Qlik Community

Qlik Sense Multi-Cloud

Discussion board where members can get learn more about Multi-Cloud deployments for Qlik Sense Enterprise.

gsbeaton
Contributor II

QS Enterprise on Amazon EKS fails at authentication stage

Hi folks,

I'm running QS Enterprise on EKS.  No issues with install and all pods report they are running correctly.

However, when I try to connect via a web browser, I get stuck at http://elastic.example:32123/auth?client_id=foo&scope=openid%20profile&response_type=code&state=eyJh.......

I've opened the relevant ports to the cluster, but on looking at the log files, it appears there is an issue with the ingress controller communicating with the other node in the cluster.  I'm not sure if this is a red herring, but it's as far as I've got.  Any suggestions?

 

image.png

Labels (3)
3 Replies
Partner
Partner

Re: QS Enterprise on Amazon EKS fails at authentication stage

Hi there,

Why are you using elastic.example:32123 to access your EKS deployment ?

This URL is supposed to be used only when you deploy qliksense locally on a minikube cluster.

 

If you deploy to EKS, you should access your qliksense deployment using the ingress load balancer URL.

Just type "kubectl describe svc qliksense-nginx-ingress-controller | grep LoadBalancer", and you will get the AWS public URL of your loadbalancer.

You should then create a DNS CNAME to point your custom domain to this AWS URL.

 

Best regards,

Thiébaud

gsbeaton
Contributor II

Re: QS Enterprise on Amazon EKS fails at authentication stage

Hi Thiébaud

We're using the elastic.example alias mostly because we are following the documentation which suggests a basic IDP at elastic.example:32123 is configured out of the box.  We've put this work on hold until Qlik update their documentation.

Best regards

George

Highlighted
Partner
Partner

Re: QS Enterprise on Amazon EKS fails at authentication stage

Hi,

When you say that you "get stuck at http://elastic.example:32123....." what happen exactly ?

In my opinion, the internal IdP is not supposed to be used when not using a local Kubernetes cluster, because even if you point "elastic.example" to your AWS deployment, the port 32123 will not be publicly accessible.

You should take a look at Auth0 for the IdP, as it's free and easy to set up.

In my case I'm using EKS, Auth0, and Atlas MongoDB.

Best regards,