You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by dg...@apache.org on 2018/07/13 22:00:40 UTC
[incubator-openwhisk-deploy-kube] branch master updated: Missing
documentation about ingress in previous pull request (#255)
This is an automated email from the ASF dual-hosted git repository.
dgrove pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-deploy-kube.git
The following commit(s) were added to refs/heads/master by this push:
new 151bce4 Missing documentation about ingress in previous pull request (#255)
151bce4 is described below
commit 151bce4c9eda7fa4c1d64a3f06fd2775d74ed733
Author: Carlos Duque <cd...@gmail.com>
AuthorDate: Fri Jul 13 23:00:38 2018 +0100
Missing documentation about ingress in previous pull request (#255)
* Updated ingress.md documentation on how to configure the generic ingress values
---
docs/ingress.md | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 75 insertions(+), 7 deletions(-)
diff --git a/docs/ingress.md b/docs/ingress.md
index e28cec1..2604849 100644
--- a/docs/ingress.md
+++ b/docs/ingress.md
@@ -99,7 +99,7 @@ nginx:
This type of cluster can support a more advanced ingress style that
does not use self-signed certificates for TLS termination (you can use
`wsk` instead of `wsk -i`). You will need to determine the values for
-<ibmdomain> and <ibmtlssecret> for your cluster by running the command
+<domain> and <ibmtlssecret> for your cluster by running the command
```
bx cs cluster-get <mycluster>
```
@@ -113,21 +113,89 @@ ID: b9c6b00dc0aa487f97123440b4895f2d
Created: 2017-04-26T19:47:08+0000
State: normal
Master URL: https://169.57.40.165:1931
-Ingress subdomain: <ibmdomain>
+Ingress subdomain: <domain>
Ingress secret: <ibmtlssecret>
Workers: 3
```
Now define mycluster.yaml as below (substituting the real values for
-`<ibmdomain>` and `<ibmtlssecret>`).
+`<domain>` and `<ibmtlssecret>`).
```yaml
whisk:
ingress:
- type: ibm.standard
- ibmdomain: <ibmdomain>
- ibmtlssecret: <ibmtlssecret>
- api_host_name: <ibmdomain>
+ name: ow-ingress
+ api_host_name: <domain>
api_host_port: 443
+ api_host_proto: https
+ type: standard
+ domain: <domain>
+ tls:
+ enabled: true
+ secretenabled: true
+ createsecret: false
+ secretname: <ibmtlssecret>
+ annotations:
+ # A blocking request is held open by the controller for slightly more than 60 seconds
+ # before it is responded to with HTTP status code 202 (accepted) and closed.
+ # Set to 75s to be on the safe side.
+ # See https://console.bluemix.net/docs/containers/cs_annotations.html#proxy-connect-timeout
+ # See http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
+ ingress.bluemix.net/proxy-read-timeout: "75s"
+
+ # Allow up to 50 MiB body size to support creation of large actions and large
+ # parameter sizes.
+ # See https://console.bluemix.net/docs/containers/cs_annotations.html#client-max-body-size
+ # See http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
+ ingress.bluemix.net/client-max-body-size: "size=50m"
+
+ # Add the request_id, generated by nginx, to the request against the controllers. This id will be used as tid there.
+ # https://console.bluemix.net/docs/containers/cs_annotations.html#proxy-add-headers
+ ingress.bluemix.net/proxy-add-headers: |
+ serviceName=controller {
+ 'X-Request-ID' $request_id;
+ }
+
+```
+
+## Google Cloud
+
+### Google Cloud with nginx ingress
+
+This type of installation allows the same benefits as the IBM Cloud standard cluster.
+According to your nginx ingress settings you can define a <domain> value of your choice.
+You can choose to create a tls secret for that <domain> and provide values for <tlscrt> and <tlskey> in base64.
+
+To generate the values for <tlscrt> and <tlskey> you can use the openssl tool:
+
+```
+openssl req -newkey rsa:2048 -nodes -keyout tls.key -x509 -days 365 -out tls.crt
+cat tls.key | base64
+cat tls.crt | base64
+```
+
+Now define mycluster.yaml as below:
+
+```yaml
+whisk:
+ ingress:
+ name: ow-ingress
+ api_host_name: <domain>
+ api_host_port: 443
+ api_host_proto: https
+ type: standard
+ domain: <domain>
+ tls:
+ enabled: true
+ secretenabled: true
+ createsecret: true
+ secretname: openwhisk-ingress-tls-secret
+ secrettype: kubernetes.io/tls
+ crt: <tlscrt>
+ key: <tlskey>
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: true
+ nginx.ingress.kubernetes.io/proxy-body-size: 0
```
## Other cloud providers