Grafana openshift monitoring OAuth Proxy: The request is missing a required parameter

12/31/2018

I am using a brand new installation of openshift:

oc v3.11.0+62803d0-1
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://master.mydomain.fr:8443
openshift v3.11.0+2bcedfc-77
kubernetes v1.11.0+d4cacc0

I have 3 nodes:

[root@master centos]# oc get node
NAME                 STATUS    ROLES     AGE       VERSION
master.mydomain.fr   Ready     master    1d        v1.11.0+d4cacc0
node1.mydomain.fr    Ready     infra     1d        v1.11.0+d4cacc0
node2.mydomain.fr    Ready     compute   1d        v1.11.0+d4cacc0
node3.mydomain.fr    Ready     compute   1d        v1.11.0+d4cacc0
node4.mydomain.fr    Ready     compute   1d        v1.11.0+d4cacc0

I successfully configured everything but now I am trying to access to my grafana dashboards. I created a route:

grafana.mydomain.fr

I am redirected to the Login Button of the OauthProxy. When I click on Login I am redirected to a blank page with Json:

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.","state":"7f3a18c95ae8237d39d35bf8ff317ae4:/"}

Here is the URI I am getting:

https://master.mydomain.fr:8443/oauth/authorize?approval_prompt=force&client_id=system%3Aserviceaccount%3Aopenshift-monitoring%3Agrafana&redirect_uri=https%3A%2F%2Fgrafana.mydomain.fr%2Foauth%2Fcallback&response_type=code&scope=user%3Ainfo+user%3Acheck-access&state=7f3a18c95ae8237d39d35bf8ff317ae4%3A%2F

After looking at the log I am getting:

no RBAC policy matched

I am pretty sure it is linked to my configuration (maybe the redirect URI is not correct) but to be honnest I don't know how to configure it. Do you have an idea ?

Thanks in advance

-- Geoffrey
kubernetes
oauth
openshift-origin

0 Answers