Hide Forgot
Created attachment 1525303 [details] "Application is not available" in page Description of problem: Authorization method is Google IDP, then login prometheus/alertmanager/grafana will meet "Application is not available" error. actually the application is available, since test with kubeadmin temp user, all the routes could be accessed Take prometheus-k8s route as example https://prometheus-k8s-openshift-monitoring.apps.qe-chuan.qe.devcluster.openshift.com/ click "Log in with OpenShift" in the page, it navigates to https://o-openshift-authentication.apps.qe-chuan.qe.devcluster.openshift.com/oauth/authorize?approval_prompt=force&client_id=system%3Aserviceaccount%3Aopenshift-monitoring%3Aprometheus-k8s&redirect_uri=https%3A%2F%2Fprometheus-k8s-openshift-monitoring.apps.qe-chuan.qe.devcluster.openshift.com%2Foauth%2Fcallback&response_type=code&scope=user%3Ainfo+user%3Acheck-access&state=ee2765b51fe28107845bb5b815a7d9f0%3A%2F decode the url, it is the same as https://o-openshift-authentication.apps.qe-chuan.qe.devcluster.openshift.com/oauth/authorize?approval_prompt=force&client_id=system:serviceaccount:openshift-monitoring:prometheus-k8s&redirect_uri=https://prometheus-k8s-openshift-monitoring.apps.qe-chuan.qe.devcluster.openshift.com/oauth/callback&response_type=code&scope=user:info user:check-access&state=ee2765b51fe28107845bb5b815a7d9f0:/ then the page shows error "Application is not available" Dubug with webconsole tool, error shows: The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. Version-Release number of selected component (if applicable): $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.0.0-0.nightly-2019-01-30-174704 True False 2h Cluster version is 4.0.0-0.nightly-2019-01-30-174704 $ oc version oc v4.0.0-0.150.0 kubernetes v1.12.4+f39ab668d3 features: Basic-Auth GSSAPI Kerberos SPNEGO How reproducible: Always Steps to Reproduce: 1. See the description part 2. 3. Actual results: Can not login prometheus/alertmanager/grafana routes Expected results: Can login prometheus/alertmanager/grafana routes Additional info:
Blocks monitoring UI test with Google IDP
Created attachment 1525304 [details] "Application is not available" in page
Can you send kubeconfig and a way to access the cluster? This will help us diagnose the issue.
Junqi, looks like accessing QE cluster may be difficult for developers. Please attach kubeconfig and any relevant logs to this bug.
Created attachment 1525723 [details] "Application is not available" in page - 503 error
Created attachment 1525762 [details] 4.0.0-0.nightly-2019-01-31-184459 build, it is 500 error now
Created attachment 1525763 [details] error in prometheus-proxy container log 2019/02/01 06:59:12 oauthproxy.go:635: error redeeming code (client:10.131.0.5:57256): unable to retrieve email address for user from token: got 404 { "paths": [ "/apis", "/healthz", "/healthz/log", "/healthz/ping", "/healthz/poststarthook/oauth.openshift.io-startoauthclientsbootstrapping", "/metrics" ] } 2019/02/01 06:20:18 oauthproxy.go:635: error redeeming code (client:10.131.0.5:32912): Post https://o.apps.juzhao.qe.devcluster.openshift.com/oauth/token: x509: certificate signed by unknown authority 2019/02/01 06:20:18 oauthproxy.go:434: ErrorPage 500 Internal Error Internal Error
prometheus/alertmanager/grafana routes could be accessed with $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.0.0-0.nightly-2019-02-12-005016 True False 1h Cluster version is 4.0.0-0.nightly-2019-02-12-005016 Images: NAME PULL SPEC cluster-monitoring-operator quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:51c040a9e285083d1f31083ac48479edce1552e53ff2bb8b3f91c62718b99fb2 grafana quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:788cb9461d4b38c4a8ef5cdac7cbdf46befea56c20f310ec4bf0c127428b908e k8s-prometheus-adapter quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2986bc4db9ea270dc77aa1d896e3f76c98dc7bf90f1b4217e8c577a5aa6c1447 kube-rbac-proxy quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ee82c2882ccddc2605dc92f35b3cc2b2fb5ef76e4b5a5abd9c246b9a0f988d9b kube-state-metrics quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ed6b9bea8c80d114b4adbaf27c2dd08f1d04957d0c6aa5afb22830616a7d2642 oauth-proxy quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:59aa49bd4992ea5a792eb178a4de32743040ff12299e507f669a241b0a0f6ae4 prom-label-proxy quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2cc3449b501b7a769cb5e60759a59bc57bcc46f03ad75875ac3efa59bb98782e prometheus quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ab4c12ab38d078ed4c9f98a72e7ec4e20c3230d2606dbcd31f5bdf41626b7c35 prometheus-alertmanager quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9d545f54ba476d1efe9c3209f0aec5b39c83e4098c2c8a44694301ce0d029d24 prometheus-config-reloader quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58f065cb228dce82a21224df06062c99332972a2129ad6b40f778f840d469f84 prometheus-node-exporter quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9fb8fbb8e955e8b3e2174e32063e40fc6762afd02c5c63b117ffcbd8cca10812 prometheus-operator quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b3a6a9b30150beae1235ea52e45dc302883bda35213b204aeab98165216ad8f9 telemeter quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c736368f8135cafa3f806c8953edf6d4e33dac13a3de5ba413b37067b41af54
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758