Open Closed

Error deploying to Kubernetes #9898

User avatar
0
icoretchi created
  • Template: microservice
  • Created ABP Studio Version: 0.9.26
  • Current ABP Studio Version: 1.2.2
  • Multi-Tenancy: Yes
  • UI Framework: angular
  • Theme: leptonx
  • Theme Style: system
  • Run Install Libs: Yes
  • Database Provider: ef
  • Database Management System: sqlserver
  • Mobile Framework: none
  • Public Website: No
  • Include Tests: Yes
  • Dynamic Localization: Yes
  • Kubernetes Configuration: Yes
  • Grafana Dashboard: Yes
  • Use Local References: No
  • Optional Modules:
    • GDPR
    • FileManagement
    • TextTemplateManagement
    • AuditLogging
    • Chat
    • OpenIddictAdmin

Hi,

When I deployed to Kubernetes cluster I am receiving the following errors:

Any ideas?

Go to accepted answer
8 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent

    The error message in your screenshot indicates an issue with the OpenID Connect discovery document, specifically: "error validating authorization_endpoint in discovery document ['https for all urls required. Also for urls received by discovery.']". This means that all URLs in your OpenIddict/OpenID Connect configuration must use HTTPS, and any endpoints returned by the discovery document must also be HTTPS.

    This is a common issue when deploying ABP microservice solutions to Kubernetes or other environments where HTTPS is enforced.

    Steps to resolve:

    1. Ensure all URLs in your appsettings and environment variables use HTTPS, not HTTP. This includes:

      • AuthServer:Authority
      • AuthServer:MetaAddress
      • IdentityClients:Default:Authority
      • RemoteServices:...:BaseUrl

    2. Make sure your Kubernetes ingress/controller is configured to serve HTTPS and that your certificates are valid.

    3. In your OpenIddict server configuration, set the issuer to the correct HTTPS URL:

    PreConfigure<OpenIddictServerBuilder>(builder =>
   {
       builder.SetIssuer(new Uri(configuration["AuthServer:Authority"])); // Should be HTTPS
   });

    1. If you are using self-signed certificates for local development, ensure your browser trusts them. For production, use a valid certificate authority.

    2. After making these changes, clear your browser cache and tokens.

    For more details and troubleshooting steps, see:

    These steps should resolve the "https for all urls required" error and allow your ABP Angular application to authenticate correctly in Kubernetes.

    Sources:

    • https://abp.io/support/questions/6033
    • https://abp.io/support/questions/5701

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    icoretchi created

    I think I need a human assistance

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Are you using HTTP as the authserve scheme?

    Can you try to set requireHttps to false in oAuthConfig

    const oAuthConfig = {
  issuer: 'http://abp.io/',
  redirectUri: baseUrl,
  clientId: 'Bluestar_App',
  responseType: 'code',
  scope: 'offline_access Bluestar',
  requireHttps: false,
};

    Thanks.

  • User Avatar
    0
    icoretchi created

    Hi,

    I think the problem is with openid-configuration:

    the scheme for different types of authorization endpoints are http instead of https. Can you tell me how is populated?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please set the issuer, and add a middleware to set ctx.Request.Scheme to HTTPS

    public override void PreConfigureServices(ServiceConfigurationContext context)
{
    PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
    {
        serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", configuration["AuthServer:CertificatePassPhrase"]!);
        serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
    });
}

    public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
    var app = context.GetApplicationBuilder();
    var env = context.GetEnvironment();

    app.Use((ctx, next) =>
    {
        /* This application should act like it is always called as HTTPS.
         * Because it will work in a HTTPS url in production,
         * but the HTTPS is stripped out in Ingress controller.
         */
        ctx.Request.Scheme = "https";
        return next();
    });
  • User Avatar
    0
    icoretchi created

    Hi,

    This is working. Not generating the mentioned errors, but appears problem in Administration service which error the following:

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you confirm your Administration service can communicate with the authserver website?

    https://abp.io/community/articles/common-errors-in-jwt-bearer-authentication-4u3wrbs5#gsc.tab=0

    Thanks

  • User Avatar
    0
    icoretchi created

    Hi,

    As you can see the error is IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty. Obviously is something wrong in their communication, Sincerely speaking I am using abp provided helm files without any modification, just put it my domains. Do you have any sample application deployed to the external production Kubernetes cluster, just for me to compare helm manifests?

Assignee
User avatar maliming
Question details
Labels
None yet
Learn More, Pay Less
33% OFF
All Trainings!
Get Your Deal
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 16, 2025, 10:35