Reduces default grace period from 30s to 5s for removing
functions.
The healthcheck_interval env-var can be used to override the
value and set it higher.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This gives a default value, for belt and braces, for people
who are supplying a lot of load.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Load the secret value from the RawValue field, if it is empty, use the
string value. Add unit tests for the creation handler.
Refactor secret parser tests.
Resolves#208
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
* Inlines the namespace check for valid faasd namespaces
* Creates a const for the namespace label applied to faasd
namespaces
Tested with go build and go test.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This commit adds the checks that the namespace supplied by the user has
the `openfaas=true` label. Without this check the user can
deploy/update/read functions in any namespace using the CLI.
The UI is not effected because it calls the listnamesaces endpoint,
which has the check for the label
Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
Have to change them since we are trying to resolve system services and the system services are in the /var/lib/faasd/hosts file instead of /var/lib/faasd-provider/hosts file.
Signed-off-by: Shikachuu <zcmate@gmail.com>
This is an optimization that uses the results cache created by
CNI on the filesystem to store and fetch IP addresses for
containers in the core services and for functions. As part of
the change, the dependency on the syscall code from Weave net
has been removed, and the code should compile on MacOS again.
Updates and rebases the work in #38 by carlosedp
Tested in the original PR, further testing in the incoming
PR.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
By setting the hostname, the container will resolve to its
name instead of just localhost.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This commit adds fprocess to the return values from faasd provider
/system/functions and /system/function/{name}
This has unit tests and has been tested on a faasd installation
Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
This commit adds the EnvVars set on the process to the retuurn from the
faasd provider. It gets the container process and then filters out PATH
and fprocess (if found) and returns the remaining envVars as a map.
This has using tests for getting the EnvVars from procees.env and has
been tested on amd_64 faasd by building, deploying and using curl
against the provider and gateway.
Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
This commit allows the provider to return a list of the names of the
secrets mapped into an openfaas function. This was tested by building
and deploying faasd on multipass and curling the provider directly and
seeing the returned secrets list!
Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
The update flow used to delete the active function before
synchronously pulling the next and starting it. That meant
functions would always face downtime during the pull.
This changes the order to pre-pull and reduce any down time.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
By moving to a reference instead of a value type, this patch
means the annotations are not leaked into other objects in
the result of ListFunctions. Tested on x86 with a Linux host
and I could no longer reproduce the issue in #128
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Provide support for annotations in faasd with namespaced container
labels. Unit tested and confirmed with end to end test via faasd
deployed to multipass VM
Signed-off-by: Alex Tomic <atomic777@gmail.com>
Memory limits now work and a function will be killed with OOM
however, it will remain in a stopped state and will not
restart automatically.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This patch reports stopped tasks as having zero scale, which
means the gateway will send a "scale up" request, the same
way as it does for paused containers, or those which have
no task due to a reboot of the machine.
The scale up logic will now delete the stopped task and
recreate the task.
Tested with nodeinfo and figlet on a Dell XPS with
Ubuntu 16.04. The scaling logic has been re-written, but
re-tested by manually pausing and manually removing
the task of a container.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Logs can now be viewed with the following, adding -f to follow
the logs.
journalctl -t default:gateway
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Fixes an issue introduced in #45 which was undetected. When
users do not pass in "labels" to the deployment - or a valid
empty object, then a nil dereference causes a panic.
Fixes: #101
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This patch fixes a vulnerability in the secrets API, however
it is important to stress that the user must be authenticated
as the admin user on the REST API before they can attempt this.
Reported by Appsecco via email. @lucasroesler, Appsecco and
myself believe this to be of low severity.
The fix prevents directory traversal characters from being
used in secret names. If a secret name such as:
../../root/.ssh/authorized_keys were to be used, an attacker
could remove the value and write their own.
Tested with unit tests and tests are now made to run
via the CI and a new Makefile target.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
**What**
- journald log provider using exec to journalctl
```
journalctl -t <namespace>:<name> --output=json --since=<timestamp> <--follow> --output-fields=SYSLOG_IDENTIFIER,MESSAGE,_PID,_SOURCE_REALTIME_TIMESTAMP
```
- This can be tested manually using `faas-cli logs` as normal, e.g.
`faas-cli logs nodeinfo` should tail the last 5 mins of logs.
- Very basic tests ensuring that the `journalctl` comamand is correctly
construction and that the json log entrys are parsed correctly.
- Add simple e2e test to grep the function logs
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
When ListFunctions populate it's function map, it should not add
functions that GetFunction returned error.
Signed-off-by: Carlos de Paula <me@carlosedp.com>
The behaviour prior to this patch caused some confusion for
users since they expected a behaviour like Swarm / Kubernetes
which always pulls images by default, even if cached. I've tested
the change and it is working as expected. By default images are
always pulled upon deployment.
To revert to the prior behaviour, simply add to faasd up:
--pull-policy=IfNotPresent
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Adding label when a /system/function/<name> endpoint
is invoked as it was missed in the previous commit
Signed-off-by: Martin Dekov <mvdekov@gmail.com>
