You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by dg...@apache.org on 2019/01/25 19:40:29 UTC
[incubator-openwhisk-deploy-kube] branch master updated: Wskadmin
pod (#420)
This is an automated email from the ASF dual-hosted git repository.
dgrove pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-deploy-kube.git
The following commit(s) were added to refs/heads/master by this push:
new cfe869e Wskadmin pod (#420)
cfe869e is described below
commit cfe869eb7fe7a241d9a92e0a2d7c6c16f9c6c2ec
Author: Michele Sciabarra <30...@users.noreply.github.com>
AuthorDate: Fri Jan 25 20:40:24 2019 +0100
Wskadmin pod (#420)
Adds a wskadmin pod to allow administering OpenWhisk with kubectl without exposing the database outside of the cluster and without providing more credentials than those needed to deploy OpenWhisk itself.
---
README.md | 21 +++++++
helm/openwhisk/templates/wskadmin-pod.yaml | 88 ++++++++++++++++++++++++++++++
helm/openwhisk/values.yaml | 2 +-
3 files changed, 110 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 40014e8..ddb2d12 100644
--- a/README.md
+++ b/README.md
@@ -40,6 +40,7 @@ to both single-node and multi-node Kubernetes clusters.
* [Prerequisites: Kubernetes and Helm](#prerequisites-kubernetes-and-helm)
* [Deploying OpenWhisk](#deploying-openwhisk)
+* [Administering OpenWhisk](#administering-openwhisk)
* [Development and Testing](#development-and-testing)
* [Cleanup](#cleanup)
* [Issues](#issues)
@@ -258,6 +259,26 @@ certificate` errors from the `wsk` CLI.
If your deployment is not working, check our
[troubleshooting guide](./docs/troubleshooting.md) for ideas.
+# Administering OpenWhisk
+
+[Wskadmin](https://github.com/apache/incubator-openwhisk/tree/master/tools/admin) is the tool to perform various administrative operations against an OpenWhisk deployment.
+
+Since wskadmin requires credentials for direct access to the database (that is not normally accessible to the outside), it is deployed in a pod inside Kubernetes that is configured with the proper parameters. You can run `wskadmin` with `kubectl`. You need to use the `<namespace>` and the deployment `<name>` that you configured with `--namespace` and `--name` when deploying.
+
+You can then invoke `wskadmin` with:
+
+```
+kubectl -n <namespace> -ti exec <name>-wskadmin -- wskadmin <parameters>
+```
+
+For example, is your deployment name is `owdev` and the namespace is `openwhisk` you can list users in the `guest` namespace with:
+
+```
+$ kubectl -n openwhisk -ti exec owdev-wskadmin -- wskadmin user list guest
+23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP
+```
+
+Check [here](https://github.com/apache/incubator-openwhisk/tree/master/tools/admin) for details about the available commands.
# Development and Testing
diff --git a/helm/openwhisk/templates/wskadmin-pod.yaml b/helm/openwhisk/templates/wskadmin-pod.yaml
new file mode 100644
index 0000000..0d2e62a
--- /dev/null
+++ b/helm/openwhisk/templates/wskadmin-pod.yaml
@@ -0,0 +1,88 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more contributor
+# license agreements; and to You under the Apache License, Version 2.0.
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ .Release.Name }}-wskadmin
+ labels:
+ name: {{ .Release.Name }}-wskadmin
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+spec:
+ restartPolicy: Always
+ containers:
+ - name: wskadmin
+ image: "{{- .Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}"
+ imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }}
+ command: ["/bin/bash", "-c", "tail -f /dev/null"]
+ env:
+ - name: "WHISK_LOGS_DIR"
+ value: "/var/log"
+ # Provider database configuration
+ {{- if .Values.providers.db.external }}
+ # Use an external CouchDB instance for the providers
+ - name: "DB_PROTOCOL"
+ value: {{ .Values.providers.db.protocol | quote }}
+ - name: "DB_HOST"
+ value: {{ .Values.providers.db.host | quote }}
+ - name: "DB_USERNAME"
+ value: {{ .Values.providers.db.username | quote }}
+ - name: "DB_PASSWORD"
+ value: {{ .Values.providers.db.password | quote }}
+ - name: "DB_PORT"
+ value: {{ .Values.providers.db.port | quote }}
+ {{- else }}
+ # Use the internally deployed CouchDB service for the providers
+ - name: "DB_HOST"
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-db.config
+ key: db_host
+ - name: "DB_PROTOCOL"
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-db.config
+ key: db_protocol
+ - name: "DB_PORT"
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-db.config
+ key: db_port
+ - name: "DB_USERNAME"
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name }}-db.auth
+ key: db_username
+ - name: "DB_PASSWORD"
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name }}-db.auth
+ key: db_password
+ {{ end }}
+ - name: "DB_WHISK_ACTIONS"
+ {{- if .Values.providers.db.whisk_actions }}
+ value: {{ .Values.providers.db.whisk_actions }}
+ {{ else }}
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-db.config
+ key: db_whisk_actions
+ {{ end }}
+ - name: "DB_WHISK_AUTHS"
+ {{- if .Values.providers.db.whisk_auths }}
+ value: {{ .Values.providers.db.whisk_auths }}
+ {{ else }}
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-db.config
+ key: db_whisk_auths
+ {{ end }}
+ - name: "DB_WHISK_ACTIVATIONS"
+ {{- if .Values.providers.db.whisk_activations }}
+ value: {{ .Values.providers.db.whisk_activations }}
+ {{ else }}
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-db.config
+ key: db_whisk_activations
+ {{ end }}
diff --git a/helm/openwhisk/values.yaml b/helm/openwhisk/values.yaml
index 04e5fab..6ca593a 100644
--- a/helm/openwhisk/values.yaml
+++ b/helm/openwhisk/values.yaml
@@ -136,7 +136,7 @@ k8s:
# Images used to run auxillary tasks/jobs
utility:
imageName: "openwhisk/ow-utils"
- imageTag: "00fad95"
+ imageTag: "3a6f6a7"
imagePullPolicy: "IfNotPresent"
# Docker registry