I am using a brand new installation of openshift:
oc v3.11.0+62803d0-1
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO
Server https://master.mydomain.fr:8443
openshift v3.11.0+2bcedfc-77
kubernetes v1.11.0+d4cacc0
I have 3 nodes:
[root@master centos]# oc get node
NAME STATUS ROLES AGE VERSION
master.mydomain.fr Ready master 1d v1.11.0+d4cacc0
node1.mydomain.fr Ready infra 1d v1.11.0+d4cacc0
node2.mydomain.fr Ready compute 1d v1.11.0+d4cacc0
node3.mydomain.fr Ready compute 1d v1.11.0+d4cacc0
node4.mydomain.fr Ready compute 1d v1.11.0+d4cacc0
I successfully configured everything but now I am trying to access to my grafana dashboards. I created a route:
grafana.mydomain.fr
I am redirected to the Login Button of the OauthProxy. When I click on Login I am redirected to a blank page with Json:
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.","state":"7f3a18c95ae8237d39d35bf8ff317ae4:/"}
Here is the URI I am getting:
https://master.mydomain.fr:8443/oauth/authorize?approval_prompt=force&client_id=system%3Aserviceaccount%3Aopenshift-monitoring%3Agrafana&redirect_uri=https%3A%2F%2Fgrafana.mydomain.fr%2Foauth%2Fcallback&response_type=code&scope=user%3Ainfo+user%3Acheck-access&state=7f3a18c95ae8237d39d35bf8ff317ae4%3A%2F
After looking at the log I am getting:
no RBAC policy matched
I am pretty sure it is linked to my configuration (maybe the redirect URI is not correct) but to be honnest I don't know how to configure it. Do you have an idea ?
Thanks in advance