2020-03-17 10:43:13 UTC - Keerthi Kumar S R: @Dave Grove if create role with only view access resources to the namespace where i am deploying will that have any issues?? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584441793299600?thread_ts=1583999256.268100&cid=C3TPCAQG1 ---- 2020-03-17 12:20:32 UTC - Dave Grove: Could work. Try it and see what happens https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584447632299900?thread_ts=1583999256.268100&cid=C3TPCAQG1 ---- 2020-03-17 14:54:35 UTC - Tom Barber: another day another question https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584456875300800 ---- 2020-03-17 14:54:53 UTC - Tom Barber: trying to figure out how the cloudant binding works with OW and the internal couchdb https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584456893301300 ---- 2020-03-17 14:55:02 UTC - Tom Barber: ```wsk package bind /whisk.system/cloudant demodb2 -p username "whisk_admin" -p password "some_passw0rd" -p host "owdev-couchdb.openwhisk.svc.cluster.local:5984" -p dbname demodb``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584456902301600 ---- 2020-03-17 14:55:11 UTC - Tom Barber: anyone spot the problem with that? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584456911302000 ---- 2020-03-17 14:57:21 UTC - Tom Barber: ``` "2020-03-17T14:49:30.30939451Z stdout: name: 'Error',", "2020-03-17T14:49:30.30945602Z stdout: code: 'ETIMEDOUT',", "2020-03-17T14:49:30.30947572Z stdout: errno: 'ETIMEDOUT',", "2020-03-17T14:49:30.30949635Z stdout: syscall: 'connect',", "2020-03-17T14:49:30.30951666Z stdout: address: '10.100.163.163',", "2020-03-17T14:49:30.30953753Z stdout: port: 443,", "2020-03-17T14:49:30.30955709Z stdout: description: 'connect ETIMEDOUT 10.100.163.163:443',",``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584457041302400 ---- 2020-03-17 14:57:36 UTC - Tom Barber: thats in the logs which suggests its not respecting any type of port binding I guess https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584457056302800 ---- 2020-03-17 14:57:37 UTC - Tom Barber: :man-shrugging: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584457057303000 ---- 2020-03-17 14:58:53 UTC - Tom Barber: is it cloudant only and not transferable to couchdb internally? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584457133303500 ---- 2020-03-17 15:06:17 UTC - Dave Grove: we added a NetworkPolicy a month or so ago that is enabled by default and isolates user containers from the internal network. If you have that policy active, it would definitely get in the way of the cloudant/couch binding. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584457577305800 ---- 2020-03-17 15:07:01 UTC - Dave Grove: `invoker.containerFactory.kubernetes.isolateUserActions` is the flag that controls this https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584457621306600 ---- 2020-03-17 15:10:40 UTC - Tom Barber: I appear behind that but its not liking it. Never mind, I'm gonna spin up a fresh cluster and pull the latest openwhisk-deploy-kube because I'm currently still unable to use an external couchdb and the loadbalancer takes some tweaking, so I'll fix them which will make it easier to debug this one https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584457840307800 ---- 2020-03-17 16:05:39 UTC - Tom Barber: alright https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584461139308000 ---- 2020-03-17 16:05:44 UTC - Tom Barber: fresh helm checkout https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584461144308400 ---- 2020-03-17 16:05:51 UTC - Tom Barber: before I start digging.... https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584461151308800 ---- 2020-03-17 16:06:14 UTC - Tom Barber: anyone here happen to have patched the fact that kafkaprovider doesn't talk to the external couchdb? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584461174309400 ---- 2020-03-17 16:10:13 UTC - Tom Barber: it is curious how that works on the internal instance but not external https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584461413309800 ---- 2020-03-17 16:10:17 UTC - Tom Barber: starts digging https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584461417309900 ---- 2020-03-17 16:18:25 UTC - Rodric Rabbah: @Michele Sciabarra ^^ do you know? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584461905310300 ---- 2020-03-17 16:21:36 UTC - Tom Barber: i can replicate it on the wskadmin container in a script as well https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462096310800 ---- 2020-03-17 16:22:39 UTC - Tom Barber: but curl from the container is fine https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462159311100 ---- 2020-03-17 16:23:18 UTC - Tom Barber: it appears that <http://cloudant.cl|cloudant.client isn't passing the credentials to the request> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462198311600 ---- 2020-03-17 16:23:35 UTC - Tom Barber: ```import os from cloudant.client import CouchDB
username = os.environ['DB_USER'] password = os.environ['DB_PASS'] url = os.environ['DB_URL'] client = CouchDB(username, password, url=url, timeout=60, auto_renew=True) client.connect()``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462215311900 ---- 2020-03-17 16:23:37 UTC - Tom Barber: fails https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462217312100 ---- 2020-03-17 16:24:12 UTC - Tom Barber: ```root@owdev-wskadmin:/# curl -v -u $DB_USER:$DB_PASS http://<>:5984/_session``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462252312500 ---- 2020-03-17 16:24:13 UTC - Tom Barber: works https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462253312700 ---- 2020-03-17 16:24:54 UTC - Tom Barber: or even `curl -v -u $DB_USER:$DB_PASS $DB_URL` for absolute clarity https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462294313000 ---- 2020-03-17 16:26:13 UTC - Tom Barber: I assume that library is this one <https://github.com/cloudant/python-cloudant/blob/master/src/cloudant/client.py> ? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462373313400 ---- 2020-03-17 16:26:28 UTC - Michele Sciabarra: yup - well in theory should already work with the image actionloop/action-golang-v1.13 https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462388313600?thread_ts=1584393870.285200&cid=C3TPCAQG1 ---- 2020-03-17 16:27:27 UTC - Michele Sciabarra: adding the go.mod in the zip https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462447314000?thread_ts=1584393870.285200&cid=C3TPCAQG1 ---- 2020-03-17 16:27:34 UTC - Michele Sciabarra: I have not yet tested it though https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462454314200?thread_ts=1584393870.285200&cid=C3TPCAQG1 ---- 2020-03-17 16:28:04 UTC - Michele Sciabarra: my plan is to try and adapt all the examples under /examples to work with 1.13 https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462484314400?thread_ts=1584393870.285200&cid=C3TPCAQG1 ---- 2020-03-17 16:28:33 UTC - Michele Sciabarra: sorry one second not sure if I pushed it let me check https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462513314700?thread_ts=1584393870.285200&cid=C3TPCAQG1 ---- 2020-03-17 16:30:19 UTC - Michele Sciabarra: then adapt documentation and get rid of vendors https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462619315200?thread_ts=1584393870.285200&cid=C3TPCAQG1 ---- 2020-03-17 16:35:32 UTC - Tom Barber: ah ha https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462932315600 ---- 2020-03-17 16:35:34 UTC - Tom Barber: found it https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462934315800 ---- 2020-03-17 16:35:49 UTC - Tom Barber: <https://github.com/cloudant/python-cloudant/issues/387> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462949316000 ---- 2020-03-17 16:36:39 UTC - Tom Barber: amazing stuff https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584462999316200 ---- 2020-03-17 16:36:45 UTC - Tom Barber: I'll stick it in the doc somewhere https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584463005316500 ---- 2020-03-17 16:40:37 UTC - Tom Barber: PR shunted https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584463237316700 ---- 2020-03-17 16:42:14 UTC - Tom Barber: that leaves me with working integration into ELB's using Cert Manager to figure out https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584463334317300 ---- 2020-03-17 16:57:40 UTC - Tom Barber: let me just run this one past the brain trust https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584464260317500 ---- 2020-03-17 16:57:57 UTC - Tom Barber: ```whisk: ingress: type: LoadBalancer annotations: <http://service.beta.kubernetes.io/aws-load-balancer-internal|service.beta.kubernetes.io/aws-load-balancer-internal>: 0.0.0.0/0 <http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>: arn:aws:acm:us-east-1:<>:certificate/<>``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584464277317900 ---- 2020-03-17 16:58:09 UTC - Tom Barber: @Dave Grove does that look like it should, possibly, work? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584464289318200 ---- 2020-03-17 16:58:21 UTC - Tom Barber: <https://github.com/apache/openwhisk-deploy-kube/blob/master/docs/k8s-aws.md> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584464301318400 ---- 2020-03-17 16:58:23 UTC - Tom Barber: following that https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584464303318700 ---- 2020-03-17 16:59:37 UTC - Tom Barber: my difference being thats a resource being pulled from AWS Certificate Manager not AWS IAM https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584464377319200 ---- 2020-03-17 18:15:44 UTC - Dave Grove: I think that looks reasonable, but i don’t deploy on AWS so I might be missing something. Thanks for the PR documenting the cloudant package problem! https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584468944321100 ---- 2020-03-17 18:16:52 UTC - Tom Barber: yeah so the annotations only land in the standard loadbalancer for a start, not the service which EKS uses to deploy and ELB https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584469012321800 ---- 2020-03-17 18:17:09 UTC - Tom Barber: so I've made that change but then there are internal routing problems due to mismatched certificates so I'm still looking https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584469029322300 ---- 2020-03-17 18:18:02 UTC - Dave Grove: ingress….its always the ingress. sigh https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584469082323200 ---- 2020-03-17 18:18:10 UTC - Tom Barber: :slightly_smiling_face: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584469090323400 ---- 2020-03-17 18:54:33 UTC - Tom Barber: yup 100% stuck in ingress hell https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584471273323900 ---- 2020-03-17 18:54:41 UTC - Tom Barber: where it either works externally or internally and not both :slightly_smiling_face: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584471281324200 ---- 2020-03-17 20:23:42 UTC - Tom Barber: okay https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584476622324900 ---- 2020-03-17 20:23:49 UTC - Tom Barber: ignoring my question on SO for now https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584476629325100 ---- 2020-03-17 20:24:11 UTC - Tom Barber: is there a way in the helm chart to get the internal routes to use http instead of https @Dave Grove? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584476651325700 ---- 2020-03-17 20:31:09 UTC - Dave Grove: you might get pretty far just by setting `whisk.ingress.apiHostProto` to `http` . If by internal routes you mean things having actions invoking other actions using http https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477069327600 ---- 2020-03-17 20:32:22 UTC - Tom Barber: yeah the situation is basically that internally I'm routing to http ports via https as described at the bottom of this page: <https://kubernetes-on-aws.readthedocs.io/en/latest/user-guide/tls-termination.html> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477142329600 ---- 2020-03-17 20:32:36 UTC - Tom Barber: and so when bootstrapping i end up with https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477156330100 ---- 2020-03-17 20:32:37 UTC - Tom Barber: ```error: Package update failed: Put <https://owdev-nginx.openwhisk.svc.cluster.local:443/api/v1/namespaces/whisk.system/packages/apimgmt?overwrite=true>: http: server gave HTTP response to HTTPS client``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477157330400 ---- 2020-03-17 20:32:44 UTC - Tom Barber: in ow-install-packages https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477164330700 ---- 2020-03-17 20:33:53 UTC - Dave Grove: we’re sloppy about internal vs. external “ingress” . the whisk.ingress.{apiHostName, apiHostPort, apiHostProto} really means how does something running inside the cluster access openwhisk. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477233332000 ---- 2020-03-17 20:35:55 UTC - Dave Grove: it kind of evolved overtime and I never went back and refactored to get a clean separation of internal vs. external access because it was going to be a non-backwards compatible change https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477355334100 ---- 2020-03-17 20:37:33 UTC - Tom Barber: interesting. Thanks! Hopefully this will fix it internally for now and it means I'm not spinning up a cluster with SSL working internally then when its all working, flipping to SSL working externally like I have been for the last couple of months https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477453335700 ---- 2020-03-17 20:37:48 UTC - Tom Barber: bleh https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477468335900 ---- 2020-03-17 20:37:49 UTC - Tom Barber: or not https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477469336200 ---- 2020-03-17 20:38:48 UTC - Tom Barber: thats clearly not hard coded though so I must be able to override it somewhere https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477528336700 ---- 2020-03-17 20:39:11 UTC - Tom Barber: I couldn't figure out what script install-packages was running though https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477551337200 ---- 2020-03-17 20:39:44 UTC - Tom Barber: ooh is it ansible stuff? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477584337500 ---- 2020-03-17 20:39:46 UTC - Dave Grove: helm/openwhisk/configMapFiles/installPackages/myTask.sh https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477586337600 ---- 2020-03-17 20:40:39 UTC - Dave Grove: we mount that file via a config map, then it invokes the scripts from the various packages it is installing. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477639338400 ---- 2020-03-17 20:40:51 UTC - Tom Barber: yeah so.... https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477651338600 ---- 2020-03-17 20:40:53 UTC - Tom Barber: ```/openwhisk/ansible/roles/routemgmt/files / Installing apimgmt package error: Package update failed: Put <https://owdev-nginx.openwhisk.svc.cluster.local:443/api/v1/namespaces/whisk.system/packages/apimgmt?overwrite=true>: http: server gave HTTP response to HTTPS client``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477653338900 ---- 2020-03-17 20:41:17 UTC - Tom Barber: is something inside ./installRouteMgmt.sh or similar https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477677339300 ---- 2020-03-17 20:41:19 UTC - Tom Barber: I guess https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477679339500 ---- 2020-03-17 20:42:12 UTC - Tom Barber: because i flipped apiHostProto and its still trying to hit a https endpoint https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477732340000 ---- 2020-03-17 20:44:16 UTC - Dave Grove: i think `wsk` may really want to talk https https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477856340900 ---- 2020-03-17 20:44:19 UTC - Tom Barber: oh interesting so the wsk cli prepends the https:// ? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477859341000 ---- 2020-03-17 20:44:24 UTC - Tom Barber: yeah I see that https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477864341200 ---- 2020-03-17 20:44:34 UTC - Tom Barber: I really don't want it to :slightly_smiling_face: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477874341500 ---- 2020-03-17 20:45:29 UTC - Tom Barber: maybe I can force the port to 80 as well and then it'll stop trying to be so smart https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477929342500 ---- 2020-03-17 20:45:42 UTC - Dave Grove: I think if you manage to get your apihost to be <http://owdev-nginx.openwhisk.svc.cluster.local:80> that might do it. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477942342800 ---- 2020-03-17 20:46:10 UTC - Tom Barber: oh so I might be able to set apiHostName https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584477970343400 ---- 2020-03-17 20:49:01 UTC - Dave Grove: sorry for the mess. I never really completed untangled internal/external ingress because I use IBM’s kubernetes service for my testing and it sets up the SSL for the cluster “correctly” so this just works. doesn’t help with aws :disappointed: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478141345100 ---- 2020-03-17 20:50:13 UTC - Tom Barber: haha, no problem, I'm just working through the bits and pieces and after a few weeks of jumping through hoops I figured I should probably sort them out rather than just ignoring them. At least it means I can correct the docs and update a few bits and give back that way after all the help you folks have offered me. thankyou : Dave Grove https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478213346300 ---- 2020-03-17 20:52:12 UTC - Tom Barber: ```whisk: ingress: apiHostProto: "http" apiHostName: "<http://owdev-nginx.openwhisk.svc.cluster.local:80>"``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478332346700 ---- 2020-03-17 20:52:14 UTC - Tom Barber: thats right, right? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478334347000 ---- 2020-03-17 20:52:18 UTC - Tom Barber: at least it looks it https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478338347200 ---- 2020-03-17 20:52:40 UTC - Tom Barber: ```kubectl -n openwhisk get configmap owdev-whisk.config -o json { "apiVersion": "v1", "data": { "whisk_api_host_name": "owdev-nginx.openwhisk.svc.cluster.local", "whisk_api_host_nameAndPort": "owdev-nginx.openwhisk.svc.cluster.local:443", "whisk_api_host_port": "443", "whisk_api_host_proto": "https", "whisk_api_host_url": "<https://owdev-nginx.openwhisk.svc.cluster.local:443>", "whisk_cli_version_tag": "1.0.0", "whisk_info_buildNo": "20200306a", "whisk_info_date": "2020-03-06-11:55:05Z", "whisk_system_namespace": "/whisk.system" },``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478360347500 ---- 2020-03-17 20:52:43 UTC - Tom Barber: cause that doesn't look the same https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478363347800 ---- 2020-03-17 20:52:53 UTC - Tom Barber: goes digging into configmaps https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478373347900 ---- 2020-03-17 20:53:53 UTC - Tom Barber: oh https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478433348100 ---- 2020-03-17 20:54:16 UTC - Tom Barber: cause its set to Loadbalancer it tries to be smart https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478456348600 ---- 2020-03-17 20:55:42 UTC - Tom Barber: @Dave Grove I'm tempted to create a new ingress type called "AWSLoadBalancer" https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478542349000 ---- 2020-03-17 20:55:44 UTC - Tom Barber: or something https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478544349300 ---- 2020-03-17 20:55:54 UTC - Tom Barber: would that be acceptable in a PR? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478554349700 ---- 2020-03-17 20:56:10 UTC - Tom Barber: because it'd be nice for this stuff to work out of the box without stomping on your stuff https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478570350200 ---- 2020-03-17 20:56:44 UTC - Tom Barber: or actually, maybe just another flag, to set the type to AWS or something https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478604350800 ---- 2020-03-17 20:56:54 UTC - Tom Barber: and set some of this stuff differently https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478614351100 ---- 2020-03-17 20:57:14 UTC - Tom Barber: ```whisk_api_host_proto: "https" whisk_api_host_port: {{ .Values.nginx.httpsPort | quote }} whisk_api_host_name: "{{ .Release.Name }}-nginx.{{ .Release.Namespace }}.svc.{{ .Values.k8s.domain }}" whisk_api_host_nameAndPort: "{{ .Release.Name }}-nginx.{{ .Release.Namespace }}.svc.{{ .Values.k8s.domain }}:{{ .Values.nginx.httpsPort }}" whisk_api_host_url: "https://{{ .Release.Name }}-nginx.{{ .Release.Namespace }}.svc.{{ .Values.k8s.domain }}:{{ .Values.nginx.httpsPort }}"``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478634351400 ---- 2020-03-17 20:57:22 UTC - Tom Barber: cause that wont' work for this stuff, for example https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478642351800 ---- 2020-03-17 20:59:35 UTC - Dave Grove: sure. its desirable for AWS to work out of the box. If having a new ingress type is the way to do that, that would be fine. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478775353300 ---- 2020-03-17 20:59:35 UTC - Tom Barber: ``` ingress: aws: "false"``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478775353500 ---- 2020-03-17 21:01:32 UTC - Dave Grove: it would also be ok to try to disentangle internal/external ingress into a completely separate config sections, but that might be messy and touch more than you want https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584478892355300 ---- 2020-03-17 21:50:13 UTC - Tom Barber: pushed the PR @Dave Grove clearly test it on your IBM setup before merging anything, I don't think its destructive but I did change that myTask script a little, I can make it more fancy if required. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584481813356000 ---- 2020-03-17 21:52:58 UTC - Tom Barber: I think I've probably got another one coming for imagePullSecrets in a bit, we'll see https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1584481978356400 ----