This appeared to prevent the provider's secret code from
creating files in its working directory. The patch makes all
code use the same permission.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Adds secrets support and binding of secrets at runtime to
functions. Files are written in plain-text to a 0644 permission
folder which can only be read by root and the containers
requesting the secret through the OpenFaaS API.
Tested by deploying an alpine function using "cat" as its
fprocess.
Happy to revisit at a later date and look into encryption at
rest. This should be on-par with using Kubernetes in its
default unencrypted state.
Fixes: #29
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Fixes a bug when attempting to access a non-existant IP from
GetIPfromPID called via the list API.
Renames the provider from faas-containerd
Updates function deletion grace period to 30s to prevent any
errors in the REST API during a long-running deletion.
Tested on Linux with the figlet function which by default takes
around 5s to delete due to its write_timeout value, the deletion
now blocks rather than throwing an error.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This patch completes part of the work in #20 by porting the code
for faas-containerd in-tree. When tested, I was able to deploy
and then remove figlet from the store on `x86_64`.
In a follow-up PR, duplication will be removed where possible
and consolidated with updated documentation.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Replaced netns utility with CNI plugins to create a bridge network
and allow communication between containers with firewall plugin.
Overwrite the CNI config in case it exists. Allow updating the config
on new versions.
Signed-off-by: Carlos de Paula <me@carlosedp.com>
* faasd writes secrets to wd + /secrets/*
* faas-containerd is passed a custom path to use to load the
secrets
Both services gain their work /run/ folders for temporary and
working files. Tested on RPi3 e2e with faasd install.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Proxy has initial unit test and more can be added
* Shutdown channel and cancellation added for proper shutdown of
the proxy
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Issue was detected whilst testing 0.4.0 from @Waterdrips which
added basic auth, but the header was not being propagated.
* This code is tested in OpenFaaS already, but unit tests will
be added retrospectively.
* Proxy now reads the gateway URL via a channel instead of from
a file to make unit testing easier.
Basic auth now works as expected with faas-cli login / list.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
