Closed lexxito closed 6 years ago
Hey @lexxito,
the issue is not about minikube but with the function that you configured. Your function runs on HTTPS but it's only IP address (not FQDN). Event Gateway supports https
function only with valid SSL certificate.
Is your endpoint 192.168.99.100/hello-serverless-kubeless
also exposed on http://
?
Yes, you are right. 192.168.99.100/hello-serverless-kubeless
was also exposed over http://
I am using kubeless and function is deployed on minikube itself. to expose the function over https port I have added this lines to nginx:
...
- backend:
serviceName: hello-serverless-kubeless
servicePort: 8080
path: /func
...
the command:
curl -k --request POST \
--data "magic example data" \
--header "Content-Type: application/json" \
https://192.168.99.100/func
returns magic example data
successfully.
Function and Subscription are following:
{
"space": "default",
"functionId": "hello-serverless-kubeless",
"type": "http",
"provider": {
"url": "https://192.168.99.100/hello-serverless-kubeless"
}
}
{
"space": "default",
"functionId": "hello-serverless-kubeless",
"type": "http",
"provider": {
"url": "https://192.168.99.100/func"
}
}
Nevertheless the error is the same:
"error": "Function call failed. Error: Post https://192.168.99.100/func: x509: cannot validate certificate for 192.168.99.100 because it doesn't contain any IP SANs"
I am having troubles only with kubeless use case. Other providers work fine for me.
Your curl command will absolutely return your function because you're specifying the -k
command to curl (aka the --insecure
flag). If you remove the -k
does your function reply as you'd expect?
Another note about your minikube
ingress is that you didn't specify a host
name for the Ingress
as we do here. You won't need to provide the --header 'eventgateway.minikube'
value because it's not being used at all.
I would also try to query your endpoint using curl
and the following...
curl -v --request POST \
--data "magic example data" \
--header "Content-Type: application/json" \
--key /path/to/your/pubkey.key \
--cert /path/to/your/signed.pem \
--cacert /path/to/your/public_ca.pem \
https://192.168.99.100/func
That should give you verbose, signed access to the endpoint and print out any errors in case they don't work for any reason.
@lexxito just checking in to see how this issue was going for you. Were you able to figure out the fix?
Good day!
I am running event-gateway with minikube. Following this tutorial but without helm. etcd and event gateway started manually: etcd.yaml:
event-gateway.yaml
function together with subscription are registered correctly and successfully.
but after trying to invoke the function having the following error:
I would be super thanksfull if you have any idea why event-gateway has a problem with certificate validation.
best,