/user/api returns 401 (Unauthorized)

ethicalaakash · April 25, 2019, 6:02am

I’m setting up done on k8s, followed the doc.
deployment went well, but when I open the UI I get 401(unauthorised).

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: drone
  labels:
    app: drone
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    metadata:
      labels:
        app: drone
        component: server
    spec:
      containers:
      - name: drone-server
        image: "docker.io/drone/drone:1.0.0"
        imagePullPolicy: IfNotPresent
        env:
          - name: DRONE_KUBERNETES_ENABLED
            value: true
          - name: DRONE_KUBERNETES_NAMESPACE
            value: default
          - name: DRONE_GITHUB_SERVER
            value: https://github.com
          - name: DRONE_GITHUB_CLIENT_ID
            value: <client_ID>
          - name: DRONE_GITHUB_CLIENT_SECRET
            value: <client secret>
          - name: DRONE_RPC_SECRET
            value: <drone secret>
          - name: DRONE_SERVER_HOST
            value: drone.<company name>.io
          - name: DRONE_SERVER_PROTO
            value: http
          - name: DRONE_USER_CREATE
            value: username:ethicalaakash,admin:true
        ports:
        - name: http
          containerPort: 80
          protocol: TCP

I’m not sure where I’m doing wrong.

bradrydzewski · April 25, 2019, 6:14am

Getting a 401 unauthorized for /api/user can be normal. When you visit the user interface drone makes an API call to /api/user to see if you are logged-in, and if you are not logged-in, a 401 is returned. So often this is completely expected.

If you get a 401 unauthorized after being redirected back from github login, it generally means you misconfigured the redirect url when you created your github application. We often see people configure an incorrect redirect url, specifically the wrong path.

But with that being said, I do not have enough information available to advise further. If you think there is still an issue I recommend describing steps to reproduce the problem, providing server logs, and providing screenshots of what you are seeing.

ethicalaakash · April 25, 2019, 6:38am

I think I got it.
Login Failed. Post https://github.com/login/oauth/access_token: read tcp 100.96.2.147:57148->192.30.253.112:443: read: connection reset by peer

In my setup, I’ve not added port 443.

ethicalaakash · April 25, 2019, 9:56am

I’ve Istio in my setup, so istio was blocking call from drone service to github on port 443.
In instio you have to add a service entry for any external URL name.