nip.io | Fork of nipio to run a realhostip service | DNS library

It is in the Grafana documentation:

You may have to set the root_url option of [server] for the callback URL to be correct.

So remove GF_SERVER_DOMAIN,GF_SERVER_HTTP_PORT and configure GF_SERVER_ROOT_URL properly (I guess correct value for your setup is https://grafana.router.default.svc.cluster.local.167.254.203.104.nip.io)

Grafana will be able to generate correct redirect URL with this setup.

OP has confirmed, that the issue was solved in this github topic

it was exactly the issue you mentioned, thanks for your help

This problem is related to CVE-2021-25742. Problem is solved based on this message:

Hi folks we just released Ingress NGINX v1.0.5. Thanks to @rikatz who helped implement
#7874 which added the option to sanitize annotation inputs

annotation-value-word-blocklist defaults are "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\"

Users from mod_security and other features should be aware that some blocked values may be used by those features and must be manually unblocked by the Ingress Administrator.

For more details please check https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#annotation-value-word-blocklist

If you have any issues with this new feature or the release please open a new issue so we can track it there.

It is not entirely clear from you code snippet, but I assume that you are creating a session cookie instead of a persistent cookie. Therefore the cookie is gone, when you close and reopen the browser.

You can create a persistent cookie by adding an expiration date to your cookie value. Your cookie will be stored until it expires (or is deleted by the user). That date parameter has to be formatted as a UTC string. You could do it like this:

I found this question where this bug is mentioned:

Supplying additional valid data in JSON tag of struct property causes schema to fail.

The bug has been closed for around a year, however, I still experience that behavior. Overriding the JSON property using medatada didn't work either.

Using the struct like this worked perfectly:

I had to:

• Ensure that my service account operate-workflow-sa had cluster privileges
• Correct my sensor.yml syntax spec

Cluster privileges:

The way how you can use persistent storage in Che is described in https://www.eclipse.org/che/docs/che-7/end-user-guide/configuring-a-workspace-using-a-devfile/#adding-components-to-a-devfile_che

But I'm afraid it won't satisfy your need. Are you asking for every user to use your local maven repository? If so, it's not possible. You can only enable maven repository volume for each workspace, so after workspace restart files will be used from the previous time, but each workspace uses its own private space.

Withing Che, you can't configure your credentials to be used for every user. Each is supposed to configure their credentials, if they need access private docker repos. Check https://www.eclipse.org/che/docs/che-7/end-user-guide/using-private-container-registries/

What I can propose to look into:

• configure nodes to pull private image https://kubernetes.io/docs/concepts/containers/images/#configuring-nodes-to-authenticate-to-a-private-registry;
• push your images to cluster internal docker registry;

Problem is somehow related to default self-signed certificate on Keycloak side. People recommend spending some time on obtaining proper certificate.

Can be temporary solved by muting certificate verification on NodeJS side with placing such line before api/express calls:

I have analyzed you issue and came to the following conclusions:

1. The Ingress will work and these Warnings you see are just to inform you about the available api versioning. You don't have to worry about this. I've seen the same Warnings: