Default GitLabs JupiterHub on Kubernetes, can't login

Hello,
I tried to use the JupyterHub application on GitLabs managed GKE clsuter, and went through all default steps (GKE → Tiller → Ingress → set my domain to correct address → JupyterHub installed).

I open the JupyterHub page, it leads me to GitLab OAuth, I click “Authorize” (my account is admin, and is a member of the admin group on GitLab) and get thrown back to JupyterHub error page.

Here are the logs from Kubernetes pod:

[I 2019-12-20 04:37:17.162 JupyterHub log:158] 200 GET /hub/metrics (@10.0.0.7) 5.30ms
[I 2019-12-20 04:37:59.255 JupyterHub proxy:301] Checking routes
[W 2019-12-20 04:38:01.779 JupyterHub web:1667] 400 GET /hub/oauth_callback?code=xxxxxxxx&state=xxxxxxxxxxxxx%3D%3D (10.150.0.4): OAuth state missing from cookies
[W 2019-12-20 04:38:01.784 JupyterHub log:158] 400 GET /hub/oauth_callback?code=[secret]&state=[secret] (@10.150.0.4) 5.44ms
[I 2019-12-20 04:38:06.168 JupyterHub log:158] 302 GET / -> /hub (@10.150.0.4) 0.69ms
[I 2019-12-20 04:38:06.253 JupyterHub log:158] 302 GET /hub -> /hub/ (@10.150.0.4) 1.23ms
[I 2019-12-20 04:38:06.335 JupyterHub log:158] 302 GET /hub/ -> /hub/login (@10.150.0.4) 0.74ms
[I 2019-12-20 04:38:08.098 JupyterHub oauth2:82] OAuth redirect: 'http://mydomain.com/hub/oauth_callback'
[I 2019-12-20 04:38:08.100 JupyterHub log:158] 302 GET /hub/oauth_login?next= -> https://gitlab.com/oauth/authorize?redirect_uri=http%3A%2F%2Fmydomain.com%2Fhub%2Foauth_callback&client_id=xxxxxxxx&response_type=code&state=[secret]&scope=api+read_repository+write_repository (@10.150.0.4) 2.24ms
[W 2019-12-20 04:38:08.775 JupyterHub gitlab:165] Dima1987 not in group or project whitelist
[W 2019-12-20 04:38:08.776 JupyterHub base:504] Failed login for unknown user
[W 2019-12-20 04:38:08.777 JupyterHub log:158] 403 GET /hub/oauth_callback?code=[secret]&state=[secret] (@10.150.0.4) 417.03ms
[I 2019-12-20 04:38:12.316 JupyterHub log:158] 302 GET / -> /hub (@10.150.0.4) 0.92ms
[I 2019-12-20 04:38:12.404 JupyterHub log:158] 302 GET /hub -> /hub/ (@10.150.0.4) 0.75ms
[I 2019-12-20 04:38:12.488 JupyterHub log:158] 302 GET /hub/ -> /hub/login (@10.150.0.4) 0.79ms
[I 2019-12-20 04:38:17.162 JupyterHub log:158] 200 GET /hub/metrics (@10.0.0.7) 5.40ms
[I 2019-12-20 04:38:59.254 JupyterHub proxy:301] Checking routes
[I 2019-12-20 04:39:17.161 JupyterHub log:158] 200 GET /hub/metrics (@10.0.0.7) 5.06ms
[I 2019-12-20 04:39:59.264 JupyterHub proxy:301] Checking routes
[I 2019-12-20 04:39:59.409 JupyterHub log:158] 200 GET /hub/api/users (cull-idle@127.0.0.1) 29.53ms
[I 2019-12-20 04:40:17.161 JupyterHub log:158] 200 GET /hub/metrics (@10.0.0.7) 5.51ms
[I 2019-12-20 04:40:59.255 JupyterHub proxy:301] Checking routes
[I 2019-12-20 04:41:17.162 JupyterHub log:158] 200 GET /hub/metrics (@10.0.0.7) 6.57ms
[I 2019-12-20 04:41:59.254 JupyterHub proxy:301] Checking routes
[I 2019-12-20 04:42:17.162 JupyterHub log:158] 200 GET /hub/metrics (@10.0.0.7) 6.17ms
[I 2019-12-20 04:42:59.251 JupyterHub proxy:301] Checking routes
[I 2019-12-20 04:43:17.160 JupyterHub log:158] 200 GET /hub/metrics (@10.0.0.7) 5.30ms
[I 2019-12-20 04:43:59.255 JupyterHub proxy:301] Checking routes
[I 2019-12-20 04:44:17.162 JupyterHub log:158] 200 GET /hub/metrics (@10.0.0.7) 5.46ms
[I 2019-12-20 04:44:51.537 JupyterHub oauth2:82] OAuth redirect: 'http://mydomain.com/hub/oauth_callback'
[I 2019-12-20 04:44:51.539 JupyterHub log:158] 302 GET /hub/oauth_login?next= -> https://gitlab.com/oauth/authorize?redirect_uri=http%3A%2F%2Fmydomain.com%2Fhub%2Foauth_callback&client_id=xxxxxx&response_type=code&state=[secret]&scope=api+read_repository+write_repository (@10.150.0.2) 1.86ms
[W 2019-12-20 04:44:52.123 JupyterHub gitlab:165] Dima1987 not in group or project whitelist
[W 2019-12-20 04:44:52.124 JupyterHub base:504] Failed login for unknown user
[W 2019-12-20 04:44:52.126 JupyterHub log:158] 403 GET /hub/oauth_callback?code=[secret]&state=[secret] (@10.150.0.2) 335.10ms
[I 2019-12-20 04:44:59.253 JupyterHub proxy:301] Checking routes

It says “Dima1987 not in group or project whitelist”, but my user IS in the project.
The GKE cluster is a project level one.

Any ideas? Maybe someone knows how to fix that app? (can I modify the helm template it uses?)

wow I think I found the reason, it’s an active bug https://gitlab.com/gitlab-org/gitlab-foss/issues/66458

active issue in progress here https://gitlab.com/gitlab-org/gitlab/issues/31165 .