登录gitlab时提示could not authenticate you from OAuth2Generic because “Csrf detected”
请贴一下 gitlab 的 gitlab.yaml文件。
有启用oauth 认证吗?
对应 oauth_client 有添加吗?
启用oauth认证了,跳转时报500的错误,如图所示
gitlab.yaml文件如下所示
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: “2020-12-17T02:48:38Z”
generateName: gitlab-gitlab-core-
labels:
app: gitlab
chart: gitlab-ha
component: gitlab
controller-revision-hash: gitlab-gitlab-core-5b66d5f78d
heritage: Helm
release: gitlab
statefulset.kubernetes.io/pod-name: gitlab-gitlab-core-0
name: gitlab-gitlab-core-0
namespace: c7n-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: StatefulSet
name: gitlab-gitlab-core
uid: 608ed39e-4726-437a-a4a4-1e81660fca54
resourceVersion: “1996187”
selfLink: /api/v1/namespaces/c7n-system/pods/gitlab-gitlab-core-0
uid: 4fdcd111-794a-4e2a-9d63-dbe89f2b3252
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:- podAffinityTerm:
labelSelector:
matchLabels:
app: gitlab
component: gitlab
release: gitlab
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- podAffinityTerm:
- env:
- name: GITLAB_HOST
value: gitlab.example.gf521.cn - name: GITLAB_SSH_PORT
value: “30022” - name: REDIS_HOST
value: gitlab-gitlab-redis - name: REDIS_PORT
value: “6379” - name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: REDIS_PASSWORD
name: gitlab-gitlab-redis - name: DB_HOST
value: gitlab-gitlab-database - name: DB_PORT
value: “5432” - name: DB_USER
valueFrom:
secretKeyRef:
key: DB_USER
name: gitlab-gitlab-database - name: DB_PASS
valueFrom:
secretKeyRef:
key: DB_PASS
name: gitlab-gitlab-database - name: DB_NAME
valueFrom:
secretKeyRef:
key: DB_NAME
name: gitlab-gitlab-database - name: GITLAB_BACKUP_SCHEDULE
value: daily - name: GITLAB_BACKUP_TIME
value: “01:00” - name: GITLAB_HOST
value: gitlab.example.gf521.cn - name: GITLAB_NOTIFY_ON_BROKEN_BUILDS
value: “true” - name: GITLAB_NOTIFY_PUSHER
value: “false” - name: GITLAB_SECRETS_DB_KEY_BASE
value: xOBaJR3hMlDXdPZA5vmq7hVN6wALlPGTykvqfqlxDZmmkMslq8HDSrmO50HGTFDA - name: GITLAB_SECRETS_OTP_KEY_BASE
value: ylegPAaLMdpIjEsb5qeIKDXjK4FLneRB43e14wrm3f1cguo8Rn6DdJ7ZzMSRqvbW - name: GITLAB_SECRETS_SECRET_KEY_BASE
value: UZi2ky2WPxjSrX4PCdld5p2VmAV6Ur6wD2NyIbQC25V4mJMUfFeC5TIzRJO6q0oW - name: GITLAB_TIMEZONE
value: Beijing - name: IMAP_ENABLED
value: “false” - name: OAUTH_ALLOW_SSO
value: oauth2_generic - name: OAUTH_AUTO_SIGN_IN_WITH_PROVIDER
value: oauth2_generic - name: OAUTH_BLOCK_AUTO_CREATED_USERS
value: “false” - name: OAUTH_ENABLED
value: “true” - name: OAUTH_GENERIC_API_KEY
value: gitlab - name: OAUTH_GENERIC_APP_SECRET
value: secret - name: OAUTH_GENERIC_AUTHORIZE_URL
value: /oauth/oauth/authorize - name: OAUTH_GENERIC_ID_PATH
value: ‘“userAuthentication”,“principal”,“userId”’ - name: OAUTH_GENERIC_ROOT_PATH
value: ‘“userAuthentication”,“principal”’ - name: OAUTH_GENERIC_SITE
value: http://api.example.gf521.cn - name: OAUTH_GENERIC_TOKEN_URL
value: /oauth/oauth/token - name: OAUTH_GENERIC_USER_INFO_URL
value: /oauth/api/user - name: OAUTH_GENERIC_USER_NAME
value: username - name: OAUTH_GENERIC_USER_NICKNAME
value: username - name: RACK_ATTACK_WHITELIST
value: 0.0.0.0/0 - name: SMTP_ENABLED
value: “false” - name: TZ
value: Asia/Shanghai - name: DB_ADAPTER
value: postgresql - name: GITLAB_DATA_DIR
value: /home/git/data - name: GITLAB_BACKUP_SCHEDULE
value: disable
image: registry.cn-shanghai.aliyuncs.com/c7n/docker-gitlab:v11.11.7
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /help
port: 80
scheme: HTTP
initialDelaySeconds: 600
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 5
name: gitlab
ports: - containerPort: 22
name: ssh
protocol: TCP - containerPort: 80
name: http
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /help
port: 80
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts: - mountPath: /home/git/data
name: data - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-gf9tv
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
hostname: gitlab-gitlab-core-0
nodeName: 172.16.33.246
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
subdomain: gitlab-gitlab-core
terminationGracePeriodSeconds: 30
tolerations:
- name: GITLAB_HOST
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300 - effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes: - name: data
persistentVolumeClaim:
claimName: gitlab-gitlab-core - name: default-token-gf9tv
secret:
defaultMode: 420
secretName: default-token-gf9tv
status:
conditions: - lastProbeTime: null
lastTransitionTime: “2020-12-17T02:48:38Z”
status: “True”
type: Initialized - lastProbeTime: null
lastTransitionTime: “2020-12-17T02:50:24Z”
status: “True”
type: Ready - lastProbeTime: null
lastTransitionTime: “2020-12-17T02:50:24Z”
status: “True”
type: ContainersReady - lastProbeTime: null
lastTransitionTime: “2020-12-17T02:48:38Z”
status: “True”
type: PodScheduled
containerStatuses: - containerID: docker://5e82c690dd84f336b82de64c30f58702e8fa4a22f20f2f7835176a688928aabb
image: registry.cn-shanghai.aliyuncs.com/c7n/docker-gitlab:v11.11.7
imageID: docker-pullable://registry.cn-shanghai.aliyuncs.com/c7n/docker-gitlab@sha256:79e956a2ecd680067e2f3b2341ce1f364249b8887bba7b86fcc38c3cbc7202f8
lastState: {}
name: gitlab
ready: true
restartCount: 0
started: true
state:
running:
startedAt: “2020-12-17T02:48:39Z”
hostIP: 172.16.33.246
phase: Running
podIP: 10.244.2.98
podIPs: - ip: 10.244.2.98
qosClass: BestEffort
startTime: “2020-12-17T02:48:38Z”
是通过一键部署安装的猪齿鱼,这些应该都配置了吧