[support] after running ofc-bootstrap with GitHub config, unable to see functions.

[ssgutierrez42]

After running ofc-bootstrap with GitHub config, unable to see functions.

Expected Behaviour

Should see functions added via GitHub on dashboard list.

Current Behaviour

Infinite load + 500 internal server error response, with message "Proxy request failed" on console.

Context

• I have followed https://docs.openfaas.com/openfaas-cloud/self-hosted/troubleshoot/

• HTTPS and domains are live and working well.

• I have checked my app_id and private-key, and the GitHub App is installed on my repository. GitHub OAuth app seems to work in the sense that I am able to login to my self-hosted page https://system.**domain**/dashboard/ssgutierrez42. (enable_oauth is set to TRUE).

• I have checked by GitHub app permissions.

• I also successfully created a GitHub OpenFaas function repository and pushed to ECR. I can see my function on https://gateway.**domain**/ui/ and I can run it successfully without a problem.

  

• Access control CUSTOMERS file is read fine via GitHub app > Advanced logs.

• I have cross-checked app_id / private-key / github-webhook-secret.

• After running kubectl logs -n openfaas-fn deploy/list-functions to view logs for list-functions image, I get the following error: unauthorized access, run "faas-cli login" to setup authentication for this server

• I also get the exact same error when running list-functions from the gateway:

  

I am creating this issue in the event that there is a bug on the GitHub auth config.

Your Environment

• Operating System and version (e.g. Linux, Windows, MacOS): macOS

• faas-cli version ( full output ):

  
  ___                   _____           ____
  / _ \ _ __   ___ _ __ |  ___|_ _  __ _/ ___|
  | | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \
  | |_| | |_) |  __/ | | |  _| (_| | (_| |___) |
  \___/| .__/ \___|_| |_|_|  \__,_|\__,_|____/
    |_|

CLI: commit: e53b9c46b4ea7391aef71cd165b0c871fecb3543 version: 0.12.20 Handling connection for 31112

Gateway uri: http://127.0.0.1:31112 version: 0.20.2 sha: 9bbb25e3c7c4cc5cd355edb3a122f8c7812e32db commit: Fix a bug that caused the services list to keep growing

Provider name: faas-netes orchestration: kubernetes version: 0.12.9 sha: c402b912ce21f0bf01bc3aa45ebc330decc41ac5

* `ofc-bootstrap version` ( full output ):

ofc-bootstrap version

---

/ _ | / | | | | | | | | | || | _|| | \/|_| ____| ofc-bootstrap Bootstrap your own OpenFaaS Cloud within 100 seconds

Commit: c7114a5fb7ccf94b6777ca647da5d05b870de8a3 Version: 0.9.8

* Kubernetes version `kubectl version`:

Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:50:19Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.9-eks-d1db3c", GitCommit:"d1db3c46e55f95d6a7d3e5578689371318f95ff9", GitTreeState:"clean", BuildDate:"2020-10-20T22:18:07Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}

* What kind of Kubernetes service or distribution are you using?
Amazon EKS

* Link to your project or a code example to reproduce issue:
Would linking to the cloud deployment help?

* Please also follow the [OpenFaaS Cloud self-hosted troubleshooting guide](https://docs.openfaas.com/openfaas-cloud/self-hosted/troubleshoot/) and paste in any other diagnostic information you have:
Done 🙏 

* init.yaml (obscure your secrets, but leave domains in place):

```yaml
secrets:
  ### Generated secrets (do not edit)
  - name: s3-secret-key
    literals:
      - name: s3-secret-key
    filters:
      - "default"
    namespace: "openfaas-fn"
  - name: s3-access-key
    literals:
      - name: s3-access-key
    filters:
      - "default"
    namespace: "openfaas-fn"
  - name: basic-auth
    literals:
      - name: basic-auth-user
        value: admin
      - name: basic-auth-password
        value: ""
    filters:
      - "default"
    namespace: "openfaas"
  - name: "payload-secret"
    literals:
      - name: payload-secret
        value: ""
    filters:
      - "default"
    namespace: "openfaas"
  - name: "jwt-private-key"
    files:
      - name: "key"
        value_from: "./tmp/key"
        value_command: "openssl ecparam -genkey -name prime256v1 -noout -out ./tmp/key"
    filters:
      - "auth"
    namespace: "openfaas"
  - name: "jwt-public-key"
    files:
      - name: "key.pub"
        value_from: "./tmp/key.pub"
        value_command: "openssl ec -in ./tmp/key -pubout -out ./tmp/key.pub"
    filters:
      - "auth"
    namespace: "openfaas"

  ### User-input
  ### In this section, you must populate all your secrets or secret file-locations
  ### and your desired configuration.
  ### For more information see: https://github.com/openfaas/openfaas-cloud/tree/master/docs

  ## This value is used by Github to talk to system-github-event, the password will be
  ## generated if left blank. Alternatively, you can enter a password here of your own.
  ## Enter it into the GitHub App's UI.
  - name: "github-webhook-secret"
    literals:
      - name: "github-webhook-secret"
        value: ""
    filters:
      - "scm_github"
    namespace: "openfaas-fn"

  # Download from GitHub App on GitHub UI
  - name: "private-key"
    files:
      - name: "private-key"
        value_from: -REDACTED-
    filters:
      - "scm_github"
    namespace: "openfaas-fn"
  # Populate your OAuth client_secret
  - name: "of-client-secret"
    literals:
      - name: of-client-secret
        value: -REDACTED- (path to .pem)
    filters:
      - "auth"
    namespace: "openfaas"

  # Enter your GitLab Webhook secret and API token
  - name: "gitlab-webhook-secret"
    literals:
      - name: "gitlab-webhook-secret"
        value: ""
    filters:
      - "scm_gitlab"
    namespace: "openfaas-fn"
  - name: "gitlab-api-token"
    literals:
      - name: "gitlab-api-token"
        value: "token"
    filters:
      - "scm_gitlab"
    namespace: "openfaas-fn"

 # DNS Service Account secret for DNS01 (wildcard) challenge

  ## Use DigitalOcean
  ### Create a Personal Access Token and save it into a file, with no new-lines
  - name: "digitalocean-dns"
    files:
      - name: "access-token"
        value_from: "~/Downloads/do-access-token"
    filters:
      - "do_dns01"
    namespace: "cert-manager"

  ## Use Google Cloud DNS
  ### Create a service account for DNS management and export it
  - name: "clouddns-service-account"
    files:
      - name: "service-account.json"
        value_from: "~/Downloads/service-account.json"
    filters:
      - "gcp_dns01"
    namespace: "cert-manager"

  ## Use Route 53
  ### Create role and download its secret access key
  - name: "route53-credentials-secret"
    files:
      - name: "secret-access-key"
        value_from: "~/Downloads/route53-secret-access-key"
    filters:
      - "route53_dns01"
    namespace: "cert-manager"

  ## Use Cloudflare
  ### Create role and download its secret access key
  - name: "cloudflare-api-key-secret"
    files:
      - name: "api-key"
        value_from: "~/Downloads/cloudflare-secret-access-key"
    filters:
      - "cloudflare_dns01"
    namespace: "cert-manager"

  # Used by Buildkit to push images to your registry
  - name: "registry-secret"
    files:
      - name: "config.json"
        value_from: "./credentials/config.json"
    filters:
      - "default"
    namespace: "openfaas"

  # Used to pull functions / images to nodes by Kubernetes
  - name: "registry-pull-secret"
    files:
      - name: ".dockerconfigjson"
        value_from: "./credentials/config.json"
    namespace: "openfaas-fn"
    filters:
      - "default"
    type: "kubernetes.io/dockerconfigjson"

    # ECR credentials to push to AWS ECR
    ## Make sure you do not use your admin account in ~/.aws/credentials, but a
    ## new user with ECR power-user permissions only.
  - name: "aws-ecr-credentials"
    files:
      - name: "credentials"
        value_from: "~/.aws/credentials"
    filters:
      - "ecr"
    namespace: "openfaas"

  - name: "aws-ecr-createrepo-credentials"
    files:
      - name: "credentials"
        value_from: "~/.aws/credentials"
    filters:
      - "ecr"
    namespace: "openfaas-fn"

## If not using a HTTPS URL, then set a list of CUSTOMERS
## To use this set "value_from" to a real file path, and put in a list (each item on a new line) of usernames, without other whitespace
  - name: "of-customers"
    files:
      - name: "of-customers"
        value_from: "/dev/null"
    namespace: "openfaas"
    filters:
      - "default"
  - name: "customers"
    files:
      - name: "customers"
        value_from: "/dev/null"
    namespace: "openfaas-fn"
    filters:
      - "default"

### Docker registry
#### This can be any cluster accessible by your cluster. To populate the file
#### run `docker login` with "store in keychain" turned off in Docker Desktop.
#### This can also be your private registry
#### Format: registry/username/ - i.e. replace ofctest with your login

registry: -REDACTED- (ECR)

### Use a secret instead of a publicly accessible URL for the ACL
### of valid users.
customers_secret: false

### Enable only if using AWS ECR
enable_ecr: true

### Change if your using ECR
ecr_config:
  ### The region to use for ECR
  ecr_region: "us-east-1"

### Your root DNS domain name, this can be a sub-domain i.e. staging.o6s.io / prod.o6s.io
root_domain: -REDACTED-

## Ingress into OpenFaaS Cloud

### Keep active if using a cluster with a LoadBalancer available.
ingress: loadbalancer

### Uncomment if using on-premises or a host/cloud without a loadbalancer
# ingress: host

## Define the custom templates available for your users
### If needed edit the git-tar Deployment after running the tool
deployment:
  custom_templates:
    - "https://github.com/openfaas-incubator/golang-http-template.git"
    - "https://github.com/openfaas-incubator/node10-express-template.git"
    - "https://github.com/openfaas-incubator/python-flask-template.git"
    - "https://github.com/openfaas-incubator/ruby-http"

## Source Control Management
### Pick either github or gitlab
scm: github
# scm: gitlab

## Populate from GitHub App
github:
  app_id: -REDACTED-

## GitLab
### Public URL for your GitLab instance with a trailing slash
gitlab:
  gitlab_instance: "https://gitlab.o6s.io/"

## Enable auth:
### When enabled users must log in with a valid GitHub account and be present in the
### customers file to view any dashboard
enable_oauth: true

## Populate from OAuth App
oauth:
  client_id: -REDACTED-

  ## For GitLab put your OAuth provider base URL
  # oauth_provider_base_url: "https://gitlab.o6s.io"

  ## For GitHub leave blank
  oauth_provider_base_url: ""

## Slack
### You can set your own url to get an audit trail in your Slack workspace
### You can edit this after deployment if needed in the audit function
slack:
  url: http://gateway.openfaas:8080/function/echo

### Users allowed to access your OpenFaaS Cloud
#### ACL for your users, it must be a raw text file or GitHub RAW URL
#### At time of writing this _must_ be a public repo URL
customers_url: -REDACTED-

##  S3 configuration
### Build logs from buildkit are stored in S3
### Defaults to in-cluster deployment of Minio. AWS S3 is also possible
s3:
  s3_url: cloud-minio.openfaas.svc.cluster.local:9000
  s3_region: us-east-1
  s3_tls: false
  s3_bucket: pipeline

## TLS
tls: true
tls_config:
  issuer_type: "prod"

  # issuer_type: "staging"
  email: -REDACTED-

  ## Select DNS web service between Amazon Route 53 (route53) and Google Cloud DNS (clouddns)
  # by uncommenting the required option

  ### DigitalOcean
  # dns_service: digitalocean

  ### Google Cloud DNS
  # dns_service: clouddns
  # project_id: "my-openfaas-cloud"

  ### AWS Route53
  dns_service: route53
  region: us-east-1
  access_key_id: -REDACTED-

  ### Cloudflare
  # dns_service: cloudflare

## Dockerfile language support
### Use with caution, it allows any workload to be built and run
enable_dockerfile_lang: true

## Set to true to enable scaling to zero
### When enabled, all functions are included by default, to turn off add a label
### of com.openfaas.scale.zero: "false"
scale_to_zero: true

## Enable network policies
### Prevents functions from talking to the openfaas namespace, and to each other.
### Use the ingress address for the gateway or the external IP instead.
network_policies: false

## Branch that OpenFaaS Cloud will build and deploy
## You should change this if you want a different branch to be built and deployed instead of master
build_branch: master

## This setting, if true, will install the openfaas ingress-operator using the openfaas-fn namespace
## for finding functions, creating Ingress records in the openfaas namespace
enable_ingress_operator: false

## Version of OpenFaaS Cloud from https://github.com/openfaas/openfaas-cloud/releases/
### Usage: release tag, a SHA or branch name
openfaas_cloud_version: 0.14.4

[alexellis]

Thanks for your interest in openfaas-cloud. We don't provide support for this project on GitHub, but there is a Slack community where you can chat with the community.

The proxy message you've shared looks like it may be related to the dashboard

The "faas-cli login" message from list-functions is unexpected, I wonder if you haven't configured basic-auth correctly? Check the secret attached to "list-functions", get the value and see if it matches the value for your gateway's basic-auth password.

PRs are welcome if you want to contribute upstream

[alexellis]

/msg: slack

[derek[bot]]

-- Join Slack to connect with the community https://docs.openfaas.com/community

[ssgutierrez42]

@alexellis @Waterdrips thanks for reviewing this and for the quick PR fix #243. Everything is working fine now 👍 you guys rock!

[alexellis]

What are you going to use OFC for? Please do join us on Slack as suggested.

[ssgutierrez42]

Will do -- just received an invite to the Slack this morning. I am evaluating OFC as the driver of a micro-services architecture for a growing start-up.