This change removes the direct functions option which was
used originally for Docker Swarm. The Community Edition will
rely on the faas provider - faas-netes / faasd for load-balancing
of requests.
Direct Functions is required in order to delegate load-balancing
to Istio, Linkerd or some other kind of service mesh.
Tested by deploying a modified gateway image to a KinD cluster,
deploying the env function, and scaling to two replicas. This
balanced the load between the two pods by printing out the names
and then I ran a test with hey which returned 200s for all the
requests.
The prober which was part of the Istio support is no longer
required in the CE gateway so is removed for simplicity.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
The welcome message shows the difference between
Pro and CE.
The timeout of 8 seconds was never going to be useful as
a default, so changing to 60 seconds.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
Introduces a single-flight call to a function's health
endpoint to verify that it is registered with an Istio
sidecar (Envoy) before letting the invocation through.
Results are cached for 5 seconds, before a probe is
required again.
Tested without Istio, with probe_functions environment
variable set to true, I saw a probe execute in the logs.
Fixes: #1721 for Istio users.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
When coupled with the latest version of faas-netes, the gateway
can now invoke, query and deploy functions into alternative
namespaces.
Tested e2e by creating a namespace "fn" and deploying, then
invoking a function deployed there and in the default namespace.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
**What**
- Implement log handler method that will hijack the connection and clear
timeouts to allow long lived streams
- Proxies requests to the logs provider and returns the response
unmodified
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
Adds two new environment variables and unit tests to validate
positive and default use-cases.
auth_proxy_url
auth_proxy_pass_body
Signed-off-by: Alex Ellis <alexellis2@gmail.com>
- max_conns / idle / per host are now read from env-vars and have
defaults set to 1024 for both values
- logging / metrics are collected in the client transaction
rather than via defer (this may impact throughput)
- function cache moved to use RWMutex to try to improve latency
around locking when updating cache
- logging message added to show latency in running GetReplicas
because this was observed to increase in a linear fashion under
high concurrency
- changes tested against 3-node bare-metal 1.13 K8s cluster
with kubeadm
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- updates comments and adds where missing
- updates locks so that unlock is done via defer instead of
at the end of the statement
- extracts timeout variable in two places
- remove makeClient() unused method from metrics package
No-harm changes tested via go build.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This reviews the code and fixes up suggestions made by team for
the HTTP paths PR #789.
- Removed feature-flag (this is backwards-compatible, so I see
no value in adding the flag)
- There was a URL transform happening for calls proxied to the
back end, I changed this for the nil-transform - i.e. it does not
change anything in the URL
- Introduced variables to describe the regex indicies used in
the URL trimming.
Tested with Docker Swarm with a ruby-microservice, with
system calls and with function calls using the UI.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This disables the scaling proxy by default since it is not the
default user-experience and is still under refinement.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This commit reverts the changes done in #738 to update the default
secret mount path to `/run/secrets/`
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This changes updates the secret mount path default value to
/var/openfaas/secrets at serveral places. It has been changed
from /run/secrets/ to /var/openfaas/secrets after version 0.8.2
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This change enables secrets to be read from any mount on disk
rather than hard-coding a certain location which suits Swarm or
K8s. The default value if not specified will look in the Swarm
location of /run/secrets/
README.md (docs) updated and set to off by default.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Fixes https://github.com/openfaas/faas/issues/687 allowing the
gateway to handle the responsibility of basic auth for when it is
in use.
To enable set basic_auth env-var to true and then mount two
secrets or plaintext files under /var/secrets/
basic_auth_user, basic_auth_password
Tested with faas-cli list/deploy and with Safari browser.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Adds a pair of configuration options for performance tuning. The
gateway can now invoke functions directly and can bypass the
provider. See updated table in README.md for configuration values.
BaseURLResolver is added with unit tests that decouples resolving
upstream URL from the reverse proxy client code.
- SingleHostBaseURLResolver resolves a single upstream host
- FunctionAsHostBaseURLResolver resolves host based upon conventions
within the URL of the request to a function for direct access
Tested with Kubernetes (faas-netes) and faas-swarm through UI, CLI
calling system endpoints and functions directly.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
applied go fmt on config_test file
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
removes extra line in config_test
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
