The Nginx Pod needs to be configured with custom certificates
and nginx configuration file. To achieve this, nginx will need
to create a Kube ConfigMap for the nginx.conf
file and a
Secrets resource with the certs.
To help generate the certs there is a little helper script.
-
certs.sh
can be used to generate self signed certs for OpenWhisk. By default, the currentnginx.conf
file expects the server url to uselocalhost
. To generate a self signed cert with the same hostname for testing purposes just run:certs.sh localhost
If you want to modify the domain name, make sure to update the nginx.conf file appropriately.
To create the ConfigMap in the OpenWhisk namespace with the nginx.conf
file, run the following command:
kubectl -n openwhisk create configmap nginx --from-file=nginx.conf
With the generated certs for Nginx, you should now be able to create the nginx Secrets. To create the Secrets resource in the OpenWhisk namespace run the following command:
kubectl -n openwhisk create secret tls nginx --cert=certs/cert.pem --key=certs/key.pem
After successfully creating the nginx ConfigMap and creating the Secrets you will be able to create the Nginx Service and Deployment.
kubectl apply -f nginx.yml
To update the nginx ConfigMap:
kubectl -n openwhisk edit cm nginx -o yaml
Kubernetes will then go through an update any deployed Nginx instances. Updating all of the keys defined in the nginx ConfigMap.
When updating the nginx Secrets, you will need to have the actual yaml file. To obtain the generated YAML file run:
kubectl -n openwhisk get secrets nginx -o yaml > nginx_secrets.yml
Then you can manually edit the fields by hand. Remember that the
values in a secrets file are base64 encoded values. Also, you
will need to remove a couple of fields from the metadata
section.
creationTimestamp: 2017-06-21T15:39:56Z
resourceVersion: "2156"
selfLink: /api/v1/namespaces/openwhisk/configmaps/nginx
uid: e0585576-5697-11e7-aef9-080027a9c6c9
When you have finished editing the yaml file, run:
kubectl replace -f nginx_secrets.yml
Kubernetes will then go through an update any deployed Nginx instances. Updating all of the keys defined in the nginx Secrets.
If you are updating the number of controllers being deployed with OpenWhiks from the default 2, you will need to make a few changes. The Nginx conf file has routes for Controller StatefulSet addresses. Specifically these lines. will need to be updated with a list of all available routes.
To build the Nginx docker image for Kubernetes on OpenWhisk, you will need to run the build script build.sh. This script requires one parameter, which is the repo to bush the Docker image to.
E.G
docker/builds.sh <danlavine>
This script goes through and donwload the OpenWhisk reop under the tmp directory, builds the Blackbox image and copies it into the Docker image. Then, each of the published WSK CLIs are download into the Docker image so that users are able to download them as usual.