-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FR] Enable use of "certificate signed by unknown authority" for OpenFaaS gateway #37
Comments
Hey @knafel sounds like a good and straightforward Idea. However, I need to check it the Controller SDK does support such an behaviour. Sadly I did not implement the communication to open faas myself. I will check it and get back to you, overall your request seems to be a quick win. |
@knafel was able to verify that the lib supports the behavior. Will now start implementing it, would you be so kind and test it? I will later share with you the docker image. After successful validation through you, I would publish it with a new minor version. |
@Templum : Great that you are willing to implement this feature ... very much appreciated. I will be able to test starting earliest next Tuesday (currently traveling). |
@knafel that's fine. I think I can start working on it on Wednesday. |
@Templum : OK ... let me know, when you are ready for testing. |
@Templum: Very good! I will try to find time today or tomorrow to test it. |
Hi @Templum: |
Hi @knafel , Based on the shared logs. It seems like you did not provide or provide the wrong secret for the communication to open faas. As the last message is usually thrown by the Open FaaS Connector SDK in case the call was performed without the correct Basic Auth Credentials. By default, OpenFaaS is now deployed with active Basic Auth. Please revisit that part, I will set up an issue to remove the OpenFaaS Connector SDK and rather go with an own implementation. |
@Templum : Thanks ... I will check it. |
Hi @Templum: Intermediate status:
It is obviously NOT a solution, and I did not have time to dig, why the SDK types.GetCredentials() did not work in our current cluster setup (K8s Rancher distro with some our company specific namespace structure). Cheers ... |
Merged #47 |
Is your feature request related to a problem? Please describe.
We would like to use the RabbitMQ-Connector on company internal k8s cluster, which uses certificates signed by our company CA. This is not supported by the connector resulting in error accessing the gateway URL:
"Get https://dev.function.our-company-name.com/system/functions: x509: certificate signed by unknown authority"
Describe the solution you'd like
Add environment bool variable, e.g.: INSECURE_SKIP_VERIFY: true.
Assuming that in the code this environment variable will be expressed as: insecureSkipVerify, the parameter could be apssed to the RabbitMQ connection or the definition of the HTTP client could be, e.g.:
client := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: insecureSkipVerify, }, }, }
Describe alternatives you've considered
Directly configuring RabbitMQ instead of the connector.
Additional context
None.
The text was updated successfully, but these errors were encountered: