che: Error "backend not available" when user logs-in for the first time (namespace provisioning returns error 500)

Describe the bug

Dashboard is not working after installing inside a new AKS cluster

Che version

7.59

Steps to reproduce

1- Install in AKS following https://che.eclipseprojects.io/2022/07/25/@karatkep-installing-eclipse-che-on-aks.html 2- Downgrade the oauth-proxy to 7.2.0 as mentioned in #21886 3- Open the dasboard page and get error: “Backend in not available. Try to refresh the page or re-login to the Dashboard.”

Expected behavior

Open the eclipse che dashboard successfully

Runtime

other (please specify in additional context)

Screenshots

I follow this tutorial to install eclipse che using AKS

https://che.eclipseprojects.io/2022/07/25/@karatkep-installing-eclipse-che-on-aks.html

I also follow the instructions in this issue #21886 to downgrade the oauth-proxy to 7.2.0

I was able to install it without any issue but when I tried to get into the dashboard I get the following error:

image

image

I am able to see the swagger page

image

All pods are running image

Installation method

chectl/latest

Environment

Azure

Additional context

Azure Kubernetes Version: image

Release Notes Text

Prior to this fix the automatic creation of a developer namespace in Eclipse Che 7.60 was failing when the developer login name contained invalid characters for the RFC 3986 such as @ or :. As a consequence, developers with those login names, would not be able to access to Eclipse Che. This in now fixed and the namespaces are created successfully even if the developer login name had invalid characters for RFC 3986.

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 31 (10 by maintainers)

Most upvoted comments

the culprit is related to the removal of user-preferences secret as part of https://github.com/eclipse-che/che-server/pull/398 which was considered to be obsolete and not needed for Dev Workspaces. The current plan is to restore the secret and change the logic of how it is generated (previously the data was obtained from db, which should not be used now)

+1
ibuziuk on Jan 30, 2023

I also encountered this issue yesterday evening, deploying Che next on OpenShift (GCP). However, I was able to log in as a regular, newly-created user on the cluster – only kubeadmin did not work for me.

+1
amisevsk on Jan 27, 2023

@l0rd, just want to confirm that Che 7.59 creates the namespaces automatically. Not sure about Che 7.60 - I did not try it yet.

+1
karatkep on Jan 27, 2023

@alfespa17, my congrats!

P.S. I remember it took several days (even more - about week) to deep dive into che world before make it workable for me.

+1
karatkep on Jan 26, 2023

@karatkep thank you for all your help. I was able to make it work.

image

The CleCluster spec is the following:

spec:
  networking:
    auth:
      identityProviderURL: https://sts.windows.net/{AZURE_TENANT_ID}/v2.0/
      identityToken: access_token
      oAuthClientName: {AZURE_APP_ID}
      oAuthSecret: {AZURE_APP_SECRET}
      oAuthScope: openid email profile 6dae42f8-4368-4678-94ff-3960e28e3630/user.read
      gateway:
        deployment:
          containers:
            - name: oauth-proxy
              env:
                - name: OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL
                  value: "true"
  components:
    cheServer:
      extraProperties:
        CHE_OIDC_AUTH__SERVER__URL: https://sts.windows.net/{AZURE_TENANT_ID}/v2.0/
        CHE_OIDC_EMAIL__CLAIM: unique_name
        CHE_OIDC_USERNAME__CLAIM: unique_name

I used the following configuration:

chectl --version
chectl/7.60.0 win32-x64 node-v16.13.2

Azure Kubernetes Service: 1.24.6 with Azure AD authentication with Azure RBAC

After the installation was completed I had to provision a namespace for my user using the following reference

Create a file with the following name: “workspace.yaml”

kind: Namespace
apiVersion: v1
metadata:
  name: cheuser 
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: workspaces-namespace
  annotations:
    che.eclipse.org/username: myuser@mydomain.onmicrosoft.com

kubectl apply -f workspace.yaml

I am not really sure if creating a namespace for my user is a normal flow but it make it works.

+1
alfespa17 on Jan 26, 2023
Read more comments on GitHub
← che: Eclipse che Dashboard issue (devworkspacetemplates and devworkspace 401)
che: Error: Failed to run the workspace: "Server 'theia' in container 'theia-idejve' not available →