403 Forbidden while accessing smartcard ingress
Summary
Smartcard ingress cannot find the gitlab-webservice
and results in a 403 Forbidden error
and therefore smartcard authentication is currently not working
Steps to reproduce
Enable smartcard authentication
Configuration used
global:
appConfig:
smartcard:
enabled: true
Current behaviour
kubectl describe ingress gitlab-webservice-smartcard
gitlab-webservice:8181 (<error: endpoints "gitlab-webservice" not found>)
Expected behaviour
This should point to the correct web service endpoint
A quick fix would be to add default
suffix to the template but not sure if this is the endpoint we should be pointing to
{{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
pathType: {{ default "Prefix" $.Values.global.ingress.pathType }}
backend:
service:
name: {{ template "fullname" . }}-default
port:
number: {{ .Values.service.workhorseExternalPort }}
{{- else -}}
backend:
serviceName: {{ template "fullname" . }}-default
servicePort: {{ .Values.service.workhorseExternalPort }}
{{- end -}}
The final solution I guess would be to migrate to the _datamodel
class as is used by the web service
It needs the fix in !2038 (merged)
Versions
Chart: master
Edited by Silvester Wainaina