I think the issue is the /me request following the login request does not use the JWT returned by the login request, my guess it issue with the frontend code?
aha! this has to be some problem with the configuration of the api-gateway and ingress. how are we accessing the cluster? what stands between the api-gateway pod and the outside? what is the configuration?
pg
an service loadbalancer:
apiVersion: v1
kind: Service
metadata:
name: mender-api-lb
spec:
selector:
app.kubernetes.io/name: api-gateway
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 80
before I comment on this, in the browser developer tools network tab, you do get a JWT in response to POST to /login, right?
(it comes back as a plain response, i.e.: not in json, just a string, no quotes)
could I have a screenshot with the response to POST to /login (erase the confidentials)
pg
yes, JWT response from login is a plain response
ok, I have to engage someone from the frontend team, as I do not understand how it could happen that the JWT is returned, but not used in subsequent calls.
is there anything on the javascript console during login?
peter
last thing I am going to ask before handling it over, could you get me:
kubectl exec mender-gui-pod -- cat /var/www/mender-gui/dist/env.js
remember to erase the confidential values.
peter
as my dear colleague Fabio pointed out to me just now: why are we using http? this will only work over https.
peter
when I try https, it gives me a 404 page not found
mender_environment = {
hostAddress: "",
hostedAnnouncement: "",
isDemoMode: "",
features: {
hasAddons: "",
hasAuditlogs: "",
hasDeviceConfig: "true",
hasDeviceConnect: "true",
hasMonitor: "",
hasMultitenancy: "",
hasReporting: "",
isEnterprise: "",
isHosted: ""
},
trackerCode: "",
recaptchaSiteKey: "",
stripeAPIKey: "",
integrationVersion: "3.2.1",
menderVersion: "3.2.1",
menderArtifactVersion: "3.6.0",
metaMenderVersion: "",
services: {
deploymentsVersion: "",
deviceauthVersion: "",
guiVersion: "3.2.0",
inventoryVersion: ""
},
demoArtifactPort: "",
disableOnboarding: ""
}
hostAddress has to be:
hostAddress: "your-full-hostname:443",
this has to be set in gui pod in env:
GATEWAY_IP='your-full-hostname'
GATEWAY_PORT='443'
in case of hosted.mender.io correct settings are:
GATEWAY_IP: hosted.mender.io
GATEWAY_PORT: "443"
peter
Hi Peter, since I’m following this installation process using helm-cart on K8S
When in this process do I set there env:s as none of the
GATEWAY_IP or GATEWAY_PORT are mention in the instruction
they both need to be present in the mender-gui pod env, for now you can just put them there, in the deployment manifest:
containers:
- env:
- name: GATEWAY_IP
value: "hosted.mender.io"
- name: GATEWAY_PORT
value: "443"
image: mendersoftware/gui:yourtaghere
let see how it works, and then I can review the docs.
peter
so now with with the env:s set env.js is changed to, where xx.xxx.xx.xx is my public ip.
but the issues are not resolved
https gives me a 404 page not found and
/me gives 401
mender_environment = {
hostAddress: "xx.xxx.xx.xxx:443",
hostedAnnouncement: "",
isDemoMode: "",
features: {
hasAddons: "",
hasAuditlogs: "",
hasDeviceConfig: "true",
hasDeviceConnect: "true",
hasMonitor: "",
hasMultitenancy: "",
hasReporting: "",
isEnterprise: "",
isHosted: ""
},
trackerCode: "",
recaptchaSiteKey: "",
stripeAPIKey: "",
integrationVersion: "3.2.1",
menderVersion: "3.2.1",
menderArtifactVersion: "3.6.0",
metaMenderVersion: "",
services: {
deploymentsVersion: "",
deviceauthVersion: "",
guiVersion: "3.2.0",
inventoryVersion: ""
},
demoArtifactPort: "",
disableOnboarding: ""
}
ok, this has to be related to the ingress configuration, have you tried something along these lines:
cat >mender-ingress.yml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mender-ingress
annotations:
cert-manager.io/issuer: "letsencrypt"
spec:
tls:
- hosts:
- ${MENDER_SERVER_DOMAIN}
secretName: mender-ingress-tls
rules:
- host: "${MENDER_SERVER_DOMAIN}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mender-api-gateway
port:
number: 80
EOF
kubectl apply -f mender-ingress.yml
peter
Hi Peter,
I resolved this one be configuring an ingress using self-managed certificates as I don’t have a domain for evaluation right now. Following is the ingress manifest
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mender-ingress
spec:
tls:
- secretName: mender-ingress-key
defaultBackend:
service:
name: mender-api-gateway
port:
number: 80
Thank you for the support!
great to hear it!
thanks and good luck! feel free to reach out anytime.
have a good day!
peter