Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Failed to add authentication service
See original GitHub issueDescribe the bug I am trying to setup authentication service as described here.
But in logs of ambassador service I see this errors:
2020-01-18 18:51:18 diagd 1.0.0 [P107TAEW] INFO: unused_contexts: {}
2020-01-18 18:51:18 diagd 1.0.0 [P107TAEW] INFO: IR: cluster cluster_127_0_0_1_8500_ambassador is the sidecar
2020-01-18 18:51:18 diagd 1.0.0 [P107TAEW] ERROR: cluster_extauth_127_0_0_1_8500_default: <RichStatus BAD error=cannot merge cluster cluster_extauth_authxxx_8080_default: mismatched attributes grpc ho$
tname=ambassador-8b657bfd-g75bk version=1.0.0>
2020-01-18 18:51:18 diagd 1.0.0 [P107TAEW] ERROR: ambassador-edge-stack-auth.ambassador.1: <RichStatus BAD error=auth canary cluster_extauth_authxxx_8080_default can only change service! hostname=amba$
sador-8b657bfd-g75bk version=1.0.0>
2020-01-18 18:51:18 diagd 1.0.0 [P107TAEW] INFO: V2Listeners: working on <Listener ir.listener for *:8443, ctx fallback-self-signed-context, secure Route, insecure Redirect/8080>
2020-01-18 18:51:18 diagd 1.0.0 [P107TAEW] INFO: V2Listener ambassador-listener-8443 created
2020-01-18 18:51:18 diagd 1.0.0 [P107TAEW] ERROR: could not reconfigure:
2020-01-18 18:51:18 diagd 1.0.0 [P107TAEW] ERROR:
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador_diag/diagd.py", line 825, in run
self.load_config_watt(rqueue, url)
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador_diag/diagd.py", line 1003, in load_config_watt
self._load_ir(rqueue, aconf, fetcher, scc, snapshot)
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador_diag/diagd.py", line 1017, in _load_ir
econf = EnvoyConfig.generate(ir, "V2")
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador/envoy/common.py", line 83, in generate
return V2Config(ir)
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador/envoy/v2/v2config.py", line 53, in __init__
V2Listener.generate(self)
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador/envoy/v2/v2listener.py", line 934, in generate
listener = listeners_by_port[irlistener.service_port]
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador/envoy/v2/v2listener.py", line 641, in __getitem__
listener = V2Listener(self.config, port)
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador/envoy/v2/v2listener.py", line 669, in __init__
v2f: dict = v2filter(f, self.config)
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/multi/__init__.py", line 81, in multifun
return action(*args, **kwargs)
File "/usr/lib/python3.7/site-packages/ambassador-0.0.0.dev0-py3.7.egg/ambassador/envoy/v2/v2listener.py", line 291, in v2filter_authv1
assert auth.cluster
AssertionError
To Reproduce Install the ambassador locally within minikube version; follow the steps from this page.
Expected behavior Request routed to the auth service.
Versions (please complete the following information):
- Ambassador: System Info:
Ambassador version
1.0.0
License
unregistered
Hostname
ambassador-8b657bfd-g75bk
Cluster ID
5077ab09-2527-5c87-91fe-d7a43a0edca9
Envoy status
ready (last status report within the last second)
Redis status
configured
Ambassador ID
default
Ambassador namespace
ambassador
Ambassador single namespace
false
Knative support
disabled
StatsD support
disabled
Endpoint routing
disabled
- Kubernetes environment:
$ minikube version
minikube version: v1.6.2
commit: 54f28ac5d3a815d1196cd5d57d707439ee4bb392
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (2 by maintainers)
Top Results From Across the Web
Failed to add authentication service · Issue #2214 - GitHub
I am trying to setup authentication service as described here. ... Install the ambassador locally within minikube version; follow the steps from ...
Read more >Troubleshoot error messages for single sign-on (SSO)
Guidance about how to troubleshoot problems with single sign-on (SSO) in Office Add-ins, and handle special conditions or errors.
Read more >Unable to configure authentication to Windows Active ...
Adding a Windows Active Directory as a new Directory Service under Prism > Settings (gear icon) > Authentication fails with the message:
Read more >AddJwtBearer OnAuthenticationFailed return custom error
It just tells the JWT handler you want to take care of the response and don't want the default logic (returning a WWW-Authenticate...
Read more >Single Sign-On Authentication Failure (Service Account)
(Single Sign-On) Failed to create server credentials. Ensure that pre-authenticated credentials (for a service account) are correctly specified in single sign- ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’ve deploying both external filter and filter policy to replace authservice but it doesn’t works. The request isn’t sent to the authentication service
The external authentication service is indeed working, I can use it to authenticate manually, but it’s not working via ambassador, no request is sent to it. Is there anything I did wrong?
i am having the same issue with the latest version, any idea how to solve it?
** Edit
Apparently this feature is not working on the API GW version of ambassador so i used the AuthService instead.