- this change is needed for Docker Swarm which may give an error
when several concurrent requests come in to scale a deployment.
Tested on Docker Swarm before/after with the hey tool and figlet
scaled down to zero replicas.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- extracting this package means it can be used in other components
such as the asynchronous nats-queue-worker which may need to
invoke functions which are scaled down to zero replicas.
Ref: https://github.com/openfaas/nats-queue-worker/issues/32
Tested on Docker Swarm for scaling up, already scaled and not
found error.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- The path clipping / transforming behaviour must be turned-off
when we are not using direct_functions as is used in
faas-nomad and faas-ecs. This will need a change in each provider
to strip paths, but fixes a 404 error these users will see if they
upgrade to 0.9.2 or newer. 0.9.3 will have a this fix meaning
the whole un-edited path is passed to the provider when
direct_functions is set to false.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This commit adds basic authentication for `/system/async-report`
endpoint.
It also adds basic-auth secrets to `queue-worker` service which will be
used for gateway calls to `/system/async-report`.
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
The basic-auth middleware and credentials-loading code has been
moved into the faas-provider project. This has now been brought
back into the faas project via vendoring.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Code-review/refactoring for #843. Closes#843.
FaaSHandlers has had info and query handlers added to its list
of types for consistency.
Secrets added to queue-worker component ready for next PR.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This changeset enables passing the basic auth credentials
to all /system/ calls to allow upstream providers to
perform authorization checks independent of the gateway.
This is essential for some providers, like Swarm, where
the system is accessible on the same network, and not
protected via the gateway
Signed-off-by: Burton Rheutan <rheutan7@gmail.com>
This reviews the code and fixes up suggestions made by team for
the HTTP paths PR #789.
- Removed feature-flag (this is backwards-compatible, so I see
no value in adding the flag)
- There was a URL transform happening for calls proxied to the
back end, I changed this for the nil-transform - i.e. it does not
change anything in the URL
- Introduced variables to describe the regex indicies used in
the URL trimming.
Tested with Docker Swarm with a ruby-microservice, with
system calls and with function calls using the UI.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Previously, only the query string of the URL was passed through the Gateway.
With this change, the entire path requested by the client is passed through as well as the query string.
While fwatchdog already supported passing the path through, in practice this would not happen
since the Gateway would have swallowed it before forwarding the request to the watchdog.
With this change, the path portion after the function name is added to the Http_Path environment
variable, provided that cgiHeaders are enabled. This is similar to the of-watchdog equivalent.
Signed-off-by: Thomas E Lackey <telackey@bozemanpass.com>
This change exposes the gateway metrics with an exporter which
implements the Collector interface of prometheus.
This change Fixes#697
Signed-off-by: Ken Fukuyama <kenfdev@gmail.com>
- exposes scale-function endpoint for use with faas-idler, this
is protected by auth when enabled.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Existing code has been used for scaling up and querying replicas.
This meant the new code was deleted and there is less duplication
now.
The cache store a whole query response rather than just the
available replica count and the tests were updated. This has been
tested with Docker swarm and the image:
openfaas/gateway:scale-17-07-2018
This feature now needs the env-var of scale_from_zero to be enabled
in order to turn on the scaling behaviour.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This disables the scaling proxy by default since it is not the
default user-experience and is still under refinement.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This change allows functions to be "idled" or scaled to zero
replicas and then be invoked later on. There is a penalty to
scaling up - the API gateway proxy will block until the function
is ready.
A cache is included to off-set the calls to upstream API to check
on readiness along with unit tests.
Testing via scaling to zero replicas and then invoking function.
On Swarm I observed 3 seconds on an Intel Nuc i5 for scaling back
from zero replicas.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This change enables secrets to be read from any mount on disk
rather than hard-coding a certain location which suits Swarm or
K8s. The default value if not specified will look in the Swarm
location of /run/secrets/
README.md (docs) updated and set to off by default.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Fixes https://github.com/openfaas/faas/issues/687 allowing the
gateway to handle the responsibility of basic auth for when it is
in use.
To enable set basic_auth env-var to true and then mount two
secrets or plaintext files under /var/secrets/
basic_auth_user, basic_auth_password
Tested with faas-cli list/deploy and with Safari browser.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Routeless proxy allowed no HTTP path to be given when a Header
X-Function: name was given. This has been deprecated - I am
unaware of any usage of the feature.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Forwarded requests were being logged in the function metrics and
I saw this when doing some testing on auto-scaling with K8s.
This change removes the call to the Prometheus notifier for any
calls which are forwarded to the provider and retains them for the
functions.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This commit replaces occurences of http method strings with the
corresponding consts from the http package.
*Note* UPDATE is not strictly speaking a valid method and as such isn't
part of the http package (should be a PUT or PATCH?)
Signed-off-by: John McCabe <john@johnmccabe.net>
Adds a pair of configuration options for performance tuning. The
gateway can now invoke functions directly and can bypass the
provider. See updated table in README.md for configuration values.
BaseURLResolver is added with unit tests that decouples resolving
upstream URL from the reverse proxy client code.
- SingleHostBaseURLResolver resolves a single upstream host
- FunctionAsHostBaseURLResolver resolves host based upon conventions
within the URL of the request to a function for direct access
Tested with Kubernetes (faas-netes) and faas-swarm through UI, CLI
calling system endpoints and functions directly.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Note, not all `alexellis/github` references should be changed, there are
a number of repos which are not part of the openfaas org, this commit
excludes those.
Signed-off-by: John McCabe <john@johnmccabe.net>
This commit implements an update handler for Docker Swarm, it queries the
current spec, updates values in-situ before calling ServiceUpdate.
The UpdateConfig FailureAction is set to rollback, so in the event of
supplying values to the update that would result in the service failing
then the update will be rolled back.
The UpdateConfig Parallelism param is set to an explicit value of 1 which
will result in functions being updated 1 by 1 rather than all at once.
It also moves the restartDelay declaration out of the create and update
handlers and into the main server function alongside maxRestarts.
And finally this commit uses the PUT HTTP verb for updates rather than
the non-HTTP UPDATE verb which was being used initially (also adding it
to the Swagger definition).
Signed-off-by: John McCabe <john@johnmccabe.net>