[v3.2.1-CE][Regression] Updated in Kubernetes 1.18.x: Blank page

Lyft · July 27, 2021, 7:32pm

Relevant config info

K8s: v1.18.x
Image: “latest” or “3.2.1-ce”
Relevant config map info:

  APP_FULL_BASE_URL: https://my-passbolt-vault

Relevant ingress:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  namespace: passbolt
  name: passbolt-ingress
spec:
  rules:
  - host: my-passbolt-vault
    http:
      paths:
      - path: /
        backend:
          serviceName: passbolt-service
          servicePort: 80

When I nagivate to : https://my-passbolt-vault
I’m redirected to : https://my-passbolt-vault/auth/login?redirect=%2F

And then nothing.

I tried with both Firefox & Chrome and both crash in the JS with:

Uncaught (in promise) TypeError: ApiClientOption csrfToken is required.
    value https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    value https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    e https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    l https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    _invoke https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    S https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    r https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    i https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    u https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    u https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    value https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    e https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    l https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    _invoke https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    S https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    r https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    i https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    u https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    u https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    value https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    di https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    yo https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    unstable_runWithPriority https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    Bu https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    vo https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    no https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    Ji https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    Vo https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    qo https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    uo https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    qo https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    render https://my-passbolt-vault/js/app/api-vendors.js?v=3.2.1:2
    8107 https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    a https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    i https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    O https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    <anonymous> https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2
    <anonymous> https://my-passbolt-vault/js/app/api-triage.js?v=3.2.1:2

Can someone help/know what’s going on? Perhaps the ingress is wrong but I don’t see how.

max · July 28, 2021, 6:24am

Hi @Lyft,

can you do a kubectl get ingress passbolt-ingress I see here only the port 80 but you targeting your service on port 443.
can you confirmed ?

Max

Lyft · July 28, 2021, 9:20am

Hi @max,

I’m behind a reverse proxy that handles SSL brokering, so all communication between K8s and the RP/LB is cleartext.

NAME               CLASS    HOSTS                     ADDRESS                           PORTS   AGE
passbolt-ingress   <none>   my-passbolt-vault   192.168.xxx.xxx,192.168.xxx.yyy   80      nnnd

Lyft · July 28, 2021, 4:13pm

I flagged this as a regression because the same setup is less broken with [3.1.0-ce] and worsen from 3.2.0 onward.

By less broken I mean I have the login page but the app is frozen, I can’t click on the mail field to enter my details.

Lyft · July 28, 2021, 5:11pm

So I tested further and it appears when accessing the application directly on one of the cluster node it works, but when going through the HTTPS LB it breaks somehow.