kuberntes oauth2-proxy 与 github 提供程序返回 500 内部服务器错误

kuberntes oauth2-proxy 与 github 提供程序返回 500 内部服务器错误

我正在尝试使用 oauth2-proxy github 提供程序添加来自 Kubernetes 的身份验证

我已经根据官方文档设置了所有内容

该网址有效,它将我重定向到使用我的 github 帐户 在此处输入图片描述

但登录后,它会将我重定向到出现 500 内部服务器错误的页面:

在此处输入图片描述

以下是我设置 GitHub 应用程序的方法:

在此处输入图片描述

我的 kubernetesUI 和 oauth 代理入口:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/auth-response-headers: Authorization
    nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
    nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
  name: ingress
  namespace: kubernetes-dashboard
spec:
  rules:
  - host: kubernetesui.***.com
    http:
      paths:
      - backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - kubernetesui.***.com
    secretName: kubeui
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: oauth2-proxy
  namespace: kubernetes-dashboard
spec:
  ingressClassName: nginx
  rules:
  - host: kubernetesui.***.com
    http:
      paths:
      - path: /oauth2
        pathType: Prefix
        backend:
          service:
            name: oauth2-proxy
            port:
              number: 4180
  tls:
  - hosts:
    - kubernetesui.***.com
    secretName: kubeui

我的代理选项:

  spec:
      containers:
      - args:
        - --provider=github
        - --email-domain=*
        - --upstream=file:///dev/null
        - --http-address=0.0.0.0:4180
        # Register a new application
        # https://github.com/settings/applications/new
        env:
        - name: OAUTH2_PROXY_CLIENT_ID
          value: ******
        - name: OAUTH2_PROXY_CLIENT_SECRET
          value: ***********
        # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));'
        - name: OAUTH2_PROXY_COOKIE_SECRET
          value: *************

代理日志:

192.168.189.44:58052 - ********* - - [2022/09/14 13:43:24] kubernetesui.*****.com GET - "/oauth2/auth" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" 401 13 0.000
192.168.189.44:58056 - *********- - [2022/09/14 13:43:24] kubernetesui.****.com GET - "/oauth2/start?rd=%2F" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" 302 310 0.000
[2022/09/14 13:43:25] [oauthproxy.go:775] Error creating session during OAuth2 callback: unexpected status "404": {"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/users#list-email-addresses-for-the-authenticated-user"}
192.168.189.44:58056 - *******- - [2022/09/14 13:43:24] kubernetesui.*******.com GET - "/oauth2/callback?code=947a40cc3606f6f15821&state=7ocJxLTnigFxcUCiS_3hJ28Kr6MYyCxrZTYA1La52JA%3A%2F" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" 500 2837 0.453

希望有人能指引我正确的方向

相关内容