2021-01-29 10:09:54 UTC - Aman Vijay: hey all!! which authentication mechanisms do we have in openwhisk? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611914994047600?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:35:40 UTC - Dominic Kim: Basic auth is supported. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611916540047900?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:37:03 UTC - Aman Vijay: what about integrating it with oauth? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611916623048100?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:45:36 UTC - Dominic Kim: I suppose you can integrate with it but one thing to note is authentication takes so much time comparing to a few milliseconds of function execution. Considering the minimum 2ms of execution, even 100ms of authentication time is quite big overhead. So the proper cache support is essential. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611917136052200?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:48:01 UTC - Dominic Kim: I once tried to authenticate functions via openstack keystone, but dropped it as I could not decrease the authentication time to less than 100ms, and I did not have ownership for the authentication authority so that it was not easy to make it consistent with my cache. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611917281055700?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:50:46 UTC - Aman Vijay: yeah!! sounds senseless to integrate it with other platforms https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611917446055900?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:51:25 UTC - Aman Vijay: so the only feasible way to secure our actions in an on premise system is to use basic auth https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611917485056300?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:53:43 UTC - Dominic Kim: FYI, we are providing a kind of two steps of authentication. First users need to login with their credentials to acquire the basic auth secret and access OW with the given secret. That secret is managed by OW so we can keep it consistent while taking advantage of cache. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611917623059700?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:54:11 UTC - Dominic Kim: I believe IBM is also taking a similar approach. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611917651060400?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:55:15 UTC - Aman Vijay: okay https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611917715060600?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 10:55:27 UTC - Aman Vijay: sounds interesting https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611917727060800?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 13:49:41 UTC - Rodric Rabbah: Hi Aman can you share more about what you might have in mind? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611928181061000?thread_ts=1611914994.047600&cid=C3TPCAQG1 ---- 2021-01-29 13:52:53 UTC - Rodric Rabbah: @Dave Grove do we still support mini kube? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611928373061200?thread_ts=1611905246.046700&cid=C3TPCAQG1 ---- 2021-01-29 14:40:40 UTC - Dave Grove: Haven’t tried minikube in a long time. If you are on MacOS or Windows, just use the Kubernetes cluster that’s part of DockerDesktop. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611931240061400?thread_ts=1611905246.046700&cid=C3TPCAQG1 ---- 2021-01-29 14:47:56 UTC - Dave Grove: posted that on stackoverflow as the answer https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611931676061600?thread_ts=1611905246.046700&cid=C3TPCAQG1 ---- 2021-01-29 14:48:41 UTC - Rodric Rabbah: :thumbsup: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611931721061800?thread_ts=1611905246.046700&cid=C3TPCAQG1 ---- 2021-01-29 14:48:50 UTC - Rodric Rabbah: thanks will upvote https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611931730062000?thread_ts=1611905246.046700&cid=C3TPCAQG1 ---- 2021-01-29 19:54:37 UTC - Joshua Dunham: Hey Everyone : has anyone been successful in utilizing an external Kafka cluster using the OW helm chart? I'm getting error that I'm missing variables like imagename and imagetag etc. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611950077063400?thread_ts=1611950077.063400&cid=C3TPCAQG1 ---- 2021-01-29 20:04:11 UTC - Dave Grove: I haven’t tried it since before we added the json-schema checking for values.yaml. It’s possible there is a bad interaction. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611950651063500?thread_ts=1611950077.063400&cid=C3TPCAQG1 ---- 2021-01-29 20:06:15 UTC - Dave Grove: you could try chopping the kafka/zookeeper bits out of helm/openwhisk/values.schema.json and see if that gets rid of the errors. Maybe those parts of the schema need to be conditionalized on kafka.external https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1611950775063700?thread_ts=1611950077.063400&cid=C3TPCAQG1 ----
