Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage.

Cerbos Community

Screenshot 2023-07-14 at 14.36.20.png

Hi all. I'm deploying Cerbos using Helm, expose it using Traefik with ingressroute and add TLS from cert-manager in ingressroute and specified TLS secret in helm values. I'm trying to access Cerbos but I'm getting this error. Is there something that I'm missing?

Does TLS get terminated at Traefik?

So you end up getting HTTP traffic from the LB to Cerbos.

Screenshot 2023-07-13 at 18.22.22.png

here's the thing, if I'm not specifying TLS secret in helm values, I can access Cerbos UI via browser just fine, however any endpoint that I hit return error in image below. Notice that the requested URL in network tab is http not https

Screenshot 2023-07-14 at 16.04.25.png

But, If hit cerbos endpoint via curl or access it directly using the full URL like the image below, it works fine. It's just doesn't work if I hit the endpoint via Cerbos UI. At this point, I'm not really sure what's wrong

This sounds to me like a problem with how Traefik is configured. You can verify whether that's the case by port-forwarding to the Cerbos pod and accessing it directly without going through Traefik.

Note that if you set the TLS secret for Cerbos, you have to configure Traefik to talk to it over HTTPS as well. IIRC the default is HTTP.