Problem
In an attached cluster managed by Kommander, when traefik is updated and the load balancer address has changed. This will cause the dex authentication to fail for the attached cluster, because the dex Client and the traefik-forward-auth-kommander-overrides FederatedConfigMap is not updated.
Solution
This has been resolved on DKP 2.2.0. But for cluster running on DKP 2.1.1. a recommended workaround exists.
Workaround
On the kommander (management) cluster:
Get the list of clients/clusterskubectl -n kommander get client
find the client resource with the problematic cluster name like, `dextfa-client-<hostname>-<random>`
edit that client
kubectl -n kommander edit client dextfa-client-mycluster-asdf
replace the hostname in the URL under `RedirectURIs` with the hostname for the new ELB of the attached cluster
Save
Edit the FederatedConfigMapkubectl -n kommander-default-workspace edit federatedconfigmaps traefik-forward-auth-kommander-overrides
edit `authHost` and replace the hostname with the hostname for the new ELB
Save
Wait for the helmrelease on the attached (managed) cluster to be redeployed:
$ kubectl -n kommander-default-workspace get helmrelease traefik-forward-auth-kommander -w
NAME READY STATUS AGE
traefik-forward-auth-kommander True Release reconciliation succeeded 117m
traefik-forward-auth-kommander Unknown Reconciliation in progress 117m
traefik-forward-auth-kommander True Release reconciliation succeeded 117m