                                 READY   STATUS    RESTARTS      AGE
appregistry-59f5f77dd9-l9scb         1/1     Running   2 (67m ago)   69m
audit-656bd94d74-vrvz5               1/1     Running   0             69m
authmachine-7c9d75f688-dtzqs         1/1     Running   0             69m
authservice-79bd66d9f9-kmfhl         1/1     Running   3 (68m ago)   69m
clientlog-68d48bddb5-npmdr           1/1     Running   0             69m
eventhistory-675f578b58-ffpwd        1/1     Running   0             69m
frontend-7b9dbb5449-s2557            1/1     Running   0             39m
gateway-789bf9d89b-6qb8z             1/1     Running   0             39m
graph-8497f6f688-hqgfp               1/1     Running   0             39m
groups-dc74c4fcb-dfdsn               1/1     Running   0             39m
idm-67b668f7c5-dkzs8                 1/1     Running   0             69m
idp-54c5577f87-j64gn                 1/1     Running   0             38m
nats-d99f856cb-gkv54                 1/1     Running   0             69m
ocdav-7899744755-xjgmf               1/1     Running   0             39m
ocs-6d7755996b-hp8vf                 1/1     Running   0             39m
postprocessing-79cd557b5b-lm749      1/1     Running   0             69m
proxy-5d8fb79d56-jfgjm               1/1     Running   0             39m
search-569f6d548c-84bz5              1/1     Running   0             48m
settings-c9965ff44-2fkx2             1/1     Running   3 (68m ago)   69m
sharing-545b9d6597-zzhhr             1/1     Running   4 (67m ago)   69m
sse-5c49ddb866-fdjsh                 1/1     Running   0             69m
storagepubliclink-6d5dd868d9-bnn5p   1/1     Running   3 (68m ago)   69m
storageshares-587f7b6cc-6hq46        1/1     Running   0             69m
storagesystem-5dc56c94f8-lzdw8       1/1     Running   0             69m
storageusers-769fccff9b-dl69f        1/1     Running   3 (68m ago)   69m
store-56494bff78-ft5bb               1/1     Running   0             69m
thumbnails-5d84f6c5ff-qscgp          1/1     Running   0             48m
userlog-5c5859c5f6-w798c             1/1     Running   0             69m
users-7c864c89cb-s52xs               1/1     Running   0             38m
web-7d8bdfc9fd-r5qgh                 1/1     Running   0             38m
webdav-6694b459b9-clnk4              1/1     Running   0             38m
webfinger-6dc76988d6-hqf9r           1/1     Running   0             38m

[wkloucek]

could you please show me the logs of the proxy pod(s)?

[saw-jan]

$ kubectl logs proxy-5d8fb79d56-jfgjm     
                       
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"da3bd8d6c188f1839b8d63c714697679","traceid":"630b08437889fe8ef919cb3f667be7e6","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/","duration":18.917909,"bytes":7913,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"b29957409502d643dbe7c6c6339d032c","traceid":"5e938f0c2e931ddd1ac6ac2a4c454291","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/NoContentMessage-PHOFl5Vh.mjs","duration":0.356185,"bytes":2041,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"a35e238bbc7c864606bddc21d9272796","traceid":"fcbdb1b4b0e1c60f11625c6937c6ed72","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/SideBar-tS8F3sn9.mjs","duration":0.68885,"bytes":9648,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"9b5226330fe0779179247194f1ff1e86","traceid":"faa5e8136acd6671746fe1bc085757f5","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/buildUrl-POXgN7QP.mjs","duration":0.25446,"bytes":440,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"ee395c18bd7899942525998c91d0eb5a","traceid":"d8b3dfdf842908c67e9c3e08d0b7b8fd","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/useGetResourceContext-iCJd3SPF.mjs","duration":0.460816,"bytes":1402,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"fd292458a105d846e7f00da3b35c3d68","traceid":"35d04d9c0955f1363c7c0ab590266be6","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/AppTopBar-DHnV2Edv.mjs","duration":0.661963,"bytes":3309,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"ee3427d02770021e6bfb27dbd875c1ac","traceid":"1b970e03289090804c777f129a608e26","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/useAuthService-_kbUjSYK.mjs","duration":0.451093,"bytes":98,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"b80e436731b393793f9ee29b4673ec67","traceid":"62650d470b887693659be78e4dce1cf8","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/types-w6bxmaf3.mjs","duration":0.816202,"bytes":29,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"ef29e958e6b86c6c4ae78087aa92bcf3","traceid":"880f1464700a7bdb877595fac8177b30","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/Pagination-GvYBo3nj.mjs","duration":0.580289,"bytes":14355,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"63e41b011f412a28fd792f6ff228f827","traceid":"9913d5ce38a2d30a8f3083642923a82d","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/CompareSaveDialog-l39g34uu.mjs","duration":0.406024,"bytes":2257,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"5c398624f64a357afc082ca2e1e1d8f3","traceid":"85d34c1e54926af2375bb91ef8036427","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/useAppDefaults-pWrp4lYR.mjs","duration":0.916037,"bytes":3241,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"c1d19260f7fb138ddc6876313b73ca12","traceid":"6597dca14d828ac2c1a58cd1b70abee1","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/require.js","duration":8.547827,"bytes":86483,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"8f1d596199324ed109d52da5fa13101b","traceid":"a395124b514a19cf46626d18417b86aa","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/FileSideBar-R01CUSMN.mjs","duration":1.095937,"bytes":5017,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"62c1deab2edcbf36fea38d3f96e54676","traceid":"13b2ce6efe642238512552a6fa718446","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/authService-x4dKMt0c.mjs","duration":3.334257,"bytes":88917,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"95f18e8efe12c11cf0b20ea40cf0bfff","traceid":"0d50aa39f1fb3ce42198c506619c8ccf","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/useKeyboardActions-Uiwyx97P.mjs","duration":1.204112,"bytes":1352,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"21096facc6004871a78a0c84ec031050","traceid":"32c97b319339dc5f5ac1e6dacc877cc4","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/AppWrapperRoute-WR2T3jYN.mjs","duration":1.960065,"bytes":7473,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"89954959097474ab59829188529d236f","traceid":"755a388d0beec4dedc7254866770ac8d","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/SearchBarFilter-VSDMXhSI.mjs","duration":0.509629,"bytes":2496,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"60ffb4c43d1d8869a9ba2db7526e7103","traceid":"bba203fb3380fd27168b0a467a69e319","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/CreateLinkModal-3aFaUmty.mjs","duration":16.959059,"bytes":265048,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"4cf3173e0074245cfd8e6231fb1d0dfc","traceid":"4efb0ddc9a658415fc060445ee5d4f14","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/assets/style-FmEa7AGq.css","duration":9.908016,"bytes":285011,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"fef8635d54f84c03272ed2e51ee76ad5","traceid":"c131bdaaec6f565359d7f003fe27af8c","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/index.html-ZHQpx7wf.mjs","duration":33.037669,"bytes":491630,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"afaca8e7e427c6f0c3ee607f2b5ac152","traceid":"c3a4c8b5990ecd807cd3663c127d830d","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/vendor-Qpw5q4IY.mjs","duration":62.531223,"bytes":1941400,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"acd30446a63c4fe1c661d5fb72347e6c","traceid":"3e8b50dc2bddab80f916f44d3529c438","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/fonts/inter.css","duration":0.356542,"bytes":147,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"c71244bb-ef85-432b-ba28-e556d984d846","traceid":"805a52eeae90fba3cfe2a2251583b3f5","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/config.json","duration":0.546368,"bytes":915,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"6412cc34-284e-439b-bfa3-959e84328b57","traceid":"90666865bcf21e217df7835b994d42ad","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/themes/owncloud/theme.json","duration":0.901994,"bytes":7653,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"b320481e03d00dba4edde6967df9f619","traceid":"032d323ae2698045b4c76187ed9895c2","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/web-app-search-dZt7FXU_.mjs","duration":0.415731,"bytes":14222,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"b944019b0c4d6b08c18c9c4fd178458b","traceid":"2e042628a3d5cba398123c117e4a574c","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/web-app-text-editor-j50sKy7c.mjs","duration":0.40888,"bytes":5876,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"af371c762234826fe9502c23c23a1661","traceid":"0a3b7fd446d240232366335e65e52757","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/web-app-pdf-viewer-Gmk3FZZ9.mjs","duration":0.389956,"bytes":1845,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"d20cfb9c5992c0063e02afb8cbdcdafd","traceid":"53eeb8c3bef427047dadcee3b38c70ef","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/web-app-external-CC6M-RQj.mjs","duration":0.341856,"bytes":8876,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"de687f415a93fc99aa6ee97e105befbb","traceid":"24068176d779a5a155c670c64f6aa221","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/List-1KqNIo6M.mjs","duration":0.436415,"bytes":833,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"ca577e8c3a4001561aadc91d3c42174b","traceid":"10058bc51f9b61d088c1927f7ec29e9b","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/web-app-admin-settings-TahQLSqW.mjs","duration":7.81513,"bytes":191743,"time":"2024-01-23T04:16:32Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"043b63f323b532ba6dc73040e444ade2","traceid":"8fde4b839729f9a65a8f3054d830040f","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/web-app-preview-0jRx7vmW.mjs","duration":43.460851,"bytes":29026,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"80c59a061994e93c001fe8097690b32d","traceid":"f9ad4c6b251ec78e10d6e13773692b19","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/chunks/AppBanner-lngP_l1v.mjs","duration":0.650693,"bytes":1970,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"29f0ced74d3ce22c1d0d684cb057cf20","traceid":"0051252463a30d7879fe81ae7a78185d","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/fonts/inter.ttf","duration":81.981059,"bytes":803384,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"6b1813e221c5ec428f2494642933233a","traceid":"55abe6f3e10d33de6d2cf0307017f25f","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/js/web-app-files-lGAh9G6N.mjs","duration":53.076726,"bytes":449656,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"f7046a74bad48319969be19fefbdb109","traceid":"a359ccdaf26f6accccb3eec2e08a511b","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/favicon.ico","duration":0.539227,"bytes":7913,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"7a13062d93baa014ff32161d2577224f","traceid":"d2975b0cb3d6b9d849b4a6824ded223c","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/.well-known/openid-configuration","duration":1.558891,"bytes":1837,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"734d6d09865cb3c22e0109560432c921","traceid":"0dea7f93e96aefc63087dc8186263680","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/themes/owncloud/assets/loginBackground.jpg","duration":1.346022,"bytes":88069,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"93a337614d3be3f27924163eea4c5843","traceid":"111a791c1ba226d891587706d6eb0b2a","remote-addr":"192.168.49.1","method":"GET","status":302,"path":"/signin/v1/identifier/_/authorize","duration":0.413092,"bytes":0,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"f320e65b5d968088e43d21d5f30c4c41","traceid":"e74cbdcbf41e085878213ab16bc1f1cb","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/identifier","duration":0.345839,"bytes":913,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"37247013d4256e4c78b71c83c16a2dc2","traceid":"dc3d891c839be6df87b79100fcd133b3","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/css/8.b5f1a04b.chunk.css","duration":3.403441,"bytes":1832,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"1975540cf771c5bfe07c5d9d1873f78e","traceid":"1d2ed0145925dd4964e5dce30a67cacb","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/css/main.51329a5b.chunk.css","duration":3.129891,"bytes":1900,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"c47bea9aa6f38a0e77cf2a59492f013e","traceid":"a85f7e4992a8deebde4105c2853b45fb","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/main.c48f04d5.chunk.js","duration":1.013238,"bytes":5991,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"8904a34139c06ca8056fa94a3284a2d8","traceid":"cd882207b39fd80e9f50e397de2cdb14","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/runtime-main.344976e8.js","duration":2.702805,"bytes":2822,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"e4ffdd56ff6485b98dcc6eda58c2a3b2","traceid":"cf3ad13246c57c46b1cc37cffa1051e0","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/media/background.7296b9ab.jpg","duration":0.461421,"bytes":88069,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"a7355f391bb20a6001f65fbc7cf49a24","traceid":"86273897391c13ae11015adc5e7061f3","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/media/inter.aadb65ac.ttf","duration":1.863227,"bytes":803384,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"b8adf419a571f23b2ed611b1aac29f1e","traceid":"9d598416fafa315583e929b4ea0d5f0d","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/8.e8e55a49.chunk.js","duration":41.980481,"bytes":315970,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"381fc8e463a99ee551249d6f9d6fd7cd","traceid":"1db36d9ab4e24cbb25adf799b6fdf777","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/10.2636d47c.chunk.js","duration":0.414843,"bytes":28417,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"786bf03c4a78ca3638b8112f24da07f6","traceid":"2e170f9d6a9b8d78a9b3b939d3f70720","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/identifier-main.8566efb2.chunk.js","duration":0.225156,"bytes":1826,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"f70a420f7d620a30d45d735fa470f860","traceid":"ddc88cd1d2b12b92badb1f28c98c2b77","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/favicon.ico","duration":0.455268,"bytes":15086,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"0483dea7fb1ec1a0f7fb46d6296e9758","traceid":"cacb7e4d55f5289e4b5079679f516603","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/0.b899e7ca.chunk.js","duration":0.636684,"bytes":83005,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"1c3714b7688f5a3e89074e144ef3c65d","traceid":"fce678f309e15df4b4a0d250a72f5665","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/containers-login.eddbbaa6.chunk.js","duration":0.442624,"bytes":21942,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"101d4331e50713e63c404e01e09d80cb","traceid":"d9587eb04484a21668bee7d989e39e75","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/all-i18n-data.ce6d6c6c.chunk.js","duration":0.402568,"bytes":7560,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"43142687976d8734477f51056b2af4f5","traceid":"429c7b6787d94870cdfad2a6c13ffb03","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/js/9.8b9d1d1a.chunk.js","duration":49.265883,"bytes":49285,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"0f0ccd14d8417f3d71a094801827e942","traceid":"723390905a4005d77bee18ce2d56ebd2","remote-addr":"192.168.49.1","method":"GET","status":200,"path":"/signin/v1/static/logo.svg","duration":0.386897,"bytes":9896,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"a2b8708eeaeef15bc94c719a5ff11670","traceid":"a1548ae440fab86fc35bd48baeb92c69","remote-addr":"192.168.49.1","method":"POST","status":200,"path":"/signin/v1/identifier/_/hello","duration":0.532556,"bytes":86,"time":"2024-01-23T04:16:33Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"86ccd9c91868c350d75c6a5fb737f590","traceid":"4d929cedcd75957e6b0ee007d45c56db","remote-addr":"192.168.49.1","method":"POST","status":500,"path":"/signin/v1/identifier/_/logon","duration":68.890383,"bytes":44,"time":"2024-01-23T04:16:35Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}

[wkloucek]

That's something with the builtin IDP: "method":"POST","status":500,"path":"/signin/v1/identifier/_/logon"

could you please look at the IDP logs?

[saw-jan]

here is the idp logs. Did I not setup the secrets properly?

$ kubectl logs idp-54c5577f87-j64gn                                                                        

{"level":"info","service":"idp","file":"/etc/ocis/idp/encryption.key","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"loading encryption secret from file"}
{"level":"info","service":"idp","path":"/etc/ocis/idp/private-key.pem","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"loading signing key"}
{"level":"warn","service":"idp","kid":"private-key","path":"/etc/ocis/idp/private-key.pem","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"skipped as signer with same kid already loaded"}
{"level":"info","service":"idp","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"encryption set up with 32 key size"}
{"level":"info","service":"idp","ldap":"ldaps://idm:9235 ","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"ldap server identifier backend set up"}
{"level":"info","service":"idp","security":"A256GCM:A256GCMKW","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"identifier set up"}
{"level":"info","service":"idp","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"using identifier backed identity manager"}
{"level":"info","service":"idp","claims":["name","family_name","given_name","email","email_verified"],"name":"ldap","scopes":["offline_access","LibreGraph.RawSub","profile","email","LibgreGraph.UUID"],"time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"identity manager set up"}
{"level":"info","service":"idp","alg":"PS256","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"set provider signing alg"}
{"level":"info","service":"idp","id":"private-key","method":"*jwt.SigningMethodRSAPSS","type":"*rsa.PrivateKey","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"set provider signing key"}
{"level":"info","service":"idp","id":"private-key","type":"*rsa.PublicKey","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"set provider validation key"}
{"level":"info","service":"idp","id":"default","type":"*rsa.PublicKey","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"set provider validation key"}
{"level":"info","service":"idp","alg":"PS256","id":"private-key","method":"*jwt.SigningMethodRSAPSS","time":"2024-01-23T07:04:51Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"oidc token signing default set up"}
{"level":"error","service":"idp","error":"ldap identifier backend logon connect error: LDAP Result Code 49 \"Invalid Credentials\": ","time":"2024-01-23T07:21:27Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"identifier failed to logon with backend"}

[wkloucek]

here is the idp logs. Did I not setup the secrets properly?

I guess you didn't do anything wrong because they are set up automatically.

May it happended that you uninstalled oCIS via helmfile destroy or by deleting the namespaces?

If so you may run into a minikube thing:

Minikube uses the hostpath provisioner for volumes and it's a quite incomplete implementation. If you delete PVCs / PVs the content on disk will actually not deleted. You need to manually delete it (or recreate the minikube cluster):

minikube ssh
sudo rm -rf /tmp/hostpath-provisioner/*

The problem with this is, that we recreate secrets during oCIS install if there are none. But the IDM takes the database from the previous installation because it was not deleted on disk 😮‍💨 Therefore you have a credential mismatch

Please let me know if that solves your problem

[saw-jan]

Hmm, the working deployment stopped working after this step:
kubectl apply -f ./builtin-user-mgmt-secrets.yaml (file from https://doc.owncloud.com/ocis/next/deployment/container/orchestration/tab-pages/builtin-user-mgmt-secrets-tab-1.html)
and

helm upgrade --install --reset-values \
    ocis ./charts/ocis

maybe I just messed up while creating secrets in builtin-user-mgmt-secrets.yaml file or there's missing something

[wkloucek]

It's a optional thing now. If they are not there they will be created automatically.

[saw-jan]

I found out that admin-user secret is causing login issue.

---
apiVersion: v1
kind: Secret
metadata:
  name: admin-user # default for secreRefs.adminUserSecretRef
type: Opaque
data:
  # how to generate: base64 encode a UUID V4
  # example generation command: `cat /proc/sys/kernel/random/uuid | tr -d '\n' | base64`
  user-id: XXXXXXXXXXXXX

  # how to generate: base64 encode a random string (reasonable long and mixed characters)
  # example generation command: `tr -cd '[a-zA-Z0-9],.' < /dev/urandom | fold -w 50 | head -n 1 | tr -d '\n' | base64`
  password: XXXXXXXXXXXXX

And after it is applied, I cannot login even after deleting that secret

$ kubectl delete secret admin-user
$ helm upgrade --install --reset-values ocis ./charts/ocis

[saw-jan]

more narrowed. password was causing problem. maybe the command to generate pass has changed now?

# how to generate: base64 encode a random string (reasonable long and mixed characters)
# example generation command: `tr -cd '[a-zA-Z0-9],.' < /dev/urandom | fold -w 50 | head -n 1 | tr -d '\n' | base64`
password: XXXXXXXXXXXXX