Github: cannot authenticate user.. access_token: EOF"

I’m running drone-server 0.8.6 behind Istio on Kubernetes

When I try to login with GitHub, the request fails with the following logentry:
level=error msg=“cannot authenticate user. Post EOF”

This gets logged in the ingress:
[2018-08-06T14:13:30.095Z] “GET / HTTP/2” 200
[2018-08-06T14:13:30.174Z] “GET /api/user/feed?latest=true HTTP/2” 401
[2018-08-06T14:13:30.183Z] “GET /stream/events HTTP/2” 200
[2018-08-06T14:13:30.197Z] “GET /login HTTP/2” 303
[2018-08-06T14:13:30.197Z] “GET /api/user/feed?latest=true HTTP/2” 401
[2018-08-06T14:13:30.213Z] “GET /authorize HTTP/2” 303
[2018-08-06T14:13:30.417Z] “GET /authorize?code=c84…52&state=drone HTTP/2” 303
[2018-08-06T14:13:30.440Z] “GET /login?error=oauth_error HTTP/2” 303
[2018-08-06T14:13:30.450Z] “GET /login/error?code=oauth_error HTTP/2” 200
[2018-08-06T14:13:30.506Z] “GET /api/user/feed?latest=true HTTP/2” 401

This looks like a network error to me. An EOF would signal an unexpected end of stream in the HTTP response body, from Github, which should return a valid JSON document. Why would Github return an empty body or broken stream? The only explanation I can think of is some sort of network issue that is preventing the API request from reaching Github, and is instead returning an empty body or breaking the response stream. There are no known issues with Drone, which is quite mature and widely used.

After digging deeper on this, I think the problem lies somewhere in the sideloaded istio-proxy

@proepkes did you fix it?? I’m trying istio as well.

@proepkes @bradrydzewski I just did it work. :robot:

Istio as default blocks all outbound communication with services outside the cluster. So to fix it you should add a ServiceEntry. In my case I’m using drone with Bitbucket. The host you need to add is “*”

kind: ServiceEntry
  name: bitbucket-svc
  namespace: drone-test
  - "*"
  location: MESH_EXTERNAL
  - number: 443
    name: https
    protocol: HTTPS
  resolution: NONE

After that I could login into drone with bitbucket :muscle:

Full drone-ci deployment to K8

Docs for ServiceEntry