ibm-cloudibm-appidibm-cloud-kubernetes

IBM Cloud: Kubernetes add-on ALB Oauth2 Proxy for App ID integration fails to start


I deployed a containerized app to my IBM Cloud Kubernetes service in a VPC. The app uses App ID for authentication. The deployment pipeline ran successfully. The app seems ready, but when accessing its URL it gives an internal server error (500 status code).

500 Internal Server Error when accessing deployed app

From the Kubernetes dashboard I found that the ALB Oauth Proxy add-on is failing. It is deployed, but does not start.

The deployment seems to fail in the health checks (ping not successful). From the POD logs I found the following as last (and only) entry:

[provider.go:55] Performing OIDC Discovery...

Else, there is not much. Any advise?


Solution

  • Guessing from the missing logs and the failing pings, it seemed related to some network setup. Checking the VPC itself, I found that there was no Public Gateway attached to the subnet. Enabling it allowed outbound traffic. The oauth proxy could contact the App ID instance. The app is working as expected now.

    Make sure that the VPC subnets allow outbound traffic and have a Public Gateway enabled.