Skip to content

Connecting to MKE cluster through MCC Lens extension spams login redirects in the web browser #6966

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dvirassamy opened this issue Jan 17, 2023 · 1 comment
Open

Connecting to MKE cluster through MCC Lens extension spams login redirects in the web browser #6966

dvirassamy opened this issue Jan 17, 2023 · 1 comment
Labels
bug Something isn't working p3

Comments

@dvirassamy
Copy link

Describe the bug
When connecting to MKE clusters through the MCC Lens extension, a redirect to MCC UI is realized for login purposes (through SSO).
However, when the cluster gets disconnected, Lens tries to reconnect indefinitely, which has as a result that the browser is spammed with MCC login redirects.

To Reproduce
Steps to reproduce the behavior:

  1. Go to Lens Extension and add @mirantis/lens-extension-cc
  2. Click on the Lens extension on the top right and connect to an MCC instance. This will sync all MKE clusters managed by the MCC instance
  3. Click on Cluster Catalog and connect to a MKE cluster managed by MCC
  4. Login in to MCC through the redirect page
  5. Wait for the cluster to get disconnected after some time
  6. See multiple redirect pages after multiple reconnect retries by Lens

Expected behavior
I would expect Lens to gradually increase the connect retry period and at some point to stop trying to reconnect to the cluster after a given number of retries.

Screenshots

Environment (please complete the following information):

  • Lens Version: 2023.1.110749-latest
  • OS: 13.1 (22C65)
  • Installation method (e.g. snap or AppImage in Linux): Lens dmg
  • MCC Lens extension: 5.3.0

Logs:

Kubeconfig:

Additional context
@dvirassamy dvirassamy added the bug Something isn't working label Jan 17, 2023
@stefcameron
Copy link
Contributor

Note that in this scenario (and in v5.3.0 of the extension), the cluster token is short-lived, so it lasts, I think, ~20 minutes before needing to be renewed. Since the extension uses kube-login to get the token to Lens upon opening a cluster synced by the extension into the Lens Catalog.

So it's somewhat easy to get into this scenario, and if Lens is left running on a system over a weekend, it'll just sit there and keep opening browser windows all weekend long. So you come back, and you have potentially hundreds of windows open...

I, too, believe Lens should have a de-escalation algorithm to exponentially taper off to no longer trying to auto-connect.

@Nokel81 Nokel81 added the p3 label Jan 23, 2023
stefcameron added a commit to Mirantis/lens-extension-cc that referenced this issue Feb 10, 2023
@stefcameron
[CCLEX-179] Add support for offline access tokens

Verified

This commit was signed with the committer’s verified signature.
chorrell Christopher Horrell
GPG key ID: 6E82CA4127747B7C
Verified
Learn about vigilant mode
aeebea5 
Now cluster access tokens can optionally be generated as offline
(i.e. long-lived) tokens on a per-mgmt cluster basis.

This works around (well, _delays_ for a long time)
lensapp/lens#6966
stefcameron added a commit to Mirantis/lens-extension-cc that referenced this issue Feb 10, 2023
@stefcameron
[CCLEX-179] Add support for offline access tokens

Verified

This commit was signed with the committer’s verified signature.
chorrell Christopher Horrell
GPG key ID: 6E82CA4127747B7C
Verified
Learn about vigilant mode
edd4675 
Now cluster access tokens can optionally be generated as offline
(i.e. long-lived) tokens on a per-mgmt cluster basis.

This works around (well, _delays_ for a long time)
lensapp/lens#6966

NOTE: Also has a partial implementation of the new 'trust host'
feature that was started at the same time as 'offline access', but
which is not currently exposed to the user.
@stefcameron stefcameron mentioned this issue Feb 10, 2023
Merged
1 task
stefcameron added a commit to Mirantis/lens-extension-cc that referenced this issue Feb 10, 2023
@stefcameron
[CCLEX-179] Add support for offline access tokens

Verified

This commit was signed with the committer’s verified signature.
chorrell Christopher Horrell
GPG key ID: 6E82CA4127747B7C
Verified
Learn about vigilant mode
91a09cb 
Now cluster access tokens can optionally be generated as offline
(i.e. long-lived) tokens on a per-mgmt cluster basis.

This works around (well, _delays_ for a long time)
lensapp/lens#6966

NOTE: Also has a partial implementation of the new 'trust host'
feature that was started at the same time as 'offline access', but
which is not currently exposed to the user.
stefcameron added a commit to Mirantis/lens-extension-cc that referenced this issue Feb 10, 2023
@stefcameron
[CCLEX-179] Add support for offline access tokens (#1288)

Verified

This commit was signed with the committer’s verified signature.
chorrell Christopher Horrell
GPG key ID: 6E82CA4127747B7C
Verified
Learn about vigilant mode
4e8e1dc 
Now cluster access tokens can optionally be generated as offline
(i.e. long-lived) tokens on a per-mgmt cluster basis.

This works around (well, _delays_ for a long time)
lensapp/lens#6966

NOTE: Also has a partial implementation of the new 'trust host'
feature that was started at the same time as 'offline access', but
which is not currently exposed to the user.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stefcameron @Nokel81 @dvirassamy