Github: cannot authenticate user.. access_token: EOF"

proepkes · August 6, 2018, 1:55pm

I’m running drone-server 0.8.6 behind Istio on Kubernetes

When I try to login with GitHub, the request fails with the following logentry:
level=error msg=“cannot authenticate user. Post https://github.com/login/oauth/access_token: EOF”

This gets logged in the ingress:
[2018-08-06T14:13:30.095Z] “GET / HTTP/2” 200
[2018-08-06T14:13:30.174Z] “GET /api/user/feed?latest=true HTTP/2” 401
[2018-08-06T14:13:30.183Z] “GET /stream/events HTTP/2” 200
[2018-08-06T14:13:30.197Z] “GET /login HTTP/2” 303
[2018-08-06T14:13:30.197Z] “GET /api/user/feed?latest=true HTTP/2” 401
[2018-08-06T14:13:30.213Z] “GET /authorize HTTP/2” 303
[2018-08-06T14:13:30.417Z] “GET /authorize?code=c84…52&state=drone HTTP/2” 303
[2018-08-06T14:13:30.440Z] “GET /login?error=oauth_error HTTP/2” 303
[2018-08-06T14:13:30.450Z] “GET /login/error?code=oauth_error HTTP/2” 200
[2018-08-06T14:13:30.506Z] “GET /api/user/feed?latest=true HTTP/2” 401

bradrydzewski · August 6, 2018, 3:48pm

This looks like a network error to me. An EOF would signal an unexpected end of stream in the HTTP response body, from Github, which should return a valid JSON document. Why would Github return an empty body or broken stream? The only explanation I can think of is some sort of network issue that is preventing the API request from reaching Github, and is instead returning an empty body or breaking the response stream. There are no known issues with Drone, which is quite mature and widely used.

proepkes · August 6, 2018, 9:38pm

After digging deeper on this, I think the problem lies somewhere in the sideloaded istio-proxy

vigohe · January 4, 2019, 1:07pm

@proepkes did you fix it?? I’m trying istio as well.

vigohe · January 21, 2019, 3:56pm

@proepkes @bradrydzewski I just did it work.

Istio as default blocks all outbound communication with services outside the cluster. So to fix it you should add a ServiceEntry. In my case I’m using drone with Bitbucket. The host you need to add is “*.bitbucket.org”

---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: bitbucket-svc
  namespace: drone-test
spec:
  hosts:
  - "*.bitbucket.org"
  location: MESH_EXTERNAL
  ports:
  - number: 443
    name: https
    protocol: HTTPS
  resolution: NONE

After that I could login into drone with bitbucket

Full drone-ci deployment to K8 https://gist.github.com/vigohe/0d2546b1e66a858b3ab792e6e4f753d7

Docs for ServiceEntry https://istio.io/docs/reference/config/istio.networking.v1alpha3/#ServiceEntry