* Fixes upstream deprecations for containerd
* Fixes deprecations in ioutil package usage
* Break out separate files for function handlers
* Upgrades containerd to 1.7.22
* Fixes default namespace functionality
* Pre-deploy checks as per license agreement
* Removes extra log messages for payload in HTTP handlers, you
can enable FAAS_DEBUG=1 in the CLI instead to see this from
the client's perspective
* Add additional Google DNS server 8.8.4.4 for functions
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Updates various internal dependencies in go.mod, and Prometheus
within docker-compose.yaml
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Updates containerd to v1.7.0 and new binary for 32-bit
Arm OSes.
* Updates Go dependencies - openfaas and external
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
Test case included for default and non-default
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
Changed Fake Labeller Implementation
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
* Inlines the namespace check for valid faasd namespaces
* Creates a const for the namespace label applied to faasd
namespaces
Tested with go build and go test.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Old secrets are now copied, rather than moved, so that any
existing functions do not need to be redeployed by the user.
As a maintenance task, users should remove the older secrets.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
Included Test cases for utils
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
Multi namespace handling in invoke
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
List Namespaces capability included
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
remove faasd namespace from list result
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
Create Secret Folder Path
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
Filter only namespaces with openfass label
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
Include Testcase for utility function
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
move default function secets to openfaas-fn namespace secrets
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
Corrected issue with secret moving
Signed-off-by: Nitishkumar Singh <nitishkumarsingh71@gmail.com>
System containers can now be proxied to the localhost or to
all adapters using docker-compose.
Tested with NATS and Prometheus to 127.0.0.1 in multipass
and with the gateway to 0.0.0.0.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* revendor k3sup to prevent arch / OS from being printed in
the logs
* print version on startup
* bump minor CNI and containerd version for e2e tests
* revendor faas-provider for latest log printing update
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
**What**
- Use the compose-go library to read the service definitions from an
external compose file instead of building them in Go
- Add default compose file and copy during `faasd install`
- Add test for load and parse of compose file
- Make testing easier by sorting the env keys
- Allow append to instantiate the slices so that we can more easily test
for proper parsing (e.g. nil is still nil etc)
- Add the arch suffix to the compose file and set this as part of the
env when we parse the compose file. This allows faasd to dynamically
set the arch suffix used for the basic auth and the gateway images.
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
**What**
- journald log provider using exec to journalctl
```
journalctl -t <namespace>:<name> --output=json --since=<timestamp> <--follow> --output-fields=SYSLOG_IDENTIFIER,MESSAGE,_PID,_SOURCE_REALTIME_TIMESTAMP
```
- This can be tested manually using `faas-cli logs` as normal, e.g.
`faas-cli logs nodeinfo` should tail the last 5 mins of logs.
- Very basic tests ensuring that the `journalctl` comamand is correctly
construction and that the json log entrys are parsed correctly.
- Add simple e2e test to grep the function logs
Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
The behaviour prior to this patch caused some confusion for
users since they expected a behaviour like Swarm / Kubernetes
which always pulls images by default, even if cached. I've tested
the change and it is working as expected. By default images are
always pulled upon deployment.
To revert to the prior behaviour, simply add to faasd up:
--pull-policy=IfNotPresent
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
The collect command redirects function logs to the journal for
viewing on journalctl. faas-cli logs is not implemented as of
yet. View logs with journalctl -t openfaas-fn:FN_NAME_HERE.
Tested on Dell XPS with Ubuntu Linux. The approach takes
inspiration from the Stellar project.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Not sure how this got reverted / affected, but was wrong. The
name "faas-containerd" is gone and not in use.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
The use of containerd and CNI functions has been refactored to reuse
the same codebase.
Added all network functionality to own directory and package. Removed
netlink and weave library in favor of using CNI plugin result files.
Rename containers handler to functions to clear-up functionality.
Signed-off-by: Carlos de Paula <me@carlosedp.com>
This appeared to prevent the provider's secret code from
creating files in its working directory. The patch makes all
code use the same permission.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Adds secrets support and binding of secrets at runtime to
functions. Files are written in plain-text to a 0644 permission
folder which can only be read by root and the containers
requesting the secret through the OpenFaaS API.
Tested by deploying an alpine function using "cat" as its
fprocess.
Happy to revisit at a later date and look into encryption at
rest. This should be on-par with using Kubernetes in its
default unencrypted state.
Fixes: #29
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
The new unit file runs the merged faasd binary and the provider
command. The install script also prints out a sample login
command to make it easier to use the faas-cli.
Travis / CI has been updated to run the new steps in the e2e
tests.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
This patch completes part of the work in #20 by porting the code
for faas-containerd in-tree. When tested, I was able to deploy
and then remove figlet from the store on `x86_64`.
In a follow-up PR, duplication will be removed where possible
and consolidated with updated documentation.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Replaced netns utility with CNI plugins to create a bridge network
and allow communication between containers with firewall plugin.
Overwrite the CNI config in case it exists. Allow updating the config
on new versions.
Signed-off-by: Carlos de Paula <me@carlosedp.com>
* faasd writes secrets to wd + /secrets/*
* faas-containerd is passed a custom path to use to load the
secrets
Both services gain their work /run/ folders for temporary and
working files. Tested on RPi3 e2e with faasd install.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Proxy has initial unit test and more can be added
* Shutdown channel and cancellation added for proper shutdown of
the proxy
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Required so that faas-containerd can start independently of
faasd.
* Extracts common mount path const for mounted secrets
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
* Issue was detected whilst testing 0.4.0 from @Waterdrips which
added basic auth, but the header was not being propagated.
* This code is tested in OpenFaaS already, but unit tests will
be added retrospectively.
* Proxy now reads the gateway URL via a channel instead of from
a file to make unit testing easier.
Basic auth now works as expected with faas-cli login / list.
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Add and enable basic auth to the gateway. This allows users to
put their gateway on the internet and expose it to public networks
without anyone being able to control their deployments.
Added information to the README that allows users to get their
gatewau basic auth password and username
Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
