Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic Auth and multiple instances of Kafka-UI - deployed - Authentication failure #4444

Closed
4 tasks done
javapapo opened this issue May 13, 2024 · 5 comments
Closed
4 tasks done

Basic Auth and multiple instances of Kafka-UI - deployed - Authentication failure #4444

javapapo opened this issue May 13, 2024 · 5 comments
Labels
status/triage Issues pending maintainers triage type/bug Something isn't working

Comments

@javapapo
Copy link

Issue submitter TODO list

  • I've looked up my issue in FAQ
  • I've searched for an already existing issues here
  • I've tried running master-labeled docker image and the issue still persists there
  • I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

Hello folks I am not sure if this is a bug or in general how its supposed to be but this is on the intersection of Ops and Dev.

So my case is that I deploy kafka-ui on a k8s cluster, with basic auth enabled.

AUTH_TYPE: "LOGIN_FORM"
SPRING_SECURITY_USER_NAME: admin
  SPRING_SECURITY_USER_PASSWORD: ${PROD_PWD}

Everything is fine - Until I try to naively scale the deployment from 1 instance to 2. Replicas to K8s lingo on the helm deployment.

replicas: 1

What I think is happening is that you get 2 identical instances of Kafka-UI - (pods) deployed.

  • You hit the Service URL - k8s - service - Instance 1 is serving the login page
  • You submit the credentials you get authenticated on that instance
  • But due to the load balancer - you get your next request to render the dashboard - to the other instance where you are are not authenticated.

Expected behavior

Naively I would expect It would work,

Your installation details

  • Latest docker image of kafka-UI

Steps to reproduce

Deploy 2 instances of kafka-ui under the same k8s service or behind a Load Balancer no sticky sessions.

replicas: 2

What I think is happening is that you get 2 identical instances of Kafka-UI - (pods) deployed.

  • You hit the Service URL - k8s - service - Instance 1 is serving the login page
  • You submit the credentials you get authenticated on that instance
  • But due to the load balancer - you get your next request to render the dashboard - to the other instance where you are are not authenticated.

Screenshots

Not Available

Logs

Authentication failures

Additional context

No response
@javapapo javapapo added status/triage Issues pending maintainers triage type/bug Something isn't working labels May 13, 2024
@github-actions GitHub Actions
Copy link

Hello there javapapo! 👋

Thank you and congratulations 🎉 for opening your very first issue in this project! 💖

In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀

@javapapo
Copy link
Author

I guess there is no solution - since the Spring Security context is not shared... so you can not loadbalance.

@Haarolean
Copy link
Contributor

Hi, this repo is not maintained (#4255). Glad to help you here though: https://github.com/kafbat/kafka-ui

@javapapo
Copy link
Author

oops!

@javapapo
Copy link
Author

Thanks @Haarolean - will try to migrate to the new-deployment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/triage Issues pending maintainers triage type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@javapapo @Haarolean