* Fixes upstream deprecations for containerd
* Fixes deprecations in ioutil package usage
* Break out separate files for function handlers
* Upgrades containerd to 1.7.22
* Fixes default namespace functionality
* Pre-deploy checks as per license agreement
* Removes extra log messages for payload in HTTP handlers, you
can enable FAAS_DEBUG=1 in the CLI instead to see this from
the client's perspective
* Add additional Google DNS server 8.8.4.4 for functions
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
System containers can now be proxied to the localhost or to
all adapters using docker-compose.
Tested with NATS and Prometheus to 127.0.0.1 in multipass
and with the gateway to 0.0.0.0.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* revendor k3sup to prevent arch / OS from being printed in
the logs
* print version on startup
* bump minor CNI and containerd version for e2e tests
* revendor faas-provider for latest log printing update
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
**What**
- Use the compose-go library to read the service definitions from an
external compose file instead of building them in Go
- Add default compose file and copy during `faasd install`
- Add test for load and parse of compose file
- Make testing easier by sorting the env keys
- Allow append to instantiate the slices so that we can more easily test
for proper parsing (e.g. nil is still nil etc)
- Add the arch suffix to the compose file and set this as part of the
env when we parse the compose file. This allows faasd to dynamically
set the arch suffix used for the basic auth and the gateway images.
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
The behaviour prior to this patch caused some confusion for
users since they expected a behaviour like Swarm / Kubernetes
which always pulls images by default, even if cached. I've tested
the change and it is working as expected. By default images are
always pulled upon deployment.
To revert to the prior behaviour, simply add to faasd up:
--pull-policy=IfNotPresent
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
The use of containerd and CNI functions has been refactored to reuse
the same codebase.
Added all network functionality to own directory and package. Removed
netlink and weave library in favor of using CNI plugin result files.
Rename containers handler to functions to clear-up functionality.
Signed-off-by: Carlos de Paula <me@carlosedp.com>
This appeared to prevent the provider's secret code from
creating files in its working directory. The patch makes all
code use the same permission.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Replaced netns utility with CNI plugins to create a bridge network
and allow communication between containers with firewall plugin.
Overwrite the CNI config in case it exists. Allow updating the config
on new versions.
Signed-off-by: Carlos de Paula <me@carlosedp.com>
* faasd writes secrets to wd + /secrets/*
* faas-containerd is passed a custom path to use to load the
secrets
Both services gain their work /run/ folders for temporary and
working files. Tested on RPi3 e2e with faasd install.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Proxy has initial unit test and more can be added
* Shutdown channel and cancellation added for proper shutdown of
the proxy
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Required so that faas-containerd can start independently of
faasd.
* Extracts common mount path const for mounted secrets
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Issue was detected whilst testing 0.4.0 from @Waterdrips which
added basic auth, but the header was not being propagated.
* This code is tested in OpenFaaS already, but unit tests will
be added retrospectively.
* Proxy now reads the gateway URL via a channel instead of from
a file to make unit testing easier.
Basic auth now works as expected with faas-cli login / list.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Add and enable basic auth to the gateway. This allows users to
put their gateway on the internet and expose it to public networks
without anyone being able to control their deployments.
Added information to the README that allows users to get their
gatewau basic auth password and username
Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
