Unable to authenticate Oauth using Google

[christiandornerintelipost]

Describe the bug

We are currently unable to authenticate using OAuth with Google. The issue arises from the redirect_url being generated with http instead of https.

Our application is running in a Kubernetes environment, and we have configured the necessary settings to handle forwarded headers. Specifically, the service is configured with the annotation nginx.ingress.kubernetes.io/use-forwarded-headers: "true", and our Ingress also has the annotation use-forwarded-headers: "true". Despite these configurations, the redirect_url continues to be generated with http, which is causing authentication failures.

We would appreciate any guidance on how to resolve this issue.

A clear and concise description of what the bug is.

Running Pgadmin 8.12

This is my config_local.py

AUTHENTICATION_SOURCES = ['internal', 'oauth2']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [
    {
        'OAUTH2_NAME': 'Google',
        'OAUTH2_DISPLAY_NAME': 'Google',
        'OAUTH2_CLIENT_ID': '<ID>',
        'OAUTH2_CLIENT_SECRET': '<SECRET>',
        'OAUTH2_TOKEN_URL': 'https://oauth2.googleapis.com/token',
        'OAUTH2_AUTHORIZATION_URL': 'https://accounts.google.com/o/oauth2/auth',
        'OAUTH2_SERVER_METADATA_URL': 'https://accounts.google.com/.well-known/openid-configuration',
        'OAUTH2_API_BASE_URL': 'https://openidconnect.googleapis.com/v3/',
        'OAUTH2_USERINFO_ENDPOINT': 'userinfo',
        'OAUTH2_SCOPE': 'openid email',
        'OAUTH2_USERNAME_CLAIM': None,
        'OAUTH2_ICON': 'fa-google',
        'OAUTH2_BUTTON_COLOR': '#3253a8',
        'OAUTH2_ADDITIONAL_CLAIMS': None,
        'OAUTH2_SSL_CERT_VERIFICATION': True,
        'OAUTH2_LOGOUT_URL': None
    }
]

[udit-001]

+1, I'm facing the same issue when trying to deploy this using docker

[yogeshmahajan-1903]

@christiandornerintelipost , @udit-001
What is redirect url mentioned in OAuth2 app resisted with Google? Same url will be used for redirection.

[christiandornerintelipost]

@yogeshmahajan-1903 Thank you for your response.

The redirect URL registered in the OAuth2 app with Google is something like this https://pgadmin.internal.com/oauth2/authorize, which is set to use HTTPS. This is the URL we expect Google to use for redirection after authenticating with then.

However, the issue is that PgAdmin is generating the redirect_url with http instead of https during the authentication process, which is causing the authentication to fail. Importante to notice is that during the authentication flow I need to send this request_uri again, so Google can match with the one I previous registered.

This happens despite having both the Ingress and service configured with the necessary annotations to handle forwarded headers:

1.	Service annotation: nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
2.	Ingress annotation: use-forwarded-headers: "true"

Additionally, we’ve set PREFERRED_URL_SCHEME = 'https' in our config_local.py, but the redirect URL is still generated as http. It appears the forwarded headers are not being respected during the redirection process.

Could you provide any further guidance on ensuring that PgAdmin generates the redirect_url with https?

[yogeshmahajan-1903]

@christiandornerintelipost
I am not able to reproduce the issue. I have been successfully redirect to https url.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pgadmin
  template:
    metadata:
      labels:
        app: pgadmin
    spec:
      containers:
      - name: pgadmin
        image: dpage/pgadmin4
        env:
        - name: PGADMIN_DEFAULT_EMAIL
          value: "edb@edb.com"  # Set your admin email
        - name: PGADMIN_DEFAULT_PASSWORD
          value: "adminedb"               # Set your admin password
        - name: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
          value: "['oauth2','internal']"
        - name: PGADMIN_CONFIG_OAUTH2_CONFIG
          value: |
                [
                  {   
                      
                      'OAUTH2_NAME': 'google',
                      'OAUTH2_DISPLAY_NAME': 'Google',
                      'OAUTH2_CLIENT_ID': '<id>',
                      'OAUTH2_CLIENT_SECRET': '<secret>,
                      'OAUTH2_TOKEN_URL': 'https://www.googleapis.com/oauth2/v4/token',
                      'OAUTH2_AUTHORIZATION_URL': 'https://accounts.google.com/o/oauth2/auth',
                      'OAUTH2_API_BASE_URL': 'https://www.googleapis.com/oauth2/v3/',
                      'OAUTH2_USERINFO_ENDPOINT': 'userinfo',
                      'OAUTH2_ICON': 'fa-google',
                      'OAUTH2_BUTTON_COLOR': '#3253a8',
                      'OAUTH2_SERVER_METADATA_URL': 'https://accounts.google.com/.well-known/openid-configuration'
                  }
                ]
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: pgadmin
spec:
  type: ClusterIP
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: pgadmin

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pgadmin-ingress
  annotations:
    #nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
spec:
  tls:
  - hosts:
    - pgadmin.local.com  # Replace with your desired domain
    secretName: pgadmin-tlstest  # Name of the secret where the TLS cert will be stored
  rules:
  - host: pgadmin.local.com  # Use a local domain name for Minikube
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: pgadmin
            port:
              number: 80

May you can share you deployment yaml. Also pgadmin does not redirect after authentication. Its response which received from OAuth2 provider. Can you please check what is redirect uri passed in api call 'https://accounts.google.com/o/oauth2/auth?'?

Note - Can you please explain more about this line? - Importante to notice is that during the authentication flow I need to send this request_uri again, so Google can match with the one I previous registered.

[christiandornerintelipost]

When calling /authenticate/login I receive a 302 with Location

https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=<ID>&redirect_uri=http%3A%2F%2Fpgadmin.us-east-1.qa.ip-apps.com.br%2Foauth2%2Fauthorize&scope=openid+email&state=uNd7QIpfcUbvnxmXqaowHo4o4VzuUq&nonce=X05JPn47rodXiXacaEAA

As you can see the redirect_uri is http and not https

[yogeshmahajan-1903]

@christiandornerintelipost
Here is what I get with above deployment

Can you please share your deployment.yaml?

[Tereorik]

We faced the same problem, fixed it by adding PROXY_X_PROTO_COUNT and PROXY_X_PORT_COUNT = 4 (the number of http proxies before the pod in our case: [x2 haproxy] -> [ingress] -> [nginx pod for the URL path prefix]).

It may be worth mentioning in the documentation what redirect_uri consists of (where do the scheme, host, port, and uri path come from).

Also attaching full deployment manifest with working OAuth2 authentication (it`s for development only - there is no TLS, backups and any security hardening, so use it just as reference, not for copy-paste deployment), maybe this will help someone.

Full deployment manifest

---
apiVersion: v1
kind: Namespace
metadata:
  name: pgadmin
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pgadmin
  namespace: pgadmin
spec:
  ingressClassName: nginx
  rules:
  - host: example.local
    http:
      paths:
      - path: /pgadmin
        pathType: Prefix
        backend:
          service:
            name: pgadmin-nginx
            port:
              name: http
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: pgadmin-nginx-conf
  namespace: pgadmin
data:
  nginx.conf: |
    user nginx;
    worker_processes  auto;
    error_log  /dev/stdout;
    events {
      worker_connections  10240;
    }
    http {
      log_format  main
              'remote_addr:$remote_addr\t'
              'time_local:$time_local\t'
              'method:$request_method\t'
              'uri:$request_uri\t'
              'host:$host\t'
              'status:$status\t'
              'bytes_sent:$body_bytes_sent\t'
              'referer:$http_referer\t'
              'useragent:$http_user_agent\t'
              'forwardedfor:$http_x_forwarded_for\t'
              'request_time:$request_time';
      access_log /dev/stdout;
      server {
          listen       80;
          server_name  _;
          location / {
              root   html;
              index  index.html index.htm;
          }
      }
      include /etc/nginx/virtualhost/virtualhost.conf;
    }
  virtualhost.conf: |
    server {
      listen 80 default_server;
      location / {
        proxy_set_header X-Script-Name /pgadmin;
        proxy_set_header X-Scheme https;
        proxy_set_header Host $host;
        proxy_pass http://pgadmin-app:80/;
        proxy_redirect off;
      }
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin-nginx
  namespace: pgadmin
  labels:
    app: pgadmin-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pgadmin-nginx
  template:
    metadata:
      labels:
        app: pgadmin-nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.27.2
        ports:
        - containerPort: 80
          name: http
        resources:
          limits:
            cpu: 1
            memory: 1Gi
          requests:
            cpu: 200m
            memory: 256Mi
        volumeMounts:
        - mountPath: /etc/nginx
          readOnly: true
          name: nginx-conf
      volumes:
      - name: nginx-conf
        configMap:
          name: pgadmin-nginx-conf
          items:
            - key: nginx.conf
              path: nginx.conf
            - key: virtualhost.conf
              path: virtualhost/virtualhost.conf
---
apiVersion: v1
kind: Service
metadata:
  name: pgadmin-nginx
  namespace: pgadmin
spec:
  selector:
    app: pgadmin-nginx
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: http
---
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
  name: pgadmindb
  namespace: pgadmin
spec:
  teamId: "pgadmin"
  volume:
    size: 10Gi
  numberOfInstances: 2
  users:
    pgadmin: 
    - createdb
  databases:
    pgadmindb: pgadmin
  postgresql:
    version: "16"
    parameters:
      password_encryption: scram-sha-256
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin
  namespace: pgadmin
  labels:
    app: pgadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pgadmin
  template:
    metadata:
      labels:
        app: pgadmin
    spec:
      containers:
      - name: pgadmin
        image: dpage/pgadmin4:8.12
        ports:
        - containerPort: 80
          name: pgadmin-app
        env:
        - name: PGADMIN_DEFAULT_EMAIL
          value: user@example.local
        - name: PGADMIN_DEFAULT_PASSWORD
          value: secret
        - name: PGADMIN_DISABLE_POSTFIX
          value: "true"
        - name: PGADMIN_CONFIG_CONFIG_DATABASE_URI
          value: "'postgresql://pgadmin@pgadmindb:5432/pgadmindb'"
        - name: PGPASSWORD
          valueFrom:
            secretKeyRef:
              name: pgadmin.pgadmindb.credentials.postgresql.acid.zalan.do
              key: password
        - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION
          value: "False"
        - name: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
          value: "['oauth2', 'internal']"
        - name: PGADMIN_CONFIG_OAUTH2_CONFIG
          value: "[
              {
                'OAUTH2_NAME': 'Keycloak',
                'OAUTH2_DISPLAY_NAME': 'Keycloak',
                'OAUTH2_CLIENT_ID': 'pgadmin',
                'OAUTH2_CLIENT_SECRET': 'secret',
                'OAUTH2_TOKEN_URL': 'https://example.local/auth/realms/Example/protocol/openid-connect/token',
                'OAUTH2_AUTHORIZATION_URL': 'https://example.local/auth/realms/Example/protocol/openid-connect/auth',
                'OAUTH2_SERVER_METADATA_URL': 'https://example.local/auth/realms/Example/.well-known/openid-configuration',
                'OAUTH2_API_BASE_URL': 'https://example.local/auth/realms/Example',
                'OAUTH2_USERINFO_ENDPOINT': 'https://example.local/auth/realms/Example/protocol/openid-connect/userinfo',
                'OAUTH2_SCOPE': 'openid email profile',
                'OAUTH2_USERNAME_CLAIM': 'preferred_username',
                'OAUTH2_ICON': None,
                'OAUTH2_BUTTON_COLOR': None,
                'OAUTH2_ADDITIONAL_CLAIMS': {
                    'groups': ['example_group'],
                },
                'OAUTH2_SSL_CERT_VERIFICATION': True,
                'OAUTH2_LOGOUT_URL': None
              }
            ]"
        - name: PGADMIN_CONFIG_PROXY_X_PROTO_COUNT
          value: '4'
        - name: PGADMIN_CONFIG_PROXY_X_PORT_COUNT
          value: '4'
        resources:
          limits:
            memory: 4Gi
          requests:
            cpu: 200m
            memory: 256Mi
---
apiVersion: v1
kind: Service
metadata:
  name: pgadmin-app
  namespace: pgadmin
spec:
  selector:
    app: pgadmin
  ports:
    - name: pgadmin-app
      protocol: TCP
      port: 80
      targetPort: pgadmin-app

[christiandornerintelipost]

Hi @yogeshmahajan-1903, I set my oauth data directly on local_config.py

-- configmap
apiVersion: v1
data:
  DEPLOYABLE_ENV: qa
  ENVIRONMENT: qa
  PGADMIN_CONFIG_CONSOLE_LOG_LEVEL: '25'
  PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION: 'False'
  PGADMIN_CONFIG_PROXY_X_PROTO_COUNT: '3'
  PGADMIN_CONFIG_WTF_CSRF_ENABLED: 'False'
  PGADMIN_SERVER_MODE: 'True'
  PREFERRED_URL_SCHEME: https
  PROJECT_NAME: pgadmin
  SECURE_PROXY_SSL_HEADER: 'X-Forwarded-Proto,https'
kind: ConfigMap
metadata:
  annotations:
    avp.kubernetes.io/path: k8s/qa/foundation/pgadmin-qa
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"v1","data":{"DEPLOYABLE_ENV":"qa","ENVIRONMENT":"qa","PGADMIN_CONFIG_CONSOLE_LOG_LEVEL":"25","PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION":"False","PGADMIN_CONFIG_WTF_CSRF_ENABLED":"False","PGADMIN_DEFAULT_EMAIL":"user@domain.com","PGADMIN_SERVER_MODE":"True","PROJECT_NAME":"pgadmin"},"kind":"ConfigMap","metadata":{"annotations":{"avp.kubernetes.io/path":"k8s/qa/foundation/pgadmin-qa"},"labels":{"app.kubernetes.io/instance":"pgadmin","enviroment":"qa","name":"pgadmin","productName":"pgadmin","projectName":"pgadmin","vendor":"aws"},"name":"pgadmin-qa","namespace":"foundation"}}
  creationTimestamp: '2024-10-11T20:08:02Z'
  labels:
    app.kubernetes.io/instance: pgadmin
    enviroment: qa
    name: pgadmin
    productName: pgadmin
    projectName: pgadmin
    vendor: aws
  name: pgadmin-qa
  namespace: foundation
  resourceVersion: '611395916'
  uid: fe80bf25-240a-487c-8e0c-be0d735b514c
--- service
apiVersion: v1
kind: Service
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: <hostname>
    external-dns.alpha.kubernetes.io/ttl: '5'
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"external-dns.alpha.kubernetes.io/hostname":"<hostname>","external-dns.alpha.kubernetes.io/ttl":"5","service.beta.kubernetes.io/aws-load-balancer-internal":"true"},"labels":{"app":"app","app.kubernetes.io/instance":"pgadmin","enviroment":"qa","name":"pgadmin","productName":"pgadmin","projectName":"pgadmin","role":"app","vendor":"aws"},"name":"pgadmin-svc-qa","namespace":"foundation"},"spec":{"ports":[{"name":"app","port":80,"targetPort":80}],"selector":{"app":"app","enviroment":"qa","name":"pgadmin","productName":"pgadmin","projectName":"pgadmin","role":"app","vendor":"aws"},"type":"ClusterIP"}}
    service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
  creationTimestamp: '2024-10-08T19:26:06Z'
  labels:
    app.kubernetes.io/instance: pgadmin
    enviroment: qa
    name: pgadmin
    productName: pgadmin
    projectName: pgadmin
    role: app
    vendor: aws
  name: pgadmin-svc-qa
  namespace: foundation
  resourceVersion: '597990602'
  uid: 1618539b-8de4-496e-a5ee-df10410c0776
spec:
  clusterIP: 172.20.8.137
  clusterIPs:
    - 172.20.8.137
  internalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  ports:
    - name: app
      port: 80
      protocol: TCP
      targetPort: 80
  selector:
    app: app
    enviroment: qa
    name: pgadmin
    productName: pgadmin
    projectName: pgadmin
    role: app
    vendor: aws
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}
-- deployment 
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: '45'
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"app","app.kubernetes.io/instance":"pgadmin","enviroment":"qa","name":"pgadmin","productName":"pgadmin","projectName":"pgadmin","team":"squad-foundation","vendor":"aws"},"name":"pgadmin-qa","namespace":"foundation"},"spec":{"revisionHistoryLimit":2,"selector":{"matchLabels":{"app":"app","enviroment":"qa","name":"pgadmin","productName":"pgadmin","projectName":"pgadmin","role":"app","vendor":"aws"}},"strategy":{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"},"template":{"metadata":{"labels":{"app":"app","enviroment":"qa","name":"pgadmin","productName":"pgadmin","projectName":"pgadmin","role":"app","vendor":"aws"},"namespace":"foundation"},"spec":{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"alpha.eksctl.io/nodegroup-name","operator":"In","values":["node-service-v1"]}]}]}},"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"name","operator":"In","values":["pgadmin"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":1}]}},"containers":[{"envFrom":[{"configMapRef":{"name":"pgadmin-qa"}},{"secretRef":{"name":"pgadmin-qa"}}],"image":"<ECR>/pgadmin4:8.12.4","livenessProbe":{"failureThreshold":3,"httpGet":{"httpHeaders":[{"name":"Host","value":"localhost"}],"path":"/misc/ping","port":80},"initialDelaySeconds":20,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"name":"pgadmin","ports":[{"containerPort":80}],"readinessProbe":{"failureThreshold":3,"httpGet":{"httpHeaders":[{"name":"Host","value":"localhost"}],"path":"/misc/ping","port":80},"initialDelaySeconds":20,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"limits":{"memory":"2000Mi"},"requests":{"cpu":"100m","memory":"2000Mi"}}}],"serviceAccountName":"pgadmin-qa","tolerations":[{"effect":"NoSchedule","key":"node-service","operator":"Equal","value":"true"}]}}}}
  creationTimestamp: '2024-10-11T17:59:43Z'
  generation: 46
  labels:
    app: app
    app.kubernetes.io/instance: pgadmin
    enviroment: qa
    name: pgadmin
    productName: pgadmin
    projectName: pgadmin
    team: squad-foundation
    vendor: aws
  name: pgadmin-qa
  namespace: foundation
  resourceVersion: '611396526'
  uid: 274698ef-6fa8-48af-9a5e-553b18e04305
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: app
      enviroment: qa
      name: pgadmin
      productName: pgadmin
      projectName: pgadmin
      role: app
      vendor: aws
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: app
        enviroment: qa
        name: pgadmin
        productName: pgadmin
        projectName: pgadmin
        role: app
        vendor: aws
      namespace: foundation
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: alpha.eksctl.io/nodegroup-name
                    operator: In
                    values:
                      - node-service-v1
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: name
                      operator: In
                      values:
                        - pgadmin
                topologyKey: kubernetes.io/hostname
              weight: 1
      containers:
        - envFrom:
            - configMapRef:
                name: pgadmin-qa
            - secretRef:
                name: pgadmin-qa
          image: '<ECR>/pgadmin4:8.12.4'
          imagePullPolicy: Always
          livenessProbe:
            failureThreshold: 3
            httpGet:
              httpHeaders:
                - name: Host
                  value: localhost
              path: /misc/ping
              port: 80
              scheme: HTTP
            initialDelaySeconds: 20
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          name: pgadmin
          ports:
            - containerPort: 80
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              httpHeaders:
                - name: Host
                  value: localhost
              path: /misc/ping
              port: 80
              scheme: HTTP
            initialDelaySeconds: 20
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          resources:
            limits:
              memory: 2000Mi
            requests:
              cpu: 100m
              memory: 2000Mi
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: pgadmin-qa
      serviceAccountName: pgadmin-qa
      terminationGracePeriodSeconds: 30
      tolerations:
        - effect: NoSchedule
          key: node-service
          operator: Equal
          value: 'true'
status:
  availableReplicas: 1
  conditions:
    - lastTransitionTime: '2024-10-16T20:25:46Z'
      lastUpdateTime: '2024-10-24T19:14:29Z'
      message: ReplicaSet "pgadmin-qa-57b577d87" has successfully progressed.
      reason: NewReplicaSetAvailable
      status: 'True'
      type: Progressing
    - lastTransitionTime: '2024-10-31T18:42:58Z'
      lastUpdateTime: '2024-10-31T18:42:58Z'
      message: Deployment has minimum availability.
      reason: MinimumReplicasAvailable
      status: 'True'
      type: Available
  observedGeneration: 46
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1
-- ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/backend-protocol":"HTTP","nginx.ingress.kubernetes.io/configuration-snippet":"more_set_headers
      \"X-Forwarded-Proto:
      https\";\n","nginx.ingress.kubernetes.io/load-balance":"ewma","nginx.ingress.kubernetes.io/proxy-body-size":"1m","nginx.ingress.kubernetes.io/proxy-read-timeout":"60","nginx.ingress.kubernetes.io/proxy-send-timeout":"60","nginx.ingress.kubernetes.io/use-forwarded-headers":"true"},"labels":{"app":"app","app.kubernetes.io/instance":"pgadmin","enviroment":"qa","name":"pgadmin","productName":"pgadmin","projectName":"pgadmin","vendor":"aws"},"name":"pgadmin-ingress-qa","namespace":"foundation"},"spec":{"rules":[{"host":"<host>","http":{"paths":[{"backend":{"service":{"name":"pgadmin-svc-qa","port":{"number":80}}},"path":"/","pathType":"ImplementationSpecific"}]}}]}}
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "X-Forwarded-Proto: https";
    nginx.ingress.kubernetes.io/load-balance: ewma
    nginx.ingress.kubernetes.io/proxy-body-size: 1m
    nginx.ingress.kubernetes.io/proxy-read-timeout: '60'
    nginx.ingress.kubernetes.io/proxy-send-timeout: '60'
    nginx.ingress.kubernetes.io/use-forwarded-headers: 'true'
  creationTimestamp: '2024-10-08T19:26:06Z'
  generation: 5
  labels:
    app: app
    app.kubernetes.io/instance: pgadmin
    enviroment: qa
    name: pgadmin
    productName: pgadmin
    projectName: pgadmin
    vendor: aws
  name: pgadmin-ingress-qa
  namespace: foundation
  resourceVersion: '605222003'
  uid: b3ead2a7-b51d-4cfc-84d7-c0e1a4c7e827
spec:
  rules:
    - host: <host>
      http:
        paths:
          - backend:
              service:
                name: pgadmin-svc-qa
                port:
                  number: 80
            path: /
            pathType: ImplementationSpecific
status:
  loadBalancer:
    ingress:
      - hostname: >-
          <AWS_ALB_URL>

[christiandornerintelipost]

@yogeshmahajan-1903 did you saw anything that I'm missing?

[yogeshmahajan-1903]

@christiandornerintelipost
I guess you are missing tis setup in ingress config -

  tls:
  - hosts:
    - pgadmin.local.com  # Replace with your desired domain
    secretName: pgadmin-tlstest  # Name of the secret where the TLS cert will be stored

Can you please provide the screenshot for login page where url is visible?

[yogeshmahajan-1903]

@christiandornerintelipost
Does it work?

[khushboovashi]

No response from the author, closing the issue.