K
Q

AuthService Certificate error while forcing https Kubeflow 1.0.2 Authservice

5/18/2020

I am using Kubeflow 1.0.2, in my k8s cluster configuration i have made an external LB which points to the istio ingressgateway through HA proxy, without SSL its working smoooth, but when trying to make it with SSL its throwing this error on Authservice and not loading

level=error msg="OIDC provider setup failed, retrying in 10 seconds: Get https://domainname/dex/.well-known/openid-configuration: x509: certificate signed by unknown authority"

This is my configuration for gateways.networking.istio.io, i have copied my external LB SSL crt and key to istio-ingressgateway pod under root folder.

    tls:
httpsRedirect: true

hosts:
'*'
port:
name: https
number: 443
protocol: HTTPS
tls:
mode: SIMPLE
privateKey: /root/tls.key
serverCertificate: /root/tls.crt

in my dex i have configured the Config Map as

issuer: https://domainname/dex
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:5556
logger:
level: "debug"
format: text
oauth2:
skipApprovalScreen: true
enablePasswordDB: true
staticClients:

id: kubeflow-oidc-authservice
redirectURIs: ["/login/oidc"]
name: 'Dex Login Application'

what can be the cause of this issue? How to solve it?

-- Geo Antony
istio
kubeflow
kubernetes
openid-dex

Similar Questions

What is the 'minikube ip' equivalent on k3d
How to get k8s master ip address?
Redirecting to an external site using istio virtual service
Angular black page behind nginx and kubernetes

0 Answers