You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by mr...@apache.org on 2017/07/05 20:52:39 UTC
[incubator-openwhisk-deploy-kube] branch master updated: Configure
nginx without ansible (#30)
This is an automated email from the ASF dual-hosted git repository.
mrutkowski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-deploy-kube.git
The following commit(s) were added to refs/heads/master by this push:
new 8eb8c2d Configure nginx without ansible (#30)
8eb8c2d is described below
commit 8eb8c2d891fcbc64c748d9c49c904ac8e94441ae
Author: Dan Lavine <dl...@us.ibm.com>
AuthorDate: Wed Jul 5 13:52:38 2017 -0700
Configure nginx without ansible (#30)
* Configure nginx without ansible
* Try to see logs if wsk action fails
---
.gitignore | 1 +
.travis/build.sh | 71 +++++++++++---
Dockerfile | 1 -
README.md | 40 ++++----
ansible-kube/edge.yml | 9 --
.../environments/kube/files/controller-service.yml | 2 +-
ansible-kube/openwhisk.yml | 4 +-
ansible-kube/roles/nginx/tasks/deploy.yml | 53 ----------
ansible-kube/roles/nginx/templates/secrets.conf.j2 | 8 --
configure/cleanup.sh | 6 +-
configure/configure.sh | 4 -
docker/build.sh | 12 ---
docker/nginx/Dockerfile | 25 ++++-
kubernetes/nginx/README.md | 109 +++++++++++++++++++++
kubernetes/nginx/certs.sh | 15 +++
.../nginx.conf.j2 => kubernetes/nginx/nginx.conf | 30 +++---
kubernetes/nginx/nginx.yml | 67 +++++++++++++
17 files changed, 311 insertions(+), 146 deletions(-)
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5300e42
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+kubernetes/nginx/certs
diff --git a/.travis/build.sh b/.travis/build.sh
index c7026a7..d850473 100755
--- a/.travis/build.sh
+++ b/.travis/build.sh
@@ -1,16 +1,12 @@
#!/bin/bash
-set -ex
+set -x
SCRIPTDIR=$(cd $(dirname "$0") && pwd)
ROOTDIR="$SCRIPTDIR/../"
cd $ROOTDIR
-# TODO: need official repo
-# build openwhisk images
-# This way everything that is tested will use the latest openwhisk builds
-
sed -ie "s/whisk_config:v1.5.6/whisk_config:$TRAVIS_KUBE_VERSION/g" configure/configure_whisk.yml
# run scripts to deploy using the new images.
@@ -47,19 +43,58 @@ fi
echo "The job to configure OpenWhisk finished successfully"
-# Don't try and perform wsk actions the second it finishes deploying.
-# The CI ocassionaly fails if you perform actions to quickly.
-sleep 30
+# setup nginx
+pushd kubernetes/nginx
+ ./certs.sh localhost
+ kubectl -n openwhisk create configmap nginx --from-file=nginx.conf
+ kubectl -n openwhisk create secret tls nginx --cert=certs/cert.pem --key=certs/key.pem
+ kubectl apply -f nginx.yml
+
+ WSK_PORT=$(kubectl -n openwhisk describe service nginx | grep https-api | grep NodePort| awk '{print $3}' | cut -d'/' -f1)
+
+ # wait untill nginx is ready
+ TIMEOUT=0
+ TIMEOUT_COUNT=40
+ until $(curl --output /dev/null --silent -k https://localhost:$WSK_PORT) || [ $TIMEOUT -eq $TIMEOUT_COUNT ]; do
+ echo "Nginx is not up yet"
+ let TIMEOUT=TIMEOUT+1
+ sleep 20
+ done
+
+ if [ $TIMEOUT -eq $TIMEOUT_COUNT ]; then
+ echo "Nginx is not up and running"
+ exit 1
+ fi
+popd
+
+echo "Nginx is up and running"
-AUTH_SECRET=$(kubectl -n openwhisk get secret openwhisk-auth-tokens -o yaml | grep 'auth_whisk_system:' | awk '{print $2}' | base64 --decode)
-WSK_PORT=$(kubectl -n openwhisk describe service nginx | grep https-api | grep NodePort| awk '{print $3}' | cut -d'/' -f1)
+AUTH_WSK_SECRET=789c46b1-71f6-4ed5-8c54-816aa4f8c502:abczO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP
+AUTH_GUEST=23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP
-# download the wsk cli from nginx
-wget --no-check-certificate https://127.0.0.1:$WSK_PORT/cli/go/download/linux/amd64/wsk
+# download and setup the wsk cli from nginx
+wget --no-check-certificate https://localhost:$WSK_PORT/cli/go/download/linux/amd64/wsk
chmod +x wsk
+sudo cp wsk /usr/local/bin/wsk
+
+./wsk property set --auth $AUTH_GUEST --apihost https://localhost:$WSK_PORT
+
+
+# setup the catalog
+pushd /tmp
+ git clone https://github.com/apache/incubator-openwhisk
+ export OPENWHISK_HOME=$PWD/incubator-openwhisk
-# setup the wsk cli
-./wsk property set --auth $AUTH_SECRET --apihost https://127.0.0.1:$WSK_PORT
+ git clone https://github.com/apache/incubator-openwhisk-catalog
+
+ pushd incubator-openwhisk-catalog/packages
+ export WHISK_CLI_PATH=/usr/local/bin/wsk
+
+ # This script currently has an issue where the cli path is the 4th argument
+ # https://github.com/apache/incubator-openwhisk-catalog/pull/231 is a fix
+ ./installCatalog.sh $AUTH_WSK_SECRET https://localhost:$WSK_PORT "EMPTY" $WHISK_CLI_PATH
+ popd
+popd
# create wsk action
cat > hello.js << EOL
@@ -78,9 +113,13 @@ RESULT=$(./wsk -i action invoke --blocking hello | grep "\"status\": \"success\"
if [ -z "$RESULT" ]; then
echo "FAILED! Could not invoked custom action"
+
+
+ echo " ----------------------------- controller logs ---------------------------"
+ kubectl -n openwhisk logs $(kubectl get pods --all-namespaces -o wide | grep controller | awk '{print $2}')
+ echo " ----------------------------- invoker logs ---------------------------"
+ kubectl -n openwhisk logs $(kubectl get pods --all-namespaces -o wide | grep invoker | awk '{print $2}')
exit 1
fi
echo "PASSED! Deployed openwhisk and invoked custom action"
-
-# push the images to an official repo
diff --git a/Dockerfile b/Dockerfile
index 417029b..4dca29e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -35,7 +35,6 @@ RUN git clone https://github.com/openwhisk/openwhisk && \
# Change this to https://github.com/openwhisk/openwhisk-devtools when committing to master
COPY ansible-kube /incubator-openwhisk-deploy-kube/ansible-kube
COPY configure /incubator-openwhisk-deploy-kube/configure
-COPY wsk /openwhisk/bin/wsk
# install kube dependencies
RUN wget https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/amd64/kubectl && \
diff --git a/README.md b/README.md
index a936b68..9d313ac 100644
--- a/README.md
+++ b/README.md
@@ -95,21 +95,9 @@ the logs from the configuration Pod creted by the previous command.
kubectl -n openwhisk logs configure-openwhisk-XXXXX
```
-Once the configuration job successfully finishes, you will need the
-default user auth tokens provided by OpenWhisk. As part of the deployment
-process, we store these tokens in Kubernetes
-[secrets](https://kubernetes.io/docs/concepts/configuration/secret/).
-To get these tokens, you can run the following command:
-
-```
-kubectl -n openwhisk get secret openwhisk-auth-tokens -o yaml
-```
-
-To use the secrets, you will need to base64 decode them. E.g:
-
-```
-export AUTH_SECRET=$(kubectl -n openwhisk get secret openwhisk-auth-tokens -o yaml | grep 'auth_whisk_system:' | awk '{print $2}' | base64 --decode)
-```
+Once the configuration job successfully finishes, you will need
+manually deploy Nginx. To do this, follow the Nginx
+[README](kubernetes/nginx/README.md).
From here, you will now need to get the publicly available address
of Nginx.
@@ -135,7 +123,25 @@ Now you should be able to setup the wsk cli like normal and interact with
Openwhisk.
```
-wsk property set --auth $AUTH_SECRET --apihost https://[nginx_ip]:$WSK_PORT
+wsk property set --auth 789c46b1-71f6-4ed5-8c54-816aa4f8c502:abczO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP --apihost https://[nginx_ip]:$WSK_PORT
+```
+
+Lastly, you will need to install the initial catalog. To do this, you will need
+to set the `OPENWHISK_HOME` environment variable:
+
+```
+export OPENWHISK_HOME [location of the openwhisk repo]
+```
+
+Then you should be able to run the following commands. Just make sure to
+replace the `[nginx_ip]` bellow.
+
+```
+ pushd /tmp
+ git clone https://github.com/apache/incubator-openwhisk-catalog
+ cd incubator-openwhisk-catalog
+ ./installCatalog.sh 789c46b1-71f6-4ed5-8c54-816aa4f8c502:abczO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP https://[nginx_ip]:$WSK_PORT
+ popd
```
# Cleanup
@@ -284,7 +290,7 @@ the correct kubectl version to be built into `danlavine/whisk_config`. For now,
there is only a version for Kube 1.5, and one can be built for 1.6, but there
is no CI to test it against at the moment.
-**Minikube (experimental)**
+**Minikube (experimental)**
We also have experimental support for
* [Minikube](https://github.com/kubernetes/minikube), see the
* [Minikube-specific install instructions](/minikube/README.md) for more details.
diff --git a/ansible-kube/edge.yml b/ansible-kube/edge.yml
deleted file mode 100644
index 5a0a387..0000000
--- a/ansible-kube/edge.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# This playbook deploys Openwhisk Edge servers.
-# The edge is usually populated with NGINX serving as proxy.
-# The CLI also gets built and published for downloading from NGINX.
-# SDKs for blackbox and iOS get published to NGINX also.
-
-- hosts: edge
- roles:
- - nginx
diff --git a/ansible-kube/environments/kube/files/controller-service.yml b/ansible-kube/environments/kube/files/controller-service.yml
index 1ef39dc..b5762dd 100644
--- a/ansible-kube/environments/kube/files/controller-service.yml
+++ b/ansible-kube/environments/kube/files/controller-service.yml
@@ -10,6 +10,6 @@ spec:
selector:
name: controller
ports:
- - port: 10001
+ - port: 8080
targetPort: 8080
name: controller
diff --git a/ansible-kube/openwhisk.yml b/ansible-kube/openwhisk.yml
index 94dfcfe..0aed6a0 100644
--- a/ansible-kube/openwhisk.yml
+++ b/ansible-kube/openwhisk.yml
@@ -11,6 +11,4 @@
- include: invoker.yml
-- include: edge.yml
-
-- include: routemgmt.yml
+#- include: routemgmt.yml
diff --git a/ansible-kube/roles/nginx/tasks/deploy.yml b/ansible-kube/roles/nginx/tasks/deploy.yml
deleted file mode 100644
index f70934d..0000000
--- a/ansible-kube/roles/nginx/tasks/deploy.yml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-# This role starts a nginx component
-
-- name: ensure nginx config directory exists
- file:
- path: "{{ nginx_conf_dir }}"
- state: directory
-
-- name: copy template from local to remote in nginx config directory
- template:
- src: nginx.conf.j2
- dest: "{{ nginx_conf_dir }}/nginx.conf"
-
-- name: copy cert files from local to remote in nginx config directory
- copy:
- src: "files/"
- dest: "{{ nginx_conf_dir }}"
-
-- name: create configmap
- shell: "kubectl create configmap nginx --from-file={{ nginx_conf_dir }}/nginx.conf --from-file={{ nginx_conf_dir }}/genssl.sh --from-file={{ nginx_conf_dir }}/openwhisk-key.pem --from-file={{ nginx_conf_dir }}/openwhisk-cert.pem --from-file={{ nginx_conf_dir }}/openwhisk-request.csr"
-
-- name: create nginx pod
- shell: "kubectl create -f {{kube_pod_dir}}/nginx.yml"
-
-# TODO Rebplace this with a proper uri request once certs have been configured correctly
-- name: wait until nginx is up and running
- shell: "curl -k https://{{ nginx_host }}:{{ nginx.port.api }}"
- register: result
- until: (result.rc == 0) and (result.stdout != "")
- retries: 20
- delay: 10
-
-- name: get whisk system key
- shell: "cat {{ playbook_dir }}/files/auth.whisk.system | base64 --wrap=0"
- register: auth_whisk_system_var
-
-- name: get whisk system key
- shell: "cat {{ playbook_dir }}/files/auth.guest | base64 --wrap=0"
- register: auth_guest_var
-
-- name: set facts
- set_fact:
- auth_whisk_system: "{{ auth_whisk_system_var.stdout }}"
- auth_guest: "{{ auth_guest_var.stdout }}"
-
-- name: fill secret template
- template:
- src: secrets.conf.j2
- dest: "{{ nginx_conf_dir }}/secrets.yml"
-
-- name: create the secrets yaml
- shell: "kubectl apply -f {{ nginx_conf_dir }}/secrets.yml"
-
diff --git a/ansible-kube/roles/nginx/templates/secrets.conf.j2 b/ansible-kube/roles/nginx/templates/secrets.conf.j2
deleted file mode 100644
index ab252c3..0000000
--- a/ansible-kube/roles/nginx/templates/secrets.conf.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: openwhisk-auth-tokens
-type: Opaque
-data:
- auth_whisk_system: {{ auth_whisk_system }}
- auth_guest: {{ auth_guest }}
diff --git a/configure/cleanup.sh b/configure/cleanup.sh
index 581d859..360482d 100755
--- a/configure/cleanup.sh
+++ b/configure/cleanup.sh
@@ -21,6 +21,9 @@ kubectl -n openwhisk delete cm consul
kubectl -n openwhisk delete cm controller
kubectl -n openwhisk delete cm nginx
+# delete secrets
+kubectl -n openwhisk delete secret nginx
+
# delete services
kubectl -n openwhisk delete service couchdb
kubectl -n openwhisk delete service consul
@@ -29,6 +32,3 @@ kubectl -n openwhisk delete service kafka
kubectl -n openwhisk delete service controller
kubectl -n openwhisk delete service invoker
kubectl -n openwhisk delete service nginx
-
-# delete secrets
-kubectl -n openwhisk delete secret openwhisk-auth-tokens
diff --git a/configure/configure.sh b/configure/configure.sh
index 0785863..e53d743 100755
--- a/configure/configure.sh
+++ b/configure/configure.sh
@@ -51,7 +51,6 @@ pushd /incubator-openwhisk-deploy-kube/ansible
kubectl apply -f environments/kube/files/kafka-service.yml
kubectl apply -f environments/kube/files/controller-service.yml
kubectl apply -f environments/kube/files/invoker-service.yml
- kubectl apply -f environments/kube/files/nginx-service.yml
if deployCouchDB; then
# Create and configure the CouchDB deployment
@@ -62,7 +61,4 @@ pushd /incubator-openwhisk-deploy-kube/ansible
# Run through the openwhisk deployment
ansible-playbook -i environments/kube openwhisk.yml
-
- # Post deploy step
- ansible-playbook -i environments/kube postdeploy.yml
popd
diff --git a/docker/build.sh b/docker/build.sh
index dde16e5..22a7297 100755
--- a/docker/build.sh
+++ b/docker/build.sh
@@ -33,13 +33,6 @@ SCRIPTDIR="$( dirname "$SOURCE" )"
# build nginx
pushd $SCRIPTDIR/nginx
- pushd $OPENWHISK_DIR
- ./gradlew tools:cli:distDocker
- popd
-
- # copy whisk cli to nginx directory
- cp $OPENWHISK_DIR/bin/wsk .
-
mkdir -p blackbox
pushd blackbox
# copy docker sdk to dockerSkeleton in scratch space
@@ -63,22 +56,17 @@ pushd $SCRIPTDIR/nginx
docker push "$1"/whisk_nginx
# cleanup
- rm wsk
rm blackbox-0.1.0.tar.gz
rm -rf blackbox
popd
BuildKubeConfigureImage () {
pushd $SCRIPTDIR/..
- # copy whisk cli
- cp $OPENWHISK_DIR/bin/wsk .
WHISK_DEPLOY_IMAGE=$(docker build --build-arg KUBE_VERSION="$2" . | grep "Successfully built" | awk '{print $3}')
docker tag $WHISK_DEPLOY_IMAGE "$1"/whisk_config:"$2"-dev
docker push "$1"/whisk_config:"$2"-dev
- # rm the whisk cli to keep things clean
- rm wsk
popd
}
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index 3a4e47b..278167e 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -1,4 +1,27 @@
FROM nginx:1.11
-COPY wsk /etc/nginx/cli/go/download/linux/amd64/wsk
+Run apt-get -y update && \
+ apt-get -y install zip
+
+# Download all of the OpenWhisk CLIs
+ADD https://github.com/apache/incubator-openwhisk-cli/releases/download/latest/OpenWhisk_CLI-latest-linux-386.zip /etc/nginx/cli/go/download/linux/386/wsk.zip
+ADD https://github.com/apache/incubator-openwhisk-cli/releases/download/latest/OpenWhisk_CLI-latest-linux-amd64.zip /etc/nginx/cli/go/download/linux/amd64/wsk.zip
+ADD https://github.com/apache/incubator-openwhisk-cli/releases/download/latest/OpenWhisk_CLI-latest-mac-386.zip /etc/nginx/cli/go/download/mac/386/wsk.zip
+ADD https://github.com/apache/incubator-openwhisk-cli/releases/download/latest/OpenWhisk_CLI-latest-mac-amd64.zip /etc/nginx/cli/go/download/mac/amd64/wsk.zip
+ADD https://github.com/apache/incubator-openwhisk-cli/releases/download/latest/OpenWhisk_CLI-latest-windows-386.zip /etc/nginx/cli/go/download/windows/386/wsk.zip
+
+# Untar all of the files
+RUN unzip /etc/nginx/cli/go/download/linux/386/wsk.zip -d /etc/nginx/cli/go/download/linux/386
+RUN unzip /etc/nginx/cli/go/download/linux/amd64/wsk.zip -d /etc/nginx/cli/go/download/linux/amd64
+RUN unzip /etc/nginx/cli/go/download/mac/386/wsk.zip -d /etc/nginx/cli/go/download/mac/386
+RUN unzip /etc/nginx/cli/go/download/mac/amd64/wsk.zip -d /etc/nginx/cli/go/download/mac/amd64
+RUN unzip /etc/nginx/cli/go/download/windows/386/wsk.zip -d /etc/nginx/cli/go/download/windows/386
+
+# Remove extra zip file
+RUN rm /etc/nginx/cli/go/download/linux/386/wsk.zip
+RUN rm /etc/nginx/cli/go/download/linux/amd64/wsk.zip
+RUN rm /etc/nginx/cli/go/download/mac/386/wsk.zip
+RUN rm /etc/nginx/cli/go/download/mac/amd64/wsk.zip
+RUN rm /etc/nginx/cli/go/download/windows/386/wsk.zip
+
COPY blackbox-0.1.0.tar.gz /etc/nginx/blackbox-0.1.0.tar.gz
diff --git a/kubernetes/nginx/README.md b/kubernetes/nginx/README.md
new file mode 100644
index 0000000..2eecf8f
--- /dev/null
+++ b/kubernetes/nginx/README.md
@@ -0,0 +1,109 @@
+Nginx
+-----
+
+The Nginx Pod needs to be configured with custom certificates
+and nginx configuration file. To achieve this, nginx will need
+to create a Kube ConfigMap for the `nginx.conf` file and a
+Secrets resource with the certs.
+
+To help generate the certs there is a little helper script.
+
+* `certs.sh` can be used to generate self signed certs for OpenWhisk.
+ By default, the current `nginx.conf` file expects the server url
+ to use `localhost`. To generate a self signed cert with the same
+ hostname for testing purposes just run:
+
+ ```
+ certs.sh localhost
+ ```
+
+ If you want to modify the domain name, make sure to update the
+ [nginx.conf](nginx.conf) file appropriately.
+
+## Create Nginx ConfigMap
+
+To create the ConfigMap in the OpenWhisk namespace with the `nginx.conf`
+file, run the following command:
+
+```
+kubectl -n openwhisk create configmap nginx --from-file=nginx.conf
+```
+
+## Create Nginx Secrets
+
+With the generated certs for Nginx, you should now be able to create
+the nginx Secrets. To create the Secrets resource in the OpenWhisk
+namespace run the following command:
+
+```
+kubectl -n openwhisk create secret tls nginx --cert=certs/cert.pem --key=certs/key.pem
+```
+
+## Deploy Nginx
+
+After successfully [creating the nginx ConfigMap](#create-nginx-configmap)
+and [creating the Secrets](#create-nginx-secrets)
+you will be able to create the Nginx Service and Deployment.
+
+```
+kubectl apply -f nginx.yml
+```
+
+## Update Nginx ConfigMap
+
+When updating the nginx ConfigMap, you will need to have the
+actual yaml file. To obtain the generated YAML file run:
+
+```
+kubectl -n openwhisk get cm nginx -o yaml > nginx_configmap.yml
+```
+
+Then you can manually edit the fields by hand. Please note that you
+will need to remove a couple of fields from the `metadata` section.
+
+```
+ creationTimestamp: 2017-06-21T15:39:56Z
+ resourceVersion: "2156"
+ selfLink: /api/v1/namespaces/openwhisk/configmaps/nginx
+ uid: e0585576-5697-11e7-aef9-080027a9c6c9
+```
+
+When you have finished editing the yaml file, run:
+
+```
+kubectl replace -f nginx_configmap.yml
+```
+
+Kubernetes will then go through an update any deployed Nginx
+instances. Updating all of the keys defined in the nginx
+ConfigMap.
+
+## Update Nginx Secrets
+
+When updating the nginx Secrets, you will need to have the
+actual yaml file. To obtain the generated YAML file run:
+
+```
+kubectl -n openwhisk get secrets nginx -o yaml > nginx_secrets.yml
+```
+
+Then you can manually edit the fields by hand. Remember that the
+values in a secrets file are base64 encoded values. Also, you
+will need to remove a couple of fields from the `metadata` section.
+
+```
+ creationTimestamp: 2017-06-21T15:39:56Z
+ resourceVersion: "2156"
+ selfLink: /api/v1/namespaces/openwhisk/configmaps/nginx
+ uid: e0585576-5697-11e7-aef9-080027a9c6c9
+```
+
+When you have finished editing the yaml file, run:
+
+```
+kubectl replace -f nginx_secrets.yml
+```
+
+Kubernetes will then go through an update any deployed Nginx
+instances. Updating all of the keys defined in the nginx
+Secrets.
diff --git a/kubernetes/nginx/certs.sh b/kubernetes/nginx/certs.sh
new file mode 100755
index 0000000..f6436af
--- /dev/null
+++ b/kubernetes/nginx/certs.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -ex
+
+if [ -z "$1" ]; then
+cat <<- EndOfMessage
+ First argument should be the domain for the OpenWhisk deployment.
+ Note: By default the Nginx config file assumes the pattern '*.openwhisk'.
+EndOfMessage
+
+exit 1
+fi
+
+mkdir -p certs
+
+openssl req -x509 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem -nodes -subj "/CN=$1" -days 365
diff --git a/ansible-kube/roles/nginx/templates/nginx.conf.j2 b/kubernetes/nginx/nginx.conf
similarity index 57%
rename from ansible-kube/roles/nginx/templates/nginx.conf.j2
rename to kubernetes/nginx/nginx.conf
index 059617f..a24e689 100644
--- a/ansible-kube/roles/nginx/templates/nginx.conf.j2
+++ b/kubernetes/nginx/nginx.conf
@@ -1,28 +1,25 @@
-{# this template is used to generate a nginx.conf for booting a nginx server based on the given environment inventory #}
-
events {
-{# default: 1024 #}
worker_connections 4096;
}
http {
-{# allow large uploads, need to thread proper limit into here #}
client_max_body_size 50M;
rewrite_log on;
-{# change log format to display the upstream information #}
log_format combined-upstream '$remote_addr - $remote_user [$time_local] '
'$request $status $body_bytes_sent '
'$http_referer $http_user_agent $upstream_addr';
access_log /logs/nginx_access.log combined-upstream;
upstream controllers {
- # fail_timeout: period of time the server will be considered unavailable
- # Mark the controller as unavailable for at least 60 seconds, to not get any requests during restart.
- # Otherwise, nginx would dispatch requests when the container is up, but the backend in the container not.
- # From the docs:
- # "normally, requests with a non-idempotent method (POST, LOCK, PATCH) are not passed to the next server if a request has been sent to an upstream server"
- server controller.openwhisk:{{ controller.basePort }} fail_timeout=60s;
+ server controller.openwhisk:8080 fail_timeout=60s;
+
+ # TODO: Remove the above controller setup and remove the commented
+ # lines below once the Controller has ben converted to a pure yaml
+ # configuration.
+ #
+ # server controller-0.openwhisk:8080 fail_timeout=60s;
+ # server controller-1.openwhisk:8080 backup;
}
server {
@@ -31,15 +28,12 @@ http {
# match namespace, note while OpenWhisk allows a richer character set for a
# namespace, not all those characters are permitted in the (sub)domain name;
# if namespace does not match, no vanity URL rewriting takes place.
- server_name ~^(?<namespace>[0-9a-zA-Z-]+)\.{{ whisk_api_localhost_name | default(whisk_api_host_name) | default(whisk_api_localhost_name_default) }}$;
+ server_name ~^(?<namespace>[0-9a-zA-Z-]+)\.localhost$;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
- ssl_certificate /etc/nginx/certs/openwhisk-cert.pem;
- ssl_certificate_key /etc/nginx/certs/openwhisk-key.pem;
- {% if nginx.ssl.password_enabled %}
- ssl_password_file "/etc/nginx/{{ nginx.ssl.password_file }}";
- {% endif %}
+ ssl_certificate /etc/nginx/certs/tls.crt;
+ ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_verify_client off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
@@ -69,7 +63,7 @@ http {
}
location /OpenWhiskIOSStarterApp.zip {
- return 301 https://github.com/apache/incubator-openwhisk-client-swift/releases/download/0.2.3/starterapp-0.2.3.zip;
+ return 301 https://github.com/openwhisk/openwhisk-client-swift/releases/download/0.2.3/starterapp-0.2.3.zip;
}
location /cli/go/download {
diff --git a/kubernetes/nginx/nginx.yml b/kubernetes/nginx/nginx.yml
new file mode 100644
index 0000000..b7fc954
--- /dev/null
+++ b/kubernetes/nginx/nginx.yml
@@ -0,0 +1,67 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nginx
+ namespace: openwhisk
+ labels:
+ name: nginx
+spec:
+ type: NodePort
+ selector:
+ name: nginx
+ ports:
+ - port: 80
+ targetPort: 80
+ name: http
+ - port: 443
+ targetPort: 443
+ name: https-api
+ - port: 8443
+ targetPort: 8443
+ name: https-admin
+
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: nginx
+ namespace: openwhisk
+ labels:
+ name: nginx
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ name: nginx
+ spec:
+ restartPolicy: Always
+ volumes:
+ - name: nginx-certs
+ secret:
+ secretName: nginx
+ - name: nginx-conf
+ configMap:
+ name: nginx
+ - name: logs
+ emptyDir: {}
+ containers:
+ - name: nginx
+ imagePullPolicy: Always
+ image: danlavine/whisk_nginx
+ ports:
+ - name: http
+ containerPort: 80
+ - name: http-api
+ containerPort: 443
+ - name: https-admin
+ containerPort: 8443
+ volumeMounts:
+ - name: nginx-conf
+ mountPath: "/etc/nginx/nginx.conf"
+ subPath: "nginx.conf"
+ - name: nginx-certs
+ mountPath: "/etc/nginx/certs"
+ - name: logs
+ mountPath: "/logs"
--
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].