In the previous version, whilst responses were streamed
correctly, the request body was not being received by
the function. This has been tested, along with adding
a forced timeout according to upstream_timeout, which
was a miss in the original commit.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
Convert the existing swagger2.0 file to a moden OpenAPI file.
Add missing endpoitns and model definitions.
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
OpenFaaS CE exposes metrics about function invocations and
about the gateway itself. OpenFaaS Pro has a richer set of
metrics including HTTP RED.
See also: https://docs.openfaas.com/architecture/metrics/
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
NATS Streaming is deprecated and will be removed from OpenFaaS
CE in a future release for security reasons.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Sets a new default maximum scale limit of 5 replicas out of
the box for CE users, CE meaning "Community" rather than
"Commercial".
The increment factor of 10 vs 25 should not make a difference
to genuine community and hobbyist users.
Tested and verified with unit tests and hey with a CE cluster
where the maximum limit was reached over several minutes,
finally going back to 1 replica.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
There is no need for OpenFaaS CE to have external auth plugins
since this added extra overhead and was never used.
OpenFaaS Pro retains the option so it can use the OIDC
auth plugin.
It's still possible, as it ever was to put a proxy in front
of any HTTP server like the gateway.
Tested with a local KinD cluster, auth still worked for the
API and UI.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
This change removes the direct functions option which was
used originally for Docker Swarm. The Community Edition will
rely on the faas provider - faas-netes / faasd for load-balancing
of requests.
Direct Functions is required in order to delegate load-balancing
to Istio, Linkerd or some other kind of service mesh.
Tested by deploying a modified gateway image to a KinD cluster,
deploying the env function, and scaling to two replicas. This
balanced the load between the two pods by printing out the names
and then I ran a test with hey which returned 200s for all the
requests.
The prober which was part of the Istio support is no longer
required in the CE gateway so is removed for simplicity.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
NATS Streaming is deprecated and will have no support from
early 2023 by Synadia. Upgrade to OpenFaaS Pro as soon as
possible.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
We now have two write interceptors, with one moved into
faas-provider. This commit makes the gateway use the new
external package and deletes its own.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
During some exploratory testing, I ran into an issue where
the gateway would attempt to scale a deployment from zero
replicas to min, despite there already being min replicas.
Why?
The scaling logic was looking for Available replicas when
it should have looked for Desired replicas. So when a
deployment had zero ready replicas due to readiness checks
failing, the gateway was attempting to scale from zero
to min.
This logic has been corrected and separated from the
a holding pattern where the gateway waits for a ready
replica.
Tested with KinD and an edited function which had a
readiness probe, which was failing and no ready
replicas. As desired, the gateway did not scale to min.
However, when setting desired replicas to zero, the
gateway did scale up as expected.
This change also modifies all print statements for
"seconds" and makes them use 4 decimal places instead of
the default which was a longer, more verbose string for
the logs.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Introduces a single-flight call to a function's health
endpoint to verify that it is registered with an Istio
sidecar (Envoy) before letting the invocation through.
Results are cached for 5 seconds, before a probe is
required again.
Tested without Istio, with probe_functions environment
variable set to true, I saw a probe execute in the logs.
Fixes: #1721 for Istio users.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
The histogram for gateway_functions_seconds excluded the status
code that gives important information for setting up SLOs.
Fixes: #1725
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
The queue type now resides in the provider, so that there is
no risk of a circular reference.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
**What**
- Add unit test that verifies the behavior of the logging middleware in
various reponse cases
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
This commits updates version endpoint to use ProviderInfo and VersionInfo structs from
faas-provider.GatewayInfo now uses ProviderInfo and VersionInfo structs. GatewayInfo is
left within gateway. Consumer of this endpoint should use typed struct GatewayInfo to
parse response.
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This type abstracts the function_query type and introduces an
interface for testing and substitution.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Enables publishing to various topics according to annotations
on the functions. The function cache is moved up one level so
that it can be shared between the scale from zero code and the
queue proxy.
Unit tests added for new internal methods.
Tested e2e with arkade and the newest queue-worker and RC
gateway image with two queues and an annotation on one of the
functions of com.openfaas.queue. It worked as expected including
with multiple namespace support.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Propagates the context to upstream requests so that
cancellation can cascade.
Closes: #1501 by @SpaWn2KiLl which was not signed-off.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* This experimental patch records metrics as invocations start
so that the metrics can be used to make better scale to zero
decisions in faas-idler.
Tested with Kubernetes on a single-node cluster, metrics
reported as expected. Existing metrics still report.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Allows alerts to trigger functions to scale when they
also have an optional namespace set.
Tested e2e with Kubernetes 1.15 and a non-default namespace.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
When coupled with the latest version of faas-netes, the gateway
can now invoke, query and deploy functions into alternative
namespaces.
Tested e2e by creating a namespace "fn" and deploying, then
invoking a function deployed there and in the default namespace.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This patch enables the use-case for multiple namepsaces by
allowing a dot to be used in the function name.
dep has been run to update OpenFaaS projects and also to
prune unused files.
Tested by doing a build.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
With this change /system/info endpoint is going to give
information about the platform architecture it is running on
(arm64, armhf, x86_64)
Signed-off-by: Ivana Yovcheva (VMware) <iyovcheva@vmware.com>
**What**
- Use NotImplemented when we get a 404 from the log provider. When we
get a 200, process the log request, as normal. For all other status
codes, return a sever error with a message stating that the
response was unexpected. The message will contain the original status
code to assist with debugging
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
**What**
- Fix missing imports since my ide forgot to add the "time" package
- Update the tests to accept the handler timeout duration
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
**What**
- Pass the writetimeout to the logs handler to set the context timeout
of the log stream.
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
**What**
- Add test to verify that the log proxy shutsdown correctly when the
client cancels
- Add test to verify that the log proxy shutsdown correctly when the
logs provider closes the connection
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
**What**
- Implement log handler method that will hijack the connection and clear
timeouts to allow long lived streams
- Proxies requests to the logs provider and returns the response
unmodified
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
This corrects an issue where the error body was being hidden
for the external auth handler. It also adds the ca-certs into
the runtime Docker image for when the gateway is calling an
external plugin exposed over HTTPS.
Tested with OAuth2 plugin.
Signed-off-by: Alex Ellis <alexellis2@gmail.com>
