Closed deinspanjer closed 4 years ago
When I try to run faas deploy, I get an error with the list-flow-functions stating that the secret "basic-auth-user" is not found.
"basic-auth-user" is usually setup when you created the OpenFaaS environment, does your OpenFaaS gateway has authentication. ?
If not please set the basic_auth: false
in the conf.yml
.
and comment the below line in stack.yml
secrets:
- basic-auth-user
- basic-auth-password
I also found that the pods for dot-generator and faas-flow-dashboard are not deployed due to an ImagePull error, and metrics seems to be flapping
I'll push the latest images for dot-generator
and faas-flow-dashboard
. Not sure what you mean by flapping
I have pushed the latest images, please give it another try
By flapping, I mean k8s is spinning up a new pod, then a minute or so later, it errors out and terminates.
I believe I have a couple of problems.
Maybe there is something special about the kubernetes environment in Docker for Mac that doesn't allow it to see locally built docker images?
I found this stackoverflow question https://stackoverflow.com/questions/50739405/docker-for-mac-kubernetes-reference-local-image which lead me to https://docs.openfaas.com/deployment/kubernetes/#set-a-custom-imagepullpolicy Setting the image pull policy to IfNotPresent fixed my problem.
Argh. So the image pull policy fixed my problem with some pods not being started, but the error about basic-auth-user not being found is still happening for the list-flow-functions.
I see a secret named basic-auth
in the namespace openfaas
which has data with both keys, basic-auth-password
and basic-auth-user
. Maybe there is some additional namespace issue going on here?
I had to change the provider name in the stack.yml from "faas" to "openfaas" because that apparently has changed.
Could it be that list-flow-functions
which is getting installed in the namespace openfaas-fn
can't access the secret in the openfaas
namespace?
Secret are shared across only to the pod
within the namespace. I guess you are right, in that case you need to create it in openfaas
namespace
Alternatively can you try with
labels:
openfaas-cloud: "1"
role: openfaas-system
com.openfaas.scale.zero: false
This is how its done in Openfaas Cloud list function: https://github.com/openfaas/openfaas-cloud/blob/master/stack.yml#L171
I guess here
role: openfaas-system
does the trick
Well, using the environment and stack as it was, I tried adding the secret to the openfaas-fn namespace, and a deploy still gave the same error. I tried adding the role to the labels as suggested and did a build and deploy, but still no change.
Next I'll try tearing down the whole environment and reinstalling again. This time, I'll use the same namespace for both the openfaas system and the functions, contrary to what the getting started guide says.
I tried adding the secret to the openfaas-fn namespace, and a deploy still gave the same error
Is the error in pod log or at openFaaS deployment ? Can you share the error log
Next I'll try tearing down the whole environment and reinstalling again. This time, I'll use the same namespace for both the openfaas system and the functions, contrary to what the getting started guide says.
It should not be this complex. The namespace is separated for a reason, so I'll try to avoid this approach
Is the error in pod log or at openFaaS deployment ? Can you share the error log
Deploying: list-flow-functions. WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Unexpected status: 400, message: unable to fetch secrets: secrets "basic-auth-user" not found
Deploying: dot-generator. WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
Deployed. 202 Accepted. URL: http://127.0.0.1:8080/function/dot-generator
Function 'list-flow-functions' failed to deploy with status code: 400
Well, with my clean build where functions are also deployed into the openfaas
namespace, I was able to get that function to install by editing the stack.yml and changing the secrets from
- basic-auth-user
- basic-auth-password
to just
- basic-auth
This seems to be because the secret that is created by the helm chart for openfaas / faas-netes creates the secret with the name basic-auth
that has two data entries rather than two separate secrets.
I'm not sure if that same solution will work using the role change, but I'll try that out in a bit.
@deinspanjer Thank you for investigating on this. I'm wondering why openfaas-cloud hasn't changed it, or is it something on the pipeline. @alexellis might be helpful. Let me know what you find out with the role change
It looks like somewhere you've confused the secret name between Swarm and k8s. The original config appears to be hard coded to use the Swarm names and then your user has updated his file to use the correct name for Kubernetes.
I don't know if you use Kubernetes to test your project, but if you don't then this might explain it.
Thanks Alex. You're right, there has been a shortage of testing in Kubernets. I'm relatively a latecomer to Kubernets and trying to overcome it. Luckily openfaas community is very resourceful 🙂
The original config appears to be hard coded to use the Swarm names and then your user has updated his file to use the correct name for Kubernetes.
Can you please direct me to the document for this please
Sure, here you are - the deployment artifacts.
https://github.com/openfaas/faas/blob/master/docker-compose.yml#L228
https://github.com/openfaas/faas-netes/blob/master/chart/openfaas/templates/gateway-dep.yaml#L34
Whilst you only use Swarm, we mostly only use Kubernetes.
You'll need to figure out how to provide two configurations for your users, perhaps one or the other would be the best default?
The easiest way to install OpenFaaS is with k3sup
btw - https://docs.openfaas.com/deployment/kubernetes/#a-deploy-with-k3sup-fastest-option
Alex
I recently setup a helm chart for deploying default resources for Faas-flow Infra components : https://github.com/s8sg/faas-flow-infra
I'm changing the defaults to K8s as well 😉 Wish me luck
I don't see the k8's configuration for the OpenFaaS Cloud
though in these docs
OpenFaaS Cloud is no different, it's just a normal installation, why are we talking about OpenFaaS Cloud though? I thought faas-flow was for OF?
You can set it up all manually, but we've spent a lot of time in the community developing automation, take a look: https://github.com/openfaas-incubator/ofc-bootstrap, it'll probably save you a lot of time. And for without TLS/auth: https://blog.alexellis.io/openfaas-cloud-for-development/
The reason is list-flow-function
is same as OpenFaaS Cloud's list-function
, this is how the stack.yml
looks for the OpenFaaS cloud
https://github.com/openfaas/openfaas-cloud/blob/master/stack.yml#L171
I was referencing that for Faas-Flow:list-flow-function
as this how it looks for Faas-flow-tower
https://github.com/s8sg/faas-flow-tower/blob/master/stack.yml#L17
For OpenFaaS cloud, Does someone needs to modify this default stack.yml
when deploying in Kubernets ? If so my question is which documents mention that ?
The reason I'm asking because I don't wanna diverge form a convention/practice the community is already using and copy paste the same approach here
It looks like somewhere you've confused the secret name between Swarm and k8s. The original config appears to be hard coded to use the Swarm names and then your user has updated his file to use the correct name for Kubernetes.
The stack file in ofc-bootstrap
also uses the same secrets name
https://github.com/openfaas-incubator/ofc-bootstrap/blob/master/templates/stack.yml#L181
list-functions:
lang: go
handler: ./list-functions
image: functions/list-functions:0.4.8
labels:
openfaas-cloud: "1"
role: openfaas-system
com.openfaas.scale.zero: false
environment:
write_debug: true
read_debug: true
environment_file:
- gateway_config.yml
secrets:
- basic-auth-user
- basic-auth-password
am I missing something ?
Sorry, I don't have time to debug this for you, I'm sure you'll figure it out, but note that the secrets you are looking at here, are not the basic auth secrets for OpenFaaS, they are additional secrets for the functions.
but note that the secrets you are looking at here, are not the basic auth secrets for OpenFaaS, they are additional secrets for the functions.
The list-function
use this secret to authenticate at the gateway
. So if I understand correctly, user supposed to create the secret by themselves, which would make total sense.
@deinspanjer
The problem here is that we were expecting the secrets to be there by default. That works for swarm because it doesn't have namespaces, but not for Kubernets. So for k8's we need to create the secrets seperately on openfaas-fn.
The steps would be
export OPENFAAS_USER=<>
export OPENFAAS_PASS=<>
kubectl create secret generic -n openfaas-fn \
basic-auth-user --from-literal basic-auth-user="$OPENFAAS_USER"
kubectl create secret generic -n openfaas-fn \
basic-auth-password --from-literal basic-auth-password="$OPENFAAS_PASS"
I'll update the README.md
later stage I'll add a configuration file and a script which automates the process
Thanks for finding the issue and reporting it.
@pasdam instead of changing the secret name to basic-auth
in list-flow-functpion
we can alternatively create two separate secrets. Anyhow we need to create the secret in the openfaas-fn
namespace, this way the same secrets can be used for swarm
I'm trying to get faas-flow-tower up and running locally, using Mac OSX with the Docker for Mac kubernetes stack.
Docker 19.03.5 k8s 1.14.8 faas cli 0.11.0 faas gateway 0.18.7 faas provider faas-netes 0.9.15
When I try to run
faas deploy
, I get an error with the list-flow-functions stating that the secret "basic-auth-user" is not found. I also found that the pods for dot-generator and faas-flow-dashboard are not deployed due to an ImagePull error, and metrics seems to be flapping.