This change removes the direct functions option which was
used originally for Docker Swarm. The Community Edition will
rely on the faas provider - faas-netes / faasd for load-balancing
of requests.
Direct Functions is required in order to delegate load-balancing
to Istio, Linkerd or some other kind of service mesh.
Tested by deploying a modified gateway image to a KinD cluster,
deploying the env function, and scaling to two replicas. This
balanced the load between the two pods by printing out the names
and then I ran a test with hey which returned 200s for all the
requests.
The prober which was part of the Istio support is no longer
required in the CE gateway so is removed for simplicity.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
The welcome message shows the difference between
Pro and CE.
The timeout of 8 seconds was never going to be useful as
a default, so changing to 60 seconds.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
* Removes service min and target metrics from the CE gateway
OpenFaaS Pro metrics are no longer required in OpenFaaS CE
since there is an OpenFaaS Pro gateway available.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
Introduces a single-flight call to a function's health
endpoint to verify that it is registered with an Istio
sidecar (Envoy) before letting the invocation through.
Results are cached for 5 seconds, before a probe is
required again.
Tested without Istio, with probe_functions environment
variable set to true, I saw a probe execute in the logs.
Fixes: #1721 for Istio users.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alex@openfaas.com>
* Add service target metric
* Add service min replicas metric
* Add scale type metric
These combined allow new auto-scaling modes and parameters
for OpenFaaS Pro customers.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This commits updates version endpoint to use ProviderInfo and VersionInfo structs from
faas-provider.GatewayInfo now uses ProviderInfo and VersionInfo structs. GatewayInfo is
left within gateway. Consumer of this endpoint should use typed struct GatewayInfo to
parse response.
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This is being added because multiple namespaces can now be used
on Kubernetes. By listing namespaces, a client such as the UI
or CLI can then enumerate the namespaces to find functions
which may span across more than one namespace.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
When coupled with the latest version of faas-netes, the gateway
can now invoke, query and deploy functions into alternative
namespaces.
Tested e2e by creating a namespace "fn" and deploying, then
invoking a function deployed there and in the default namespace.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
With this change /system/info endpoint is going to give
information about the platform architecture it is running on
(arm64, armhf, x86_64)
Signed-off-by: Ivana Yovcheva (VMware) <iyovcheva@vmware.com>
**What**
- Ensure that we are loading the log provider url correctly, including
fallback to the function provider, when the value is set
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
**What**
- Implement log handler method that will hijack the connection and clear
timeouts to allow long lived streams
- Proxies requests to the logs provider and returns the response
unmodified
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
Adds two new environment variables and unit tests to validate
positive and default use-cases.
auth_proxy_url
auth_proxy_pass_body
Signed-off-by: Alex Ellis <alexellis2@gmail.com>
- max_conns / idle / per host are now read from env-vars and have
defaults set to 1024 for both values
- logging / metrics are collected in the client transaction
rather than via defer (this may impact throughput)
- function cache moved to use RWMutex to try to improve latency
around locking when updating cache
- logging message added to show latency in running GetReplicas
because this was observed to increase in a linear fashion under
high concurrency
- changes tested against 3-node bare-metal 1.13 K8s cluster
with kubeadm
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- due to what appears to be a frequent issue with the Go HTTP
client some tweaks were needed to the HTTP client used for
reverse proxying to prevent CoreDNS from rejecting connections.
The following PRs / commits implement similar changes in
Prometheus and Minio.
https://github.com/prometheus/prometheus/pull/3592https://github.com/minio/minio/pull/5860
Under a 3-node (1-master) kubeadm cluster running on bare
metal with Ubuntu 18.04 I was able to send 100k requests
with 1000 being concurrent with no errors being returned
by hey.
```
hey -n 100000 -c 1000 -m=POST -d="hi" \
http://192.168.0.26:31112/function/go-echo
```
The go-echo function is based upon the golang-http
template in the function store using the of-watchdog.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- Covers part of 919 by making the HTTP client used for proxying
stop following redirects. Tested with a stateless microservice,
but additional code changes may be requierd in the queue-worker,
the watchdogs and other areas.
Tested on Swarm with stateless microservice (Node.js) issuing
a redirect via Location header.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- updates comments and adds where missing
- updates locks so that unlock is done via defer instead of
at the end of the statement
- extracts timeout variable in two places
- remove makeClient() unused method from metrics package
No-harm changes tested via go build.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
The basic-auth middleware and credentials-loading code has been
moved into the faas-provider project. This has now been brought
back into the faas project via vendoring.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Code-review/refactoring for #843. Closes#843.
FaaSHandlers has had info and query handlers added to its list
of types for consistency.
Secrets added to queue-worker component ready for next PR.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This reviews the code and fixes up suggestions made by team for
the HTTP paths PR #789.
- Removed feature-flag (this is backwards-compatible, so I see
no value in adding the flag)
- There was a URL transform happening for calls proxied to the
back end, I changed this for the nil-transform - i.e. it does not
change anything in the URL
- Introduced variables to describe the regex indicies used in
the URL trimming.
Tested with Docker Swarm with a ruby-microservice, with
system calls and with function calls using the UI.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
- exposes scale-function endpoint for use with faas-idler, this
is protected by auth when enabled.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
This disables the scaling proxy by default since it is not the
default user-experience and is still under refinement.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
From Project to Author(s) for the catch-all. This file has my
copyright which is retained through the catch-all statement.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
1. Use httptest.ResponseRecorder instead of custom implementation
StringResponseWriter.
2. Remove verbose log line in infohandler
Signed-off-by: Edward Wilde <ewilde@gmail.com>
This commit reverts the changes done in #738 to update the default
secret mount path to `/run/secrets/`
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This changes updates the secret mount path default value to
/var/openfaas/secrets at serveral places. It has been changed
from /run/secrets/ to /var/openfaas/secrets after version 0.8.2
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
This change enables secrets to be read from any mount on disk
rather than hard-coding a certain location which suits Swarm or
K8s. The default value if not specified will look in the Swarm
location of /run/secrets/
README.md (docs) updated and set to off by default.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Fixes https://github.com/openfaas/faas/issues/687 allowing the
gateway to handle the responsibility of basic auth for when it is
in use.
To enable set basic_auth env-var to true and then mount two
secrets or plaintext files under /var/secrets/
basic_auth_user, basic_auth_password
Tested with faas-cli list/deploy and with Safari browser.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
The unit tests were inside the `gateway/tests` directory which had no
effect to the coverage for `go test`. Therefore, moved the tests inside
the same directory as the test target.
Signed-off-by: Ken Fukuyama <kenfdev@gmail.com>
Adds a pair of configuration options for performance tuning. The
gateway can now invoke functions directly and can bypass the
provider. See updated table in README.md for configuration values.
BaseURLResolver is added with unit tests that decouples resolving
upstream URL from the reverse proxy client code.
- SingleHostBaseURLResolver resolves a single upstream host
- FunctionAsHostBaseURLResolver resolves host based upon conventions
within the URL of the request to a function for direct access
Tested with Kubernetes (faas-netes) and faas-swarm through UI, CLI
calling system endpoints and functions directly.
Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
applied go fmt on config_test file
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
removes extra line in config_test
Signed-off-by: Vivek Singh <vivekkmr45@yahoo.in>
