DEVHIDE
Login Or Sign up

Lighthouse CI - Unable to set Authentication for Terraform K8s Deployment

244 Views Asked by At

I'm trying to set Lighthouse CI Authentication using Terraform K8s Deployment(https://github.com/GoogleChrome/lighthouse-ci/blob/main/docs/server.md#basic-authentication) but I keep getting a 403 Error. I have tried below steps but I get the same message.

FYI, the password is set from kubectl_manifest resourece

  1. Using Terraform Set ENV from kubernetes_deployment resource
env {
    name = "LHCI_BASIC_AUTH__USERNAME"
    value = "username"
}

env {
    name = "LHCI_BASIC_AUTH__PASSWORD"
    value_from {
      secret_key_ref {
        name = "password"
        key  = "password"
      }
    }
}
  1. Different approach for using Terraform Set ENV from kubernetes_deployment resource(https://www.runatlantis.io/docs/security.html#enable-authentication-on-atlantis-web-server)
env {
    name = "ATLANTIS_WEB_BASIC_AUTH"
    value = "true"
}

env {
    name = "ATLANTIS_WEB_USERNAME"
    value = "user"
}

env {
    name = "LHCI_BASIC_AUTH__PASSWORD"
    value_from {
      secret_key_ref {
        name = "password"
        key  = "password"
      }
    }
}

  1. Using Helm Chart with Terraform helm_release resource - https://artifacthub.io/packages/helm/cowboysysop/lighthouse-ci

    After looking at the source code - https://github.com/cowboysysop/charts/blob/a12e738a57977c7c6e84cb219ae6967fddae266e/charts/lighthouse-ci/values.yaml#L201 - env var names used in this example 3.1 look incorrect.

  • 3.1 Set ENV
resource "helm_release" "lhci" {
  name  = "lhci"
  chart = "lighthouse-ci"
  repository = "https://cowboysysop.github.io/charts/"
  namespace  = "lhci"

  set {
    name  = "basicAuth.username"
    value = "user"
  }

  set {
    name  = "basicAuth.password"
    value = "password"
  }
}
  • 3.2 Set ENV (using different ENV naming convention)
resource "helm_release" "lhci" {
  name  = "lhci"
  chart = "lighthouse-ci"
  repository = "https://cowboysysop.github.io/charts/"
  namespace  = "lhci"

  set {
    name  = "basicAuthUsername"
    value = "user"
  }

  set {
    name  = "basicAuthPassword"
    value = "password"
  }
}

The above steps have been resulting in the same error. What is the proper way to enable authentication?

Thanks!

terraform kubernetes-helm lighthouse lighthouse-ci
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

This may be specific to my case but I went with the first approach and changed the http_get path for readiness_probe from / to /healthz. The issue got fixed.

e.g.

readiness_probe {
  http_get {
    path = "/healthz"
    port = "9001"
  }
}

Related Questions in TERRAFORM

Related Questions in KUBERNETES-HELM

Related Questions in LIGHTHOUSE

Related Questions in LIGHTHOUSE-CI

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.