Neuvector SSO Login with OpenID functionality can fail to come up.

[docandrew]

On an initial deployment of UDS-Core within a bundle, Neuvector failed to display the Login with OpenID button until the Controller pods were all restarted. Restarting the manager pod did not fix the issue. Once the Controller pods were restarted the app came back up and the Login with OpenID button was present. This is the first time I've witnessed this behavior so it may be difficult to trigger and could be related to some kind of timing or dependency issue. This was deployed on a single-node cluster.

Environment

Device and OS: x86_64 Ubuntu 22.04
App version: UDS Core 0.34.0 / Neuvector 5.4.1
Kubernetes distro being used: RKE2

Steps to reproduce

1. Perform UDS Core deployment, no additional Neuvector overrides.

Expected result

Neuvector displays the "Login with OpenID" button when user logs on.

Actual Result

No OpenID login button present.

Visual Proof (screenshots, videos, text, etc)

On initial deployment:

After restarting Controller pods:

Severity/Priority

Medium-ish. Would prefer not to have to restart controllers since this will ideally be a "hands-off" / no-kubectl-required deployment for the end users.

Additional Info

The secret containing oidcinitcfg.yaml was present, contained the correct client ID and client secret, and I confirmed that the file was mounted at /etc/config/ in all the controller pods. Keycloak had the client ID configured properly. Restarting the controller pods resolved the issue.

[docandrew]

Noticed these logs present which appear to be common to this issue: