jetstack/kube-oidc-proxy

Disable TLS check oidc.issuer-url

zeusro opened this issue · 3 comments

zeusro commented

I use kube-oidc-proxy to connect the dex server,which using a self-signed certificate .
After it starts to run ,here is the log:

0:443: connect: no route to host
E0604 05:53:43.925331       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:53:53.925274       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:03.925501       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:13.923341       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:23.927359       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:33.925619       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:43.925518       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host

I have already checked about this project’s configuration and found nothing.

Is there an option to disable SSL check ?

saiharshitachava commented

Any update here I have the same issue

zeusro commented

Any update here I have the same issue

I have already fixed that.

Need to provide --oidc-ca-file=/etc/oidc/oidc-ca.pem while starting the oidc-proxy.

/etc/oidc/oidc-ca.pem is the valid CA pem file.

zeusro commented

It happens in the self-signed certificate situation.