You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by dg...@apache.org on 2018/07/13 22:00:40 UTC

[incubator-openwhisk-deploy-kube] branch master updated: Missing documentation about ingress in previous pull request (#255)

This is an automated email from the ASF dual-hosted git repository.

dgrove pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-deploy-kube.git


The following commit(s) were added to refs/heads/master by this push:
     new 151bce4  Missing documentation about ingress in previous pull request (#255)
151bce4 is described below

commit 151bce4c9eda7fa4c1d64a3f06fd2775d74ed733
Author: Carlos Duque <cd...@gmail.com>
AuthorDate: Fri Jul 13 23:00:38 2018 +0100

    Missing documentation about ingress in previous pull request (#255)
    
    * Updated ingress.md documentation on how to configure the generic ingress values
---
 docs/ingress.md | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 75 insertions(+), 7 deletions(-)

diff --git a/docs/ingress.md b/docs/ingress.md
index e28cec1..2604849 100644
--- a/docs/ingress.md
+++ b/docs/ingress.md
@@ -99,7 +99,7 @@ nginx:
 This type of cluster can support a more advanced ingress style that
 does not use self-signed certificates for TLS termination (you can use
 `wsk` instead of `wsk -i`).  You will need to determine the values for
-<ibmdomain> and <ibmtlssecret> for your cluster by running the command
+<domain> and <ibmtlssecret> for your cluster by running the command
 ```
 bx cs cluster-get <mycluster>
 ```
@@ -113,21 +113,89 @@ ID:    b9c6b00dc0aa487f97123440b4895f2d
 Created:  2017-04-26T19:47:08+0000
 State:    normal
 Master URL:  https://169.57.40.165:1931
-Ingress subdomain:  <ibmdomain>
+Ingress subdomain:  <domain>
 Ingress secret:  <ibmtlssecret>
 Workers:  3
 ```
 
 Now define mycluster.yaml as below (substituting the real values for
-`<ibmdomain>` and `<ibmtlssecret>`).
+`<domain>` and `<ibmtlssecret>`).
 ```yaml
 whisk:
   ingress:
-    type: ibm.standard
-    ibmdomain: <ibmdomain>
-    ibmtlssecret: <ibmtlssecret>
-    api_host_name: <ibmdomain>
+    name: ow-ingress
+    api_host_name: <domain>
     api_host_port: 443
+    api_host_proto: https
+    type: standard
+    domain: <domain>
+    tls:
+      enabled: true
+      secretenabled: true
+      createsecret: false
+      secretname: <ibmtlssecret>
+    annotations:
+      # A blocking request is held open by the controller for slightly more than 60 seconds
+      # before it is responded to with HTTP status code 202 (accepted) and closed.
+      # Set to 75s to be on the safe side.
+      # See https://console.bluemix.net/docs/containers/cs_annotations.html#proxy-connect-timeout
+      # See http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
+      ingress.bluemix.net/proxy-read-timeout: "75s"
+
+      # Allow up to 50 MiB body size to support creation of large actions and large
+      # parameter sizes.
+      # See https://console.bluemix.net/docs/containers/cs_annotations.html#client-max-body-size
+      # See http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
+      ingress.bluemix.net/client-max-body-size: "size=50m"
+
+      # Add the request_id, generated by nginx, to the request against the controllers. This id will be used as tid there.
+      # https://console.bluemix.net/docs/containers/cs_annotations.html#proxy-add-headers
+      ingress.bluemix.net/proxy-add-headers: |
+        serviceName=controller {
+          'X-Request-ID' $request_id;
+        }
+
+```
+
+## Google Cloud
+
+### Google Cloud with nginx ingress
+
+This type of installation allows the same benefits as the IBM Cloud standard cluster.
+According to your nginx ingress settings you can define a <domain> value of your choice.
+You can choose to create a tls secret for that <domain> and provide values for <tlscrt> and <tlskey> in base64.
+
+To generate the values for <tlscrt> and <tlskey> you can use the openssl tool:
+
+```
+openssl req -newkey rsa:2048 -nodes -keyout tls.key -x509 -days 365 -out tls.crt
+cat tls.key | base64
+cat tls.crt | base64
+```
+
+Now define mycluster.yaml as below:
+
+```yaml
+whisk:
+  ingress:
+    name: ow-ingress
+    api_host_name: <domain>
+    api_host_port: 443
+    api_host_proto: https
+    type: standard
+    domain: <domain>
+    tls:
+      enabled: true
+      secretenabled: true
+      createsecret: true
+      secretname: openwhisk-ingress-tls-secret
+      secrettype: kubernetes.io/tls
+      crt: <tlscrt>
+      key: <tlskey>
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      kubernetes.io/tls-acme: true
+      nginx.ingress.kubernetes.io/proxy-body-size: 0
 ```
 
 ## Other cloud providers