search

apache / openwhisk-deploy-kube

The Apache OpenWhisk Kubernetes Deployment repository supports deploying the Apache OpenWhisk system on Kubernetes and OpenShift clusters.
https://openwhisk.apache.org/
Apache License 2.0
296 stars 228 forks source link

EKS deployment does not accept https requests, only http #745

Open ferancona opened 1 year ago

ferancona commented 1 year ago

Steps to reproduce the issue

  1. Create EKS cluster: eksctl create cluster --name test-cluster-1 --region eu-central-1 --node-type t2.large --nodes 1
  2. Label nodes: kubectl label nodes --all openwhisk-role=invoker
  3. Install Helm chart: helm install owdev openwhisk-deploy-kube/helm/openwhisk -n openwhisk --create-namespace -f mycluster.yaml
  4. Setup WSK CLI as the docs say, using the load balancer's DNS: wsk -i property set --apihost https://<load-balancer-DNS>:443
  5. Run WSK command: wsk list -v

Observations

mycluster.yaml

k8s:
  persistence:
    enabled: false

whisk:
  ingress:
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:iam::XXXXXXXXXXXX:server-certificate/ow-self-signed

whisk:
  ingress:
    awsSSL: "true"
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https-api
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-central-1:XXXXXXXXXXXX:certificate/YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY # AWS Certificate Manager (ow-self-signed).

Reason of interest

I want to use the OpenWhisk deployment as an endpoint for AWS EventBridge, but currently it is only possible to add API Destinations that use https endpoints.