2019-03-10 00:37:04 UTC - Upkar Lidder: Hello. Is there an example of a complex composition ? Any specific ideas I can build on ? I want to demo at a meetup. Thank you ! https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552178224157700 ---- 2019-03-10 00:45:03 UTC - Rodric Rabbah: hey @Upkar Lidder have you see the Travis to slack bot? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552178703158300 ---- 2019-03-10 00:46:08 UTC - Rodric Rabbah: <https://link.medium.com/84Dh30VIVU>
https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552178768158500 ---- 2019-03-10 00:46:47 UTC - Upkar Lidder: I had not. Thank you :pray::skin-tone-4: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552178807158900 ---- 2019-03-10 01:05:26 UTC - Rodric Rabbah: It’s gotten a bit more complex since that article. The source is on GitHub. thankyou : Upkar Lidder https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552179926159400 ---- 2019-03-10 02:31:21 UTC - Sam Hjelmfelt: Does anyone have container-creation scale and performance numbers (e.g. throughput and latency) for OpenWhisk on Mesos or Kubernetes? I am getting seemingly good results from my latest work with YARN and it would be helpful to have some kind of baseline for FaaS workloads. Looks like docker is adding ~2 seconds in my environment. +1 : Dominic Kim https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552185081162100 ---- 2019-03-10 02:33:08 UTC - Dominic Kim: AFAIK, docker is the one of main bottlenecks in OW. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552185188163100 ---- 2019-03-10 13:31:33 UTC - Andrew Pinkham: Good morning - I'm trying to run OpenWhisk locally for testing purposes, and I am looking for a way to set my own localhost certificate in Nginx, so that I may avoid certificate problems during the test runs. I'm running OpenWhisk on macOS 10.14 using the Kubernetes setup via Docker for Desktop. Is there any documentation about how to add a custom certificate to Nginx (I note that I am brand new to Kubernetes)? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552224693172700 ---- 2019-03-10 13:33:57 UTC - Andrew Pinkham: To clarify, I have web functions in OpenWhisk, and I am looking to issue HTTP requests to test code functionality, and would like to change the certificate presented to browsers/clients during the HTTP request/response cycle. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552224837174800 ---- 2019-03-10 13:35:24 UTC - Andrew Pinkham: I note that I have attempted to set the cert using the `wsk` command (`$ wsk property set --cert localhost.crt --key localhost.key`) but upon a re-read of the docs that appears to be for a different purpose (and behavior has not changed, even after restarting Kubernetes) https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552224924175700 ---- 2019-03-10 14:26:49 UTC - Carlos Santana: That’s not the very your looking for https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228009176100 ---- 2019-03-10 14:27:17 UTC - Carlos Santana: You could install the certificate on your laptop but that’s a pain. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228037176800 ---- 2019-03-10 14:27:45 UTC - Carlos Santana: I would go and update the nginx/ingress to allow http and not use https if that would work for you https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228065177700 ---- 2019-03-10 14:34:06 UTC - Andrew Pinkham: Thanks for the info. In terms of getting a cert on my laptop, it's easy on the host side. ``` $ openssl req -x509 -out localhost.crt -keyout localhost.key \ > -newkey rsa:2048 -nodes -sha256 \ > -subj '/CN=localhost' -extensions EXT -config <( \ > printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") Generating a RSA private key .................................+++++ .................................................................+++++ writing new private key to 'localhost.key' ``` Is the difficulty you mention specific to the Kubernetes setup? I think having the ability to easily set a cert would be a useful and desirable feature. I'd prefer to keep HTTPS, as it helps with parity between dev/prod. That said, if switching to HTTP is easiest, I'm game. How would I go about doing that? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228446180500 ---- 2019-03-10 14:34:22 UTC - Carlos Santana: looking at some of the yamls for nginx and ingress http can bet setup, not sure if there needs to be a change in values.yaml Do you know @Dave Grove? <https://github.com/apache/incubator-openwhisk-deploy-kube/blob/master/helm/openwhisk/values.yaml#L38> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228462181000 ---- 2019-03-10 14:35:17 UTC - Carlos Santana: @Andrew Pinkham your using minikube instructions ? <https://github.com/apache/incubator-openwhisk-deploy-kube/blob/master/docs/k8s-minikube.md#configuring-openwhisk> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228517181400 ---- 2019-03-10 14:35:55 UTC - Andrew Pinkham: No - Docker for Desktop. <https://github.com/apache/incubator-openwhisk-deploy-kube/blob/master/docs/k8s-docker-for-mac.md> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228555181800 ---- 2019-03-10 14:37:31 UTC - Carlos Santana: I thin setting apiHostProto to `http` <https://github.com/apache/incubator-openwhisk-deploy-kube/blob/master/helm/openwhisk/values-metadata.yaml#L26> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228651182100 ---- 2019-03-10 14:38:15 UTC - Andrew Pinkham: Thank you. I am very new to Kubernetes and Helm - once I change the values in this, do I need to tell Helm about it? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228695182800 ---- 2019-03-10 14:39:14 UTC - Carlos Santana: yes redeploy I guess <https://github.com/apache/incubator-openwhisk-deploy-kube/blob/master/docs/k8s-docker-for-mac.md#configuring-openwhisk> ``` whisk: ingress: type: NodePort apiHostName: 192.168.65.3 apiHostPort: 31001 apiHostProto: http ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228754183400 ---- 2019-03-10 14:40:00 UTC - Andrew Pinkham: Aha! Thanks - I was editing the `values-metadata.yaml` file directly. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228800184000 ---- 2019-03-10 14:42:37 UTC - Carlos Santana: the instructions say to create your own mycluster.yaml with a the small snippet https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228957184700 ---- 2019-03-10 14:42:55 UTC - Carlos Santana: <https://github.com/apache/incubator-openwhisk-deploy-kube/blob/master/docs/k8s-docker-for-mac.md#configuring-openwhisk> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228975185200 ---- 2019-03-10 14:43:08 UTC - Carlos Santana: a mycluster.yaml for a standard deployment of OpenWhisk would be: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228988185600 ---- 2019-03-10 14:43:08 UTC - Andrew Pinkham: Yup. I wasn't sure where to change/add the `apiHostProto` setting, and was in the other file. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552228988185700 ---- 2019-03-10 14:43:38 UTC - Andrew Pinkham: ``` $ cat mycluster.yaml whisk: ingress: type: NodePort apiHostName: 192.168.65.3 apiHostPort: 31001 apiHostProto: http nginx: httpsNodePort: 31001 ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229018185900 ---- 2019-03-10 14:43:49 UTC - Carlos Santana: yeah give it a try https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229029186100 ---- 2019-03-10 14:43:59 UTC - Andrew Pinkham: ``` $ helm install ./helm/openwhisk --namespace=openwhisk --name=owdev -f mycluster.yaml Error: a release named owdev already exists. Run: helm ls --all owdev; to check the status of the release Or run: helm del --purge owdev; to delete it ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229039186500 ---- 2019-03-10 14:44:07 UTC - Carlos Santana: I was not able to find a httpNodePort https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229047186700 ---- 2019-03-10 14:44:18 UTC - Carlos Santana: yeah you need to remove/delete first +1 : Andrew Pinkham https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229058187200 ---- 2019-03-10 14:44:36 UTC - Carlos Santana: <https://github.com/apache/incubator-openwhisk-deploy-kube/blob/master/helm/openwhisk/README.md#uninstalling-the-chart> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229076187500 ---- 2019-03-10 14:45:07 UTC - Andrew Pinkham: ``` $ helm del --purge owdev && !! helm del --purge owdev && helm install ./helm/openwhisk --namespace=openwhisk --name=owdev -f mycluster.yaml release "owdev" deleted Error: release owdev failed: object is being deleted: persistentvolumeclaims "owdev-couchdb-pvc" already exists ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229107187800 ---- 2019-03-10 14:46:02 UTC - Andrew Pinkham: Doing it a second time worked. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229162188200 ---- 2019-03-10 14:46:04 UTC - Andrew Pinkham: ¯\_(ツ)_/¯ https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229164188400 ---- 2019-03-10 14:46:26 UTC - Carlos Santana: for the CLI you need to tell it you want `http` if not will use `https` by default https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229186189000 ---- 2019-03-10 14:46:54 UTC - Andrew Pinkham: Are you referring to the `-i` flag used with `wsk`? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229214189500 ---- 2019-03-10 14:47:01 UTC - Carlos Santana: `wsk property set --apihost <http://localhost:<whisk.ingress.apiHostPort>>` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229221189700 ---- 2019-03-10 14:47:13 UTC - Carlos Santana: then no more `-i` or `--ignore` for ssl certs https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229233189900 ---- 2019-03-10 14:47:20 UTC - Andrew Pinkham: ``` $ wsk property get --apihost whisk API host localhost:31001 ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229240190100 ---- 2019-03-10 14:47:46 UTC - Carlos Santana: should have `http://` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229266190500 ---- 2019-03-10 14:48:12 UTC - Carlos Santana: run `wsk property set --apihost <http://localhost:31001>` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229292190800 ---- 2019-03-10 14:49:03 UTC - Andrew Pinkham: Hrm. Going to `<http://localhost:31001/>` in Firefox shows: ``` 400 Bad Request The plain HTTP request was sent to HTTPS port nginx/1.13.12 ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229343191300 ---- 2019-03-10 14:49:35 UTC - Carlos Santana: hmm you already deploy with `apiHostProto: http` that fast? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229375191700 ---- 2019-03-10 14:49:54 UTC - Andrew Pinkham: I believe so? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229394191900 ---- 2019-03-10 14:50:01 UTC - Carlos Santana: :shrug: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229401192200 ---- 2019-03-10 14:50:07 UTC - Andrew Pinkham: ``` $ wsk property get --apihost whisk API host <http://localhost:31001> ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229407192500 ---- 2019-03-10 14:50:24 UTC - Carlos Santana: but you deploy agin with helm? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229424193200 ---- 2019-03-10 14:50:28 UTC - Andrew Pinkham: Yup. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229428193400 ---- 2019-03-10 14:50:44 UTC - Carlos Santana: hmm maybe try change nginx https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229444194200 ---- 2019-03-10 14:50:54 UTC - Carlos Santana: ``` nginx: httpsNodePort: 80 ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229454194600 ---- 2019-03-10 14:50:54 UTC - Andrew Pinkham: That was the command before where I deleted the Helm deploy and then reinstalled again. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229454194700 ---- 2019-03-10 14:51:08 UTC - Carlos Santana: don't think is need it https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229468195000 ---- 2019-03-10 14:51:09 UTC - Andrew Pinkham: ``` helm del --purge owdev helm install ./helm/openwhisk --namespace=openwhisk --name=owdev -f mycluster.yaml ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229469195300 ---- 2019-03-10 14:51:44 UTC - Carlos Santana: I have not tried it, The only thing I would suggest is to open an issue to see if @Dave Grove can take a look https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229504196000 ---- 2019-03-10 14:51:53 UTC - Andrew Pinkham: Like below? ``` $ cat mycluster.yaml whisk: ingress: type: NodePort apiHostName: 192.168.65.3 apiHostPort: 31001 apiHostProto: http nginx: httpsNodePort: 80 ``` https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229513196500 ---- 2019-03-10 14:52:02 UTC - Carlos Santana: For me I always have my clients ignore ssl, and that's it https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229522196900 ---- 2019-03-10 14:52:14 UTC - Carlos Santana: or install the self-sign cert in my mac https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229534197400 ---- 2019-03-10 14:52:20 UTC - Carlos Santana: no problem for me https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229540197700 ---- 2019-03-10 14:52:36 UTC - Andrew Pinkham: Where could I find the cert so that I can add it to my Mac? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229556198100 ---- 2019-03-10 14:52:51 UTC - Andrew Pinkham: Will that help with function composition? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229571198500 ---- 2019-03-10 14:53:28 UTC - Carlos Santana: I think for composer you need to use latest version that @Olivier Tardieu put in a fix to ignore ssls https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229608199800 ---- 2019-03-10 14:53:54 UTC - Carlos Santana: if that what you referring for once the composition starts https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229634200600 ---- 2019-03-10 14:53:57 UTC - Andrew Pinkham: I've seen PRs about being able to control the Nginx cert, and I'd prefer to go the route of being able to set my own cert across the system. I'm simply not sure how to go about it. Would you recommend opening a ticket on this issue, or is Slack better for this? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229637200800 ---- 2019-03-10 14:54:11 UTC - Carlos Santana: open an issue +1 : Andrew Pinkham https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229651201000 ---- 2019-03-10 14:54:17 UTC - Carlos Santana: yes you can install your own certs https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229657201400 ---- 2019-03-10 14:54:30 UTC - Carlos Santana: just need to know a bit of kubernetes, docker, and nginx https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229670202000 ---- 2019-03-10 14:54:46 UTC - Carlos Santana: and setup your local dns https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229686202500 ---- 2019-03-10 14:55:17 UTC - Carlos Santana: assuming you already know how to create certs lik openssl CLI https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229717203100 ---- 2019-03-10 14:55:25 UTC - Carlos Santana: easy peasy :slightly_smiling_face: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229725203400 ---- 2019-03-10 14:55:59 UTC - Andrew Pinkham: Yup. I have the certs, and I am familiar with Docker and Nginx, but Kubernetes is brand new. If you could walk me through that portion, I'd be really appreciative. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229759204400 ---- 2019-03-10 14:56:02 UTC - Carlos Santana: open an issue on you what actually want to do and @Dave Grove can give you some pointers https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229762204600 ---- 2019-03-10 14:56:29 UTC - Andrew Pinkham: Got it. Thank you very much for your help! https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552229789204900 ---- 2019-03-10 16:23:46 UTC - Rodric Rabbah: @Carlos Santana can you take a look at this Pr <https://github.com/apache/incubator-openwhisk/pull/4329> I found some quirks when trying to provide your own ssl https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552235026205900?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:23:55 UTC - Rodric Rabbah: (Using ansible deployment) https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552235035206200 ---- 2019-03-10 16:43:47 UTC - Carlos Santana: What are the problems currently with the PR? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236227206700?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:44:44 UTC - Rodric Rabbah: It doesn’t work ;) https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236284207000?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:45:03 UTC - Carlos Santana: Oh nice then I would not touch it LOL https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236303207500?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:45:38 UTC - Carlos Santana: I can take a look into kube with @Dave Grove if that’s of value :smile: https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236338208500?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:46:27 UTC - Carlos Santana: And that what we do in prod including services to service connection using client and server certs (ie controller ->kafka) https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236387210600?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:46:40 UTC - Rodric Rabbah: the ssl certs has to be in a specific directory and you can’t override them. So you have to copy in a brute force way and replace the ones there. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236400211200?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:47:09 UTC - Carlos Santana: Yep I know https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236429211600?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:47:25 UTC - Carlos Santana: Everything should be parametized https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236445212200?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:48:06 UTC - Carlos Santana: But I would like to see using http in dev local easy to use and setup https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552236486213200?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 16:57:52 UTC - Rodric Rabbah: Why? We’ve made a deliberate choice many years ago to avoid http. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552237072214000?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 17:19:34 UTC - Andrew Pinkham: FWIW: I too would prefer to be able to set custom certificates rather than use HTTP, as being able to mimic HTTPS in local dev is better for dev/prod parity, and helps catch errors earlier in development. +1 : Rodric Rabbah https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552238374215600?thread_ts=1552235026.205900&cid=C3TPCAQG1 ---- 2019-03-10 17:19:55 UTC - Andrew Pinkham: Have just opened an issue related to my questions about certs earlier this morning: <https://github.com/apache/incubator-openwhisk/issues/4330> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552238395216100 ---- 2019-03-10 18:16:31 UTC - Dave Grove: Thanks @Andrew Pinkham. Looks like I missed quite a bit this morning. Summarizing, the ability to deploy with your own ssl certificates via the kube-deploy Helm chart isn’t supported very well right now, but is something we should make easier. I’ll synch up with @Rodric Rabbah this week to understand what is going on with <https://github.com/apache/incubator-openwhisk/pull/4329> and take a look at integrating support into the helm deploy. It’s been on the backlog for a while https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552241791219700 ---- 2019-03-10 19:11:44 UTC - Andrew Pinkham: Thanks @Dave Grove! Let me know if there's any way I can help on this front. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1552245104220300 ----
