Add user support for custom containers

Custom containers in the compose file can have a directory
mounted to store state for things like a database. This requires
a specific user since influxdb/postgresql and other containers
create folders and update permissions on start-up.

Tested with influxdb on Ubuntu with userid 1000, which failed
before the change.

Adds a grace period in the e2e tests.

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>

.github/workflows/build.yaml

@@ -12,7 +12,7 @@ jobs:
       GO111MODULE: off
     strategy:
       matrix:
-        go-version: [1.15.x]
+        go-version: [1.13.x]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:

.github/workflows/publish.yaml

@@ -9,7 +9,7 @@ jobs:
   publish:
     strategy:
       matrix:
-        go-version: [ 1.15.x ]
+        go-version: [ 1.13.x ]
         os: [ ubuntu-latest ]
     runs-on: ${{ matrix.os }}
     steps:

README.md

@@ -49,9 +49,7 @@ Additional resources:
 
 The easiest way to deploy faasd is with cloud-init, we give several examples below, and post IaaS platforms will accept "user-data" pasted into their UI, or via their API.
 
-For trying out fasad on MacOS or Windows, we recommend using multipass.
-
-If you don't use cloud-init, or have already created your Linux server you can use the installation script as per below:
+If you don't use cloud-init, or have already created your Linux server you can use the installation script. This approach also works for Raspberry Pi:
 
 ```bash
 git clone https://github.com/openfaas/faasd
@@ -60,9 +58,7 @@ cd faasd
 ./hack/install.sh
 ```
 
-> This approach also works for Raspberry Pi
-
-It's recommended that you do not install Docker on the same host as faasd, since 1) they may both use different versions of containerd and 2) docker's networking rules can disrupt faasd's networking. When using faasd - make your faasd server a faasd server, and build container image on your laptop or in a CI pipeline.
+For trying out fasad on MacOS or Windows, we recommend using multipass and its cloud-init option.
 
 ### Run locally on MacOS, Linux, or Windows with multipass
 
@@ -86,36 +82,31 @@ You can run this tutorial on your Raspberry Pi, or adapt the steps for a regular
 
 Automate everything within < 60 seconds and get a public URL and IP address back. Customise as required, or adapt to your preferred cloud such as AWS EC2.
 
-* [Provision faasd 0.10.0 on DigitalOcean with Terraform 0.12.0](docs/bootstrap/README.md)
+* [Provision faasd 0.9.10 on DigitalOcean with Terraform 0.12.0](docs/bootstrap/README.md)
 
 * [Provision faasd on DigitalOcean with built-in TLS support](docs/bootstrap/digitalocean-terraform/README.md)
 
-## faasd handbook - everything you need to know to run functions without Kubernetes (early access)
+## Operational concerns
 
-faasd is a portable, and open source serverless engine. It runs a number of core services for its REST API, for background processing, and for metrics. The project schedules functions with containerd directly, and supports scale to and from zero, but without the need for clustering or Kubernetes.
+### A note on private repos / registries
 
-It makes for a quick and easy way to start hosting APIs and websites, benefiting from containers and cloud native technology without having to manage Kubernetes, or pay significant hosting costs.
+To use private image repos, `~/.docker/config.json` needs to be copied to `/var/lib/faasd/.docker/config.json`.
 
-This handbook is written for those deploying faasd to self-hosted or cloud infrastructure. Whilst OpenFaaS has reference documentation, here we focus on everything you need to know about faasd itself.
+If you'd like to set up your own private registry, [see this tutorial](https://blog.alexellis.io/get-a-tls-enabled-docker-registry-in-5-minutes/).
 
-Topics include:
+Beware that running `docker login` on MacOS and Windows may create an empty file with your credentials stored in the system helper.
 
-* Should you deploy to a VPS or Raspberry Pi?
-* Deploying your server with bash, cloud-init or terraform
-* Using a private container registry
-* Building your first function, and customising templates
-* Monitoring your functions with Grafana and Prometheus
-* Scheduling invocations and background jobs
-* Tuning timeouts, parallelism, running tasks in the background
-* Upgrading faasd
-* Setting memory limits for functions
-* Exposing the core services like Prometheus and NATS
+Alternatively, use you can use the `registry-login` command from the OpenFaaS Cloud bootstrap tool (ofc-bootstrap):
 
-> faasd users can upgrade to Kubernetes when the need presents itself and can bring their functions with them.
+```bash
+curl -sLSf https://raw.githubusercontent.com/openfaas-incubator/ofc-bootstrap/master/get.sh | sudo sh
 
-* [Find out more on Gumroad](https://gumroad.com/l/serverless-for-everyone-else)
+ofc-bootstrap registry-login --username <your-registry-username> --password-stdin
+# (the enter your password and hit return)
+```
+The file will be created in `./credentials/`
 
-## Finding logs
+> Note for the GitHub container registry, you should use `ghcr.io` Container Registry and not the previous generation of "Docker Package Registry". [See notes on migrating](https://docs.github.com/en/free-pro-team@latest/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images)
 
 ### Logs for functions
 
@@ -130,6 +121,80 @@ journalctl -t openfaas-fn:figlet -f &
 echo logs | faas-cli invoke figlet
 ```
 
+### Logs for the core services
+
+Core services as defined in the docker-compose.yaml file are deployed as containers by faasd.
+
+View the logs for a component by giving its NAME:
+
+```bash
+journalctl -t default:NAME
+
+journalctl -t default:gateway
+
+journalctl -t default:queue-worker
+```
+
+You can also use `-f` to follow the logs, or `--lines` to tail a number of lines, or `--since` to give a timeframe.
+
+### Exposing core services
+
+The OpenFaaS stack is made up of several core services including NATS and Prometheus. You can expose these through the `docker-compose.yaml` file located at `/var/lib/faasd`.
+
+Expose the gateway to all adapters:
+
+```yaml
+  gateway:
+    ports:
+       - "8080:8080"
+```
+
+Expose Prometheus only to 127.0.0.1:
+
+```yaml
+  prometheus:
+    ports:
+       - "127.0.0.1:9090:9090"
+```
+
+### Upgrading faasd
+
+To upgrade `faasd` either re-create your VM using Terraform, or simply replace the faasd binary with a newer one.
+
+```bash
+systemctl stop faasd-provider
+systemctl stop faasd
+
+# Replace /usr/local/bin/faasd with the desired release
+
+# Replace /var/lib/faasd/docker-compose.yaml with the matching version for
+# that release.
+# Remember to keep any custom patches you make such as exposing additional 
+# ports, or updating timeout values
+
+systemctl start faasd
+systemctl start faasd-provider
+```
+
+You could also perform this task over SSH, or use a configuration management tool.
+
+> Note: if you are using Caddy or Let's Encrypt for free SSL certificates, that you may hit rate-limits for generating new certificates if you do this too often within a given week.
+
+### Memory limits for functions
+
+Memory limits for functions are supported. When the limit is exceeded the function will be killed.
+
+Example:
+
+```yaml
+functions:
+  figlet:
+    skip_build: true
+    image: functions/figlet:latest
+    limits:
+      memory: 20Mi
+```
+
 ## What does faasd deploy?
 
 * faasd - itself, and its [faas-provider](https://github.com/openfaas/faas-provider) for containerd - CRUD for functions and services, implements the OpenFaaS REST API
@@ -146,21 +211,15 @@ You'll also need:
 
 You can use the standard [faas-cli](https://github.com/openfaas/faas-cli) along with pre-packaged functions from *the Function Store*, or build your own using any OpenFaaS template.
 
-### Instructions for hacking on faasd itself
+### Manual / developer instructions
 
 See [here for manual / developer instructions](docs/DEV.md)
 
 ## Getting help
 
-### faasd handbook
+### Docs
 
-"Serverless For Everyone Else" is the complete guide and documentation for faasd. If you're looking for how to do something, it's likely that the book covers it.
-
-* [Find out more on Gumroad](https://gumroad.com/l/serverless-for-everyone-else)
-
-### Reference docs for Kubernetes
-
-The [OpenFaaS docs](https://docs.openfaas.com/) provide a wealth of information for OpenFaaS on Kubernetes, and are likely to be useful for you, even using faasd.
+The [OpenFaaS docs](https://docs.openfaas.com/) provide a wealth of information and are kept up to date with new features.
 
 ### Function and template store
 
@@ -182,15 +241,99 @@ The founder of faasd and OpenFaaS has written a training course for the LinuxFou
 
 ### Community support
 
-Commercial users and solo business owners should become OpenFaaS GitHub Sponsors to receive regular email updates on changes, tutorials and new features.
+An active community of almost 3000 users awaits you on Slack. Over 250 of those users are also contributors and help maintain the code.
 
-If you are learning faasd, or want to share your use-case, you can join the OpenFaaS Slack community.
-
-* [Become an OpenFaaS GitHub Sponsor](https://github.com/sponsors/openfaas/)
 * [Join Slack](https://slack.openfaas.io/)
 
-### Backlog, features and known issues
+## Roadmap
 
-For completed features, WIP and upcoming roadmap see:
+### Supported operations
 
-See [ROADMAP.md](docs/ROADMAP.md)
+* `faas login`
+* `faas up`
+* `faas list`
+* `faas describe`
+* `faas deploy --update=true --replace=false`
+* `faas invoke --async`
+* `faas invoke`
+* `faas rm`
+* `faas store list/deploy/inspect`
+* `faas version`
+* `faas namespace`
+* `faas secret`
+* `faas logs`
+
+Scale from and to zero is also supported. On a Dell XPS with a small, pre-pulled image unpausing an existing task took 0.19s and starting a task for a killed function took 0.39s. There may be further optimizations to be gained.
+
+Other operations are pending development in the provider such as:
+
+* `faas auth` - supported for Basic Authentication, but SSO, OAuth2 & OIDC may require a patch
+
+### Backlog
+
+Should have:
+
+* [ ] Resolve core services from functions by populating/sharing `/etc/hosts` between `faasd` and `faasd-provider`
+* [ ] Docs or examples on how to use the various connectors and connector-sdk
+* [ ] Monitor and restart any of the core components at runtime if the container stops
+* [ ] Asynchronous deletion instead of synchronous
+
+Nice to Have:
+* [ ] Total memory limits - if a node has 1GB of RAM, don't allow more than 1000MB of RAM to be reserved via limits
+* [ ] Offer live rolling-updates, with zero downtime - requires moving to IDs vs. names for function containers
+* [ ] Multiple replicas per function
+
+### Known-issues
+
+#### Non 200 HTTP status code upon first use
+
+This issue appears to happen sporadically and only for some users.
+
+If you get a non 200 HTTP code from the gateway, or caddy after installing faasd, check the logs of faasd:
+
+```bash
+sudo journalctl -t faasd
+```
+
+If you see the following error:
+
+```
+unable to dial to 10.62.0.5:8080, error: dial tcp 10.62.0.5:8080: connect: no route to host
+```
+
+Restart the faasd service with:
+
+```bash
+sudo systemctl restart faasd
+```
+
+### Completed
+
+* [x] Provide a cloud-init configuration for faasd bootstrap
+* [x] Configure core services from a docker-compose.yaml file
+* [x] Store and fetch logs from the journal
+* [x] Add support for using container images in third-party public registries
+* [x] Add support for using container images in private third-party registries
+* [x] Provide a cloud-config.txt file for automated deployments of `faasd`
+* [x] Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway - done via `/etc/hosts` mount
+* [x] Add queue-worker and NATS
+* [x] Create faasd.service and faasd-provider.service
+* [x] Self-install / create systemd service via `faasd install`
+* [x] Restart containers upon restart of faasd
+* [x] Clear / remove containers and tasks with SIGTERM / SIGINT
+* [x] Determine armhf/arm64 containers to run for gateway
+* [x] Configure `basic_auth` to protect the OpenFaaS gateway and faasd-provider HTTP API
+* [x] Setup custom working directory for faasd `/var/lib/faasd/`
+* [x] Use CNI to create network namespaces and adapters
+* [x] Optionally expose core services from the docker-compose.yaml file, locally or to all adapters.
+* [x] ~~[containerd can't pull image from Github Docker Package Registry](https://github.com/containerd/containerd/issues/3291)~~ ghcr.io support
+* [x] Provide [simple Caddyfile example](https://blog.alexellis.io/https-inlets-local-endpoints/) in the README showing how to expose the faasd proxy on port 80/443 with TLS
+* [x] Annotation support
+* [x] Hard memory limits for functions
+* [x] Terraform for DigitalOcean
+* [x] [Store and retrieve annotations in function spec](https://github.com/openfaas/faasd/pull/86) - in progress
+* [x] An installer for faasd and dependencies - runc, containerd
+
+WIP:
+
+* [ ] Terraform for AWS

cloud-config.txt

@@ -17,8 +17,8 @@ runcmd:
 - mkdir -p /opt/cni/bin
 - curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin
 - mkdir -p /go/src/github.com/openfaas/
-- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.10.0 https://github.com/openfaas/faasd
-- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.10.0/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.9.10 https://github.com/openfaas/faasd
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.9.10/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager

docker-compose.yaml

@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   basic-auth-plugin:
-    image: ghcr.io/openfaas/basic-auth:0.20.5
+    image: "docker.io/openfaas/basic-auth-plugin:0.18.18${ARCH_SUFFIX}"
     environment:
       - port=8080
       - secret_mount_path=/run/secrets
@@ -41,7 +41,7 @@ services:
        - "127.0.0.1:9090:9090"
 
   gateway:
-    image: ghcr.io/openfaas/gateway:0.20.5
+    image: "docker.io/openfaas/gateway:0.19.1${ARCH_SUFFIX}"
     environment:
       - basic_auth=true
       - functions_provider_url=http://faasd-provider:8081/

docs/DEV.md

@@ -1,11 +1,9 @@
-## Instructions for hacking on faasd itself
+## Manual installation of faasd for development
 
 > Note: if you're just wanting to try out faasd, then it's likely that you're on the wrong page. This is a detailed set of instructions for those wanting to contribute or customise faasd. Feel free to go back to the homepage and pick a tutorial instead.
 
 ### Pre-reqs
 
-> It's recommended that you do not install Docker on the same host as faasd, since 1) they may both use different versions of containerd and 2) docker's networking rules can disrupt faasd's networking. When using faasd - make your faasd server a faasd server, and build container image on your laptop or in a CI pipeline.
-
 * Linux
 
     PC / Cloud - any Linux that containerd works on should be fair game, but faasd is tested with Ubuntu 18.04
@@ -233,7 +231,7 @@ export SUFFIX="-armhf"
 export SUFFIX="-arm64"
 
 # Then download
-curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.10.0/faasd$SUFFIX" \
+curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.9.10/faasd$SUFFIX" \
     -o "/tmp/faasd" \
     && chmod +x "/tmp/faasd" 
 sudo mv /tmp/faasd /usr/local/bin/

docs/ROADMAP.md

@@ -1,116 +0,0 @@
-# faasd backlog and features
-
-## Supported operations
-
-* `faas login`
-* `faas up`
-* `faas list`
-* `faas describe`
-* `faas deploy --update=true --replace=false`
-* `faas invoke --async`
-* `faas invoke`
-* `faas rm`
-* `faas store list/deploy/inspect`
-* `faas version`
-* `faas namespace`
-* `faas secret`
-* `faas logs`
-* `faas auth` - supported for Basic Authentication and OpenFaaS PRO with OIDC and Single-sign On.
-
-Scale from and to zero is also supported. On a Dell XPS with a small, pre-pulled image unpausing an existing task took 0.19s and starting a task for a killed function took 0.39s. There may be further optimizations to be gained.
-
-## Constraints vs OpenFaaS on Kubernetes
-
-faasd suits certain use-cases as mentioned in the README file, for those who want a solution which can scale out horizontally with minimum effort, Kubernetes or K3s is a valid option.
-
-### One replica per function
-
-Functions only support one replica, so cannot scale horizontally, but can scale vertically.
-
-Workaround: deploy one uniquely named function per replica.
-
-### Scale from zero may give a non-200
-
-When scaling from zero there is no health check implemented, so the request may arrive before your HTTP server is ready to serve a request, and therefore give a non-200 code.
-
-Workaround: Do not scale to zero, or have your client retry HTTP calls.
-
-### No clustering is available
-
-No clustering is available in faasd, however you can still apply fault-tolerance and high availability techniques.
-
-Workaround: deploy multiple faasd instances and use a hardware or software load-balancer. Take regular VM/host snapshots or backups.
-
-### No rolling updates
-
-When running `faas-cli deploy`, your old function is removed before the new one is started. This may cause a small amount of downtime, depending on the timeouts and grace periods you set.
-
-Workaround: deploy uniquely named functions per version, and switch an Ingress or Reverse Proxy record to point at a new version once it is ready.
-
-## Known issues
-
-### Non 200 HTTP status from the gateway upon first use
-
-This issue appears to happen sporadically and only for some users.
-
-If you get a non 200 HTTP code from the gateway, or caddy after installing faasd, check the logs of faasd:
-
-```bash
-sudo journalctl -t faasd
-```
-
-If you see the following error:
-
-```
-unable to dial to 10.62.0.5:8080, error: dial tcp 10.62.0.5:8080: connect: no route to host
-```
-
-Restart the faasd service with:
-
-```bash
-sudo systemctl restart faasd
-```
-
-## Backlog
-
-Should have:
-
-* [ ] Resolve core services from functions by populating/sharing `/etc/hosts` between `faasd` and `faasd-provider`
-* [ ] Docs or examples on how to use the various connectors and connector-sdk
-* [ ] Monitor and restart any of the core components at runtime if the container stops
-* [ ] Asynchronous deletion instead of synchronous
-
-Nice to Have:
-
-* [ ] Terraform for AWS (in-progress)
-* [ ] Total memory limits - if a node has 1GB of RAM, don't allow more than 1000MB of RAM to be reserved via limits
-* [ ] Offer live rolling-updates, with zero downtime - requires moving to IDs vs. names for function containers
-* [ ] Multiple replicas per function
-
-### Completed
-
-* [x] Provide a cloud-init configuration for faasd bootstrap
-* [x] Configure core services from a docker-compose.yaml file
-* [x] Store and fetch logs from the journal
-* [x] Add support for using container images in third-party public registries
-* [x] Add support for using container images in private third-party registries
-* [x] Provide a cloud-config.txt file for automated deployments of `faasd`
-* [x] Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway - done via `/etc/hosts` mount
-* [x] Add queue-worker and NATS
-* [x] Create faasd.service and faasd-provider.service
-* [x] Self-install / create systemd service via `faasd install`
-* [x] Restart containers upon restart of faasd
-* [x] Clear / remove containers and tasks with SIGTERM / SIGINT
-* [x] Determine armhf/arm64 containers to run for gateway
-* [x] Configure `basic_auth` to protect the OpenFaaS gateway and faasd-provider HTTP API
-* [x] Setup custom working directory for faasd `/var/lib/faasd/`
-* [x] Use CNI to create network namespaces and adapters
-* [x] Optionally expose core services from the docker-compose.yaml file, locally or to all adapters.
-* [x] ~~[containerd can't pull image from Github Docker Package Registry](https://github.com/containerd/containerd/issues/3291)~~ ghcr.io support
-* [x] Provide [simple Caddyfile example](https://blog.alexellis.io/https-inlets-local-endpoints/) in the README showing how to expose the faasd proxy on port 80/443 with TLS
-* [x] Annotation support
-* [x] Hard memory limits for functions
-* [x] Terraform for DigitalOcean
-* [x] [Store and retrieve annotations in function spec](https://github.com/openfaas/faasd/pull/86) - in progress
-* [x] An installer for faasd and dependencies - runc, containerd
-

docs/bootstrap/cloud-config.tpl

@@ -19,8 +19,8 @@ runcmd:
 - mkdir -p /var/lib/faasd/secrets/
 - echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
 - echo admin > /var/lib/faasd/secrets/basic-auth-user
-- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.10.0 https://github.com/openfaas/faasd
-- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.10.0/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.9.10 https://github.com/openfaas/faasd
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.9.10/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager

docs/bootstrap/digitalocean-terraform/cloud-config.tpl

@@ -41,8 +41,8 @@ runcmd:
 - mkdir -p /var/lib/faasd/secrets/
 - echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
 - echo admin > /var/lib/faasd/secrets/basic-auth-user
-- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.10.0 https://github.com/openfaas/faasd
-- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.10.0/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.9.10 https://github.com/openfaas/faasd
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.9.10/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager

go.mod

@@ -1,6 +1,6 @@
 module github.com/openfaas/faasd
 
-go 1.15
+go 1.13
 
 require (
 	github.com/Microsoft/hcsshim v0.8.7-0.20190820203702-9e921883ac92 // indirect
@@ -30,7 +30,7 @@ require (
 	github.com/opencontainers/runc v1.0.0-rc9 // indirect
 	github.com/opencontainers/runtime-spec v1.0.2
 	github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4
-	github.com/openfaas/faas-provider v0.16.2
+	github.com/openfaas/faas-provider v0.15.3
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/procfs v0.2.0 // indirect
 	github.com/sethvargo/go-password v0.1.3

go.sum

@@ -181,8 +181,8 @@ github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4 h1:JJjthDw7WziZQ7sC5C+M2872mIdud5R+s6Cb0cXyPuA=
 github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4/go.mod h1:E0m2rLup0Vvxg53BKxGgaYAGcZa3Xl+vvL7vSi5yQ14=
-github.com/openfaas/faas-provider v0.16.2 h1:ChpiZh1RM8zFIzvp31OPlKpTbh5Lcm7f91WCFcpW4gA=
-github.com/openfaas/faas-provider v0.16.2/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
+github.com/openfaas/faas-provider v0.15.3 h1:tfjuL5F/tdoUr1J65XrUADyoe59x38VzN1w0DvBaTRk=
+github.com/openfaas/faas-provider v0.15.3/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

hack/install.sh

@@ -12,7 +12,7 @@ export REPO="faasd"
 version=""
 
 echo "Finding latest version from GitHub"
-version=$(curl -sI https://github.com/$OWNER/$REPO/releases/latest | grep -i "location:" | awk -F"/" '{ printf "%s", $NF }' | tr -d '\r')
+version=$(curl -sI https://github.com/$OWNER/$REPO/releases/latest | grep -i location | awk -F"/" '{ printf "%s", $NF }' | tr -d '\r')
 echo "$version"
 
 if [ ! $version ]; then

pkg/constants.go

@@ -3,11 +3,4 @@ package pkg
 const (
 	// FunctionNamespace is the default containerd namespace functions are created
 	FunctionNamespace = "openfaas-fn"
-
-	// faasdNamespace is the containerd namespace services are created
-	faasdNamespace = "openfaas"
-
-	faasServicesPullAlways = false
-
-	defaultSnapshotter = "overlayfs"
 )

pkg/provider/handlers/functions.go

@@ -3,7 +3,6 @@ package handlers
 import (
 	"context"
 	"fmt"
-	"github.com/opencontainers/runtime-spec/specs-go"
 	"log"
 	"strings"
 
@@ -23,9 +22,6 @@ type Function struct {
 	IP          string
 	labels      map[string]string
 	annotations map[string]string
-	secrets     []string
-	envVars     map[string]string
-	envProcess  string
 }
 
 // ListFunctions returns a map of all functions with running tasks on namespace
@@ -75,22 +71,11 @@ func GetFunction(client *containerd.Client, name string) (Function, error) {
 
 	labels, annotations := buildLabelsAndAnnotations(allLabels)
 
-	spec, err := c.Spec(ctx)
-	if err != nil {
-		return Function{}, fmt.Errorf("unable to load function spec for reading secrets: %s, error %s", name, err)
-	}
-
-	envVars, envProcess := readEnvFromProcessEnv(spec.Process.Env)
-	secrets := readSecretsFromMounts(spec.Mounts)
-
 	fn.name = containerName
 	fn.namespace = faasd.FunctionNamespace
 	fn.image = image.Name()
 	fn.labels = labels
 	fn.annotations = annotations
-	fn.secrets = secrets
-	fn.envVars = envVars
-	fn.envProcess = envProcess
 
 	replicas := 0
 	task, err := c.Task(ctx, nil)
@@ -120,42 +105,6 @@ func GetFunction(client *containerd.Client, name string) (Function, error) {
 	return fn, nil
 }
 
-func readEnvFromProcessEnv(env []string) (map[string]string, string) {
-	foundEnv := make(map[string]string)
-	fprocess := ""
-	for _, e := range env {
-		kv := strings.Split(e, "=")
-		if len(kv) == 1 {
-			continue
-		}
-
-		if kv[0] == "PATH" {
-			continue
-		}
-
-		if kv[0] == "fprocess" {
-			fprocess = kv[1]
-			continue
-		}
-
-		foundEnv[kv[0]] = kv[1]
-	}
-
-	return foundEnv, fprocess
-}
-
-func readSecretsFromMounts(mounts []specs.Mount) []string {
-	secrets := []string{}
-	for _, mnt := range mounts {
-		x := strings.Split(mnt.Destination, "/var/openfaas/secrets/")
-		if len(x) > 1 {
-			secrets = append(secrets, x[1])
-		}
-
-	}
-	return secrets
-}
-
 // buildLabelsAndAnnotations returns a separated list with labels first,
 // followed by annotations by checking each key of ctrLabels for a prefix.
 func buildLabelsAndAnnotations(ctrLabels map[string]string) (map[string]string, map[string]string) {

pkg/provider/handlers/functions_test.go

@@ -2,8 +2,6 @@ package handlers
 
 import (
 	"fmt"
-	"github.com/opencontainers/runtime-spec/specs-go"
-	"reflect"
 	"testing"
 )
 
@@ -29,58 +27,3 @@ func Test_BuildLabelsAndAnnotationsFromServiceSpec_Annotations(t *testing.T) {
 		t.Errorf("want: '%s' entry in annotation map got: key not found", "current-time")
 	}
 }
-
-func Test_SplitMountToSecrets(t *testing.T) {
-	type test struct {
-		Name     string
-		Input    []specs.Mount
-		Expected []string
-	}
-	tests := []test{
-		{Name: "No matching openfaas secrets", Input: []specs.Mount{{Destination: "/foo/"}}, Expected: []string{}},
-		{Name: "Nil mounts", Input: nil, Expected: []string{}},
-		{Name: "No Mounts", Input: []specs.Mount{{Destination: "/foo/"}}, Expected: []string{}},
-		{Name: "One Mounts IS secret", Input: []specs.Mount{{Destination: "/var/openfaas/secrets/secret1"}}, Expected: []string{"secret1"}},
-		{Name: "Multiple Mounts 1 secret", Input: []specs.Mount{{Destination: "/var/openfaas/secrets/secret1"}, {Destination: "/some/other/path"}}, Expected: []string{"secret1"}},
-		{Name: "Multiple Mounts all secrets", Input: []specs.Mount{{Destination: "/var/openfaas/secrets/secret1"}, {Destination: "/var/openfaas/secrets/secret2"}}, Expected: []string{"secret1", "secret2"}},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.Name, func(t *testing.T) {
-			got := readSecretsFromMounts(tc.Input)
-			if !reflect.DeepEqual(got, tc.Expected) {
-				t.Fatalf("expected %s, got %s", tc.Expected, got)
-			}
-		})
-	}
-}
-
-func Test_ProcessEnvToEnvVars(t *testing.T) {
-	type test struct {
-		Name     string
-		Input    []string
-		Expected map[string]string
-		fprocess string
-	}
-	tests := []test{
-		{Name: "No matching EnvVars", Input: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "fprocess=python index.py"}, Expected: make(map[string]string), fprocess: "python index.py"},
-		{Name: "No EnvVars", Input: []string{}, Expected: make(map[string]string), fprocess: ""},
-		{Name: "One EnvVar", Input: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "fprocess=python index.py", "env=this"}, Expected: map[string]string{"env": "this"}, fprocess: "python index.py"},
-		{Name: "Multiple EnvVars", Input: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "this=that", "env=var", "fprocess=python index.py"}, Expected: map[string]string{"this": "that", "env": "var"}, fprocess: "python index.py"},
-		{Name: "Nil EnvVars", Input: nil, Expected: make(map[string]string)},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.Name, func(t *testing.T) {
-			got, fprocess := readEnvFromProcessEnv(tc.Input)
-			if !reflect.DeepEqual(got, tc.Expected) {
-				t.Fatalf("expected: %s, got: %s", tc.Expected, got)
-			}
-
-			if fprocess != tc.fprocess {
-				t.Fatalf("expected fprocess: %s, got: %s", tc.fprocess, got)
-
-			}
-		})
-	}
-}

pkg/provider/handlers/info.go

@@ -22,10 +22,10 @@ func MakeInfoHandler(version, sha string) http.HandlerFunc {
 			defer r.Body.Close()
 		}
 
-		infoResponse := types.ProviderInfo{
+		infoResponse := types.InfoResponse{
 			Orchestration: OrchestrationIdentifier,
-			Name:          ProviderName,
-			Version: &types.VersionInfo{
+			Provider:      ProviderName,
+			Version: types.ProviderVersion{
 				Release: version,
 				SHA:     sha,
 			},

pkg/provider/handlers/info_test.go

@@ -15,14 +15,14 @@ func Test_InfoHandler(t *testing.T) {
 	r := httptest.NewRequest("GET", "/", nil)
 	handler(w, r)
 
-	resp := types.ProviderInfo{}
+	resp := types.InfoResponse{}
 	err := json.Unmarshal(w.Body.Bytes(), &resp)
 	if err != nil {
 		t.Fatalf("unexpected error unmarshalling the response")
 	}
 
-	if resp.Name != ProviderName {
-		t.Fatalf("expected provider %q, got %q", ProviderName, resp.Name)
+	if resp.Provider != ProviderName {
+		t.Fatalf("expected provider %q, got %q", ProviderName, resp.Provider)
 	}
 
 	if resp.Orchestration != OrchestrationIdentifier {

pkg/provider/handlers/read.go

@@ -31,9 +31,6 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 				Namespace:   fn.namespace,
 				Labels:      labels,
 				Annotations: annotations,
-				Secrets:     fn.secrets,
-				EnvVars:     fn.envVars,
-				EnvProcess:  fn.envProcess,
 			})
 		}
 

pkg/provider/handlers/replicas.go

@@ -23,9 +23,6 @@ func MakeReplicaReaderHandler(client *containerd.Client) func(w http.ResponseWri
 				Namespace:         f.namespace,
 				Labels:            &f.labels,
 				Annotations:       &f.annotations,
-				Secrets:           f.secrets,
-				EnvVars:           f.envVars,
-				EnvProcess:        f.envProcess,
 			}
 
 			functionBytes, _ := json.Marshal(found)

pkg/service/service.go

@@ -27,34 +27,31 @@ func Remove(ctx context.Context, client *containerd.Client, name string) error {
 	container, containerErr := client.LoadContainer(ctx, name)
 
 	if containerErr == nil {
-		taskFound := true
+		found := true
 		t, err := container.Task(ctx, nil)
 		if err != nil {
 			if errdefs.IsNotFound(err) {
-				taskFound = false
+				found = false
 			} else {
 				return fmt.Errorf("unable to get task %s: ", err)
 			}
 		}
 
-		if taskFound {
-			status, err := t.Status(ctx)
-			if err != nil {
-				log.Printf("Unable to get status for: %s, error: %s", name, err.Error())
-			} else {
-				log.Printf("Status of %s is: %s\n", name, status.Status)
-			}
+		if found {
+			status, _ := t.Status(ctx)
+			fmt.Printf("Status of %s is: %s\n", name, status.Status)
 
-			log.Printf("Need to kill task: %s\n", name)
-			if err = killTask(ctx, t); err != nil {
+			log.Printf("Need to kill %s\n", name)
+			err := killTask(ctx, t)
+			if err != nil {
 				return fmt.Errorf("error killing task %s, %s, %s", container.ID(), name, err)
 			}
 		}
 
-		if err := container.Delete(ctx, containerd.WithSnapshotCleanup); err != nil {
+		err = container.Delete(ctx, containerd.WithSnapshotCleanup)
+		if err != nil {
 			return fmt.Errorf("error deleting container %s, %s, %s", container.ID(), name, err)
 		}
-
 	} else {
 		service := client.SnapshotService("")
 		key := name + "snapshot"
@@ -73,7 +70,6 @@ func killTask(ctx context.Context, task containerd.Task) error {
 	wg := &sync.WaitGroup{}
 	wg.Add(1)
 	var err error
-
 	go func() {
 		defer wg.Done()
 		if task != nil {
@@ -118,7 +114,6 @@ func getResolver(ctx context.Context, configFile *configfile.ConfigFile) (remote
 		}
 		return ac.Username, ac.Password, nil
 	}
-
 	authOpts := []docker.AuthorizerOpt{docker.WithAuthCreds(credFunc)}
 	authorizer := docker.NewDockerAuthorizer(authOpts...)
 	opts := docker.ResolverOptions{
@@ -133,7 +128,7 @@ func PrepareImage(ctx context.Context, client *containerd.Client, imageName, sna
 		resolver remotes.Resolver
 	)
 
-	if _, statErr := os.Stat(filepath.Join(dockerConfigDir, config.ConfigFileName)); statErr == nil {
+	if _, stErr := os.Stat(filepath.Join(dockerConfigDir, config.ConfigFileName)); stErr == nil {
 		configFile, err := config.Load(dockerConfigDir)
 		if err != nil {
 			return nil, err
@@ -142,8 +137,8 @@ func PrepareImage(ctx context.Context, client *containerd.Client, imageName, sna
 		if err != nil {
 			return empty, err
 		}
-	} else if !os.IsNotExist(statErr) {
-		return empty, statErr
+	} else if !os.IsNotExist(stErr) {
+		return empty, stErr
 	}
 
 	var image containerd.Image
@@ -155,6 +150,7 @@ func PrepareImage(ctx context.Context, client *containerd.Client, imageName, sna
 
 		image = img
 	} else {
+
 		img, err := client.GetImage(ctx, imageName)
 		if err != nil {
 			if !errdefs.IsNotFound(err) {
@@ -191,11 +187,9 @@ func pullImage(ctx context.Context, client *containerd.Client, resolver remotes.
 	rOpts := []containerd.RemoteOpt{
 		containerd.WithPullUnpack,
 	}
-
 	if resolver != nil {
 		rOpts = append(rOpts, containerd.WithResolver(resolver))
 	}
-
 	img, err := client.Pull(ctx, imageName, rOpts...)
 	if err != nil {
 		return empty, fmt.Errorf("cannot pull: %s", err)

pkg/supervisor.go

@@ -26,7 +26,11 @@ import (
 )
 
 const (
+	defaultSnapshotter         = "overlayfs"
 	workingDirectoryPermission = 0644
+	// faasdNamespace is the containerd namespace services are created
+	faasdNamespace         = "default"
+	faasServicesPullAlways = false
 )
 
 type Service struct {

vendor/github.com/openfaas/faas-provider/types/model.go

@@ -3,45 +3,92 @@ package types
 // FunctionDeployment represents a request to create or update a Function.
 type FunctionDeployment struct {
 
-	// Service is the name of the function deployment
+	// Service corresponds to a Service
 	Service string `json:"service"`
 
-	// Image is a fully-qualified container image
+	// Image corresponds to a Docker image
 	Image string `json:"image"`
 
-	// Namespace for the function, if supported by the faas-provider
-	Namespace string `json:"namespace,omitempty"`
+	// Network is specific to Docker Swarm - default overlay network is: func_functions
+	Network string `json:"network"`
 
-	// EnvProcess overrides the fprocess environment variable and can be used
-	// with the watchdog
-	EnvProcess string `json:"envProcess,omitempty"`
+	// EnvProcess corresponds to the fprocess variable for your container watchdog.
+	EnvProcess string `json:"envProcess"`
 
-	// EnvVars can be provided to set environment variables for the function runtime.
-	EnvVars map[string]string `json:"envVars,omitempty"`
+	// EnvVars provides overrides for functions.
+	EnvVars map[string]string `json:"envVars"`
 
-	// Constraints are specific to the faas-provider.
-	Constraints []string `json:"constraints,omitempty"`
+	// RegistryAuth is the registry authentication (optional)
+	// in the same encoded format as Docker native credentials
+	// (see ~/.docker/config.json)
+	RegistryAuth string `json:"registryAuth,omitempty"`
+
+	// Constraints are specific to back-end orchestration platform
+	Constraints []string `json:"constraints"`
 
 	// Secrets list of secrets to be made available to function
-	Secrets []string `json:"secrets,omitempty"`
+	Secrets []string `json:"secrets"`
 
 	// Labels are metadata for functions which may be used by the
-	// faas-provider or the gateway
-	Labels *map[string]string `json:"labels,omitempty"`
+	// back-end for making scheduling or routing decisions
+	Labels *map[string]string `json:"labels"`
 
 	// Annotations are metadata for functions which may be used by the
-	// faas-provider or the gateway
-	Annotations *map[string]string `json:"annotations,omitempty"`
+	// back-end for management, orchestration, events and build tasks
+	Annotations *map[string]string `json:"annotations"`
 
 	// Limits for function
-	Limits *FunctionResources `json:"limits,omitempty"`
+	Limits *FunctionResources `json:"limits"`
 
 	// Requests of resources requested by function
-	Requests *FunctionResources `json:"requests,omitempty"`
+	Requests *FunctionResources `json:"requests"`
 
 	// ReadOnlyRootFilesystem removes write-access from the root filesystem
 	// mount-point.
-	ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty"`
+	ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem"`
+
+	// Namespace for the function to be deployed into
+	Namespace string `json:"namespace,omitempty"`
+}
+
+// FunctionResources Memory and CPU
+type FunctionResources struct {
+	Memory string `json:"memory"`
+	CPU    string `json:"cpu"`
+}
+
+// FunctionStatus exported for system/functions endpoint
+type FunctionStatus struct {
+
+	// Name corresponds to a Service
+	Name string `json:"name"`
+
+	// Image corresponds to a Docker image
+	Image string `json:"image"`
+
+	// InvocationCount count of invocations
+	InvocationCount float64 `json:"invocationCount"`
+
+	// Replicas desired within the cluster
+	Replicas uint64 `json:"replicas"`
+
+	// EnvProcess is the process to pass to the watchdog, if in use
+	EnvProcess string `json:"envProcess"`
+
+	// AvailableReplicas is the count of replicas ready to receive
+	// invocations as reported by the backend
+	AvailableReplicas uint64 `json:"availableReplicas"`
+
+	// Labels are metadata for functions which may be used by the
+	// backend for making scheduling or routing decisions
+	Labels *map[string]string `json:"labels"`
+
+	// Annotations are metadata for functions which may be used by the
+	// backend for management, orchestration, events and build tasks
+	Annotations *map[string]string `json:"annotations"`
+
+	// Namespace where the function can be accessed
+	Namespace string `json:"namespace,omitempty"`
 }
 
 // Secret for underlying orchestrator
@@ -50,65 +97,3 @@ type Secret struct {
 	Namespace string `json:"namespace,omitempty"`
 	Value     string `json:"value,omitempty"`
 }
-
-// FunctionResources Memory and CPU
-type FunctionResources struct {
-	Memory string `json:"memory,omitempty"`
-	CPU    string `json:"cpu,omitempty"`
-}
-
-// FunctionStatus exported for system/functions endpoint
-type FunctionStatus struct {
-
-	// Name is the name of the function deployment
-	Name string `json:"name"`
-
-	// Image is a fully-qualified container image
-	Image string `json:"image"`
-
-	// Namespace for the function, if supported by the faas-provider
-	Namespace string `json:"namespace,omitempty"`
-
-	// EnvProcess overrides the fprocess environment variable and can be used
-	// with the watchdog
-	EnvProcess string `json:"envProcess,omitempty"`
-
-	// EnvVars set environment variables for the function runtime
-	EnvVars map[string]string `json:"envVars,omitempty"`
-
-	// Constraints are specific to the faas-provider
-	Constraints []string `json:"constraints,omitempty"`
-
-	// Secrets list of secrets to be made available to function
-	Secrets []string `json:"secrets,omitempty"`
-
-	// Labels are metadata for functions which may be used by the
-	// faas-provider or the gateway
-	Labels *map[string]string `json:"labels,omitempty"`
-
-	// Annotations are metadata for functions which may be used by the
-	// faas-provider or the gateway
-	Annotations *map[string]string `json:"annotations,omitempty"`
-
-	// Limits for function
-	Limits *FunctionResources `json:"limits,omitempty"`
-
-	// Requests of resources requested by function
-	Requests *FunctionResources `json:"requests,omitempty"`
-
-	// ReadOnlyRootFilesystem removes write-access from the root filesystem
-	// mount-point.
-	ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty"`
-
-	// ** Status fields *8
-
-	// InvocationCount count of invocations
-	InvocationCount float64 `json:"invocationCount,omitempty"`
-
-	// Replicas desired within the cluster
-	Replicas uint64 `json:"replicas,omitempty"`
-
-	// AvailableReplicas is the count of replicas ready to receive
-	// invocations as reported by the faas-provider
-	AvailableReplicas uint64 `json:"availableReplicas,omitempty"`
-}

vendor/github.com/openfaas/faas-provider/types/requests.go

@@ -9,21 +9,20 @@ type ScaleServiceRequest struct {
 	Replicas    uint64 `json:"replicas"`
 }
 
+// InfoResponse provides information about the underlying provider
+type InfoResponse struct {
+	Provider      string          `json:"provider"`
+	Version       ProviderVersion `json:"version"`
+	Orchestration string          `json:"orchestration"`
+}
+
+// ProviderVersion provides the commit sha and release version number of the underlying provider
+type ProviderVersion struct {
+	SHA     string `json:"sha"`
+	Release string `json:"release"`
+}
+
 // DeleteFunctionRequest delete a deployed function
 type DeleteFunctionRequest struct {
 	FunctionName string `json:"functionName"`
 }
-
-// ProviderInfo provides information about the configured provider
-type ProviderInfo struct {
-	Name          string       `json:"provider"`
-	Version       *VersionInfo `json:"version"`
-	Orchestration string       `json:"orchestration"`
-}
-
-// VersionInfo provides the commit message, sha and release version number
-type VersionInfo struct {
-	CommitMessage string `json:"commit_message,omitempty"`
-	SHA           string `json:"sha"`
-	Release       string `json:"release"`
-}

vendor/modules.txt

@@ -2,7 +2,6 @@
 github.com/Microsoft/go-winio
 github.com/Microsoft/go-winio/pkg/guid
 # github.com/Microsoft/hcsshim v0.8.7-0.20190820203702-9e921883ac92
-## explicit
 github.com/Microsoft/hcsshim
 github.com/Microsoft/hcsshim/internal/cow
 github.com/Microsoft/hcsshim/internal/hcs
@@ -22,23 +21,17 @@ github.com/Microsoft/hcsshim/internal/vmcompute
 github.com/Microsoft/hcsshim/internal/wclayer
 github.com/Microsoft/hcsshim/osversion
 # github.com/alexellis/go-execute v0.0.0-20200124154445-8697e4e28c5e
-## explicit
 github.com/alexellis/go-execute/pkg/v1
 # github.com/alexellis/k3sup v0.0.0-20200607084134-629c0bc6b50f
-## explicit
 github.com/alexellis/k3sup/pkg/env
 # github.com/compose-spec/compose-go v0.0.0-20200528042322-36d8ce368e05
-## explicit
 github.com/compose-spec/compose-go/envfile
 github.com/compose-spec/compose-go/interpolation
 github.com/compose-spec/compose-go/loader
 github.com/compose-spec/compose-go/schema
 github.com/compose-spec/compose-go/template
 github.com/compose-spec/compose-go/types
-# github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327
-## explicit
 # github.com/containerd/containerd v1.3.2
-## explicit
 github.com/containerd/containerd
 github.com/containerd/containerd/api/services/containers/v1
 github.com/containerd/containerd/api/services/content/v1
@@ -91,22 +84,17 @@ github.com/containerd/containerd/snapshots/proxy
 github.com/containerd/containerd/sys
 github.com/containerd/containerd/version
 # github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02
-## explicit
 github.com/containerd/continuity/fs
 github.com/containerd/continuity/pathdriver
 github.com/containerd/continuity/syscallx
 github.com/containerd/continuity/sysx
 # github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c
-## explicit
 github.com/containerd/fifo
 # github.com/containerd/go-cni v0.0.0-20200107172653-c154a49e2c75
-## explicit
 github.com/containerd/go-cni
 # github.com/containerd/ttrpc v1.0.0
-## explicit
 github.com/containerd/ttrpc
 # github.com/containerd/typeurl v1.0.0
-## explicit
 github.com/containerd/typeurl
 # github.com/containernetworking/cni v0.7.1
 github.com/containernetworking/cni/libcni
@@ -116,45 +104,37 @@ github.com/containernetworking/cni/pkg/types/020
 github.com/containernetworking/cni/pkg/types/current
 github.com/containernetworking/cni/pkg/version
 # github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
-## explicit
 github.com/coreos/go-systemd/journal
 # github.com/docker/cli v0.0.0-20191105005515-99c5edceb48d
-## explicit
 github.com/docker/cli/cli/config
 github.com/docker/cli/cli/config/configfile
 github.com/docker/cli/cli/config/credentials
 github.com/docker/cli/cli/config/types
 # github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible
-## explicit
 github.com/docker/distribution/digestset
 github.com/docker/distribution/reference
 github.com/docker/distribution/registry/api/errcode
 # github.com/docker/docker v17.12.0-ce-rc1.0.20191113042239-ea84732a7725+incompatible
-## explicit
 github.com/docker/docker/pkg/homedir
 github.com/docker/docker/pkg/idtools
 github.com/docker/docker/pkg/mount
 github.com/docker/docker/pkg/system
 # github.com/docker/docker-credential-helpers v0.6.3
-## explicit
 github.com/docker/docker-credential-helpers/client
 github.com/docker/docker-credential-helpers/credentials
 # github.com/docker/go-connections v0.4.0
 github.com/docker/go-connections/nat
 # github.com/docker/go-events v0.0.0-20170721190031-9461782956ad
-## explicit
 github.com/docker/go-events
 # github.com/docker/go-units v0.4.0
 github.com/docker/go-units
 # github.com/gogo/googleapis v1.2.0
-## explicit
 github.com/gogo/googleapis/google/rpc
 # github.com/gogo/protobuf v1.3.1
 github.com/gogo/protobuf/proto
 github.com/gogo/protobuf/sortkeys
 github.com/gogo/protobuf/types
 # github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9
-## explicit
 github.com/golang/groupcache/lru
 # github.com/golang/protobuf v1.3.2
 github.com/golang/protobuf/proto
@@ -163,10 +143,8 @@ github.com/golang/protobuf/ptypes/any
 github.com/golang/protobuf/ptypes/duration
 github.com/golang/protobuf/ptypes/timestamp
 # github.com/gorilla/mux v1.8.0
-## explicit
 github.com/gorilla/mux
 # github.com/imdario/mergo v0.3.9
-## explicit
 github.com/imdario/mergo
 # github.com/inconshreveable/mousetrap v1.0.0
 github.com/inconshreveable/mousetrap
@@ -175,28 +153,21 @@ github.com/mattn/go-shellwords
 # github.com/mitchellh/mapstructure v1.3.1
 github.com/mitchellh/mapstructure
 # github.com/morikuni/aec v1.0.0
-## explicit
 github.com/morikuni/aec
 # github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2
-## explicit
 github.com/opencontainers/go-digest
 # github.com/opencontainers/image-spec v1.0.1
-## explicit
 github.com/opencontainers/image-spec/identity
 github.com/opencontainers/image-spec/specs-go
 github.com/opencontainers/image-spec/specs-go/v1
 # github.com/opencontainers/runc v1.0.0-rc9
-## explicit
 github.com/opencontainers/runc/libcontainer/system
 github.com/opencontainers/runc/libcontainer/user
 # github.com/opencontainers/runtime-spec v1.0.2
-## explicit
 github.com/opencontainers/runtime-spec/specs-go
 # github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4
-## explicit
 github.com/openfaas/faas/gateway/requests
-# github.com/openfaas/faas-provider v0.16.2
-## explicit
+# github.com/openfaas/faas-provider v0.15.3
 github.com/openfaas/faas-provider
 github.com/openfaas/faas-provider/auth
 github.com/openfaas/faas-provider/httputil
@@ -204,49 +175,35 @@ github.com/openfaas/faas-provider/logs
 github.com/openfaas/faas-provider/proxy
 github.com/openfaas/faas-provider/types
 # github.com/pkg/errors v0.9.1
-## explicit
 github.com/pkg/errors
-# github.com/prometheus/procfs v0.2.0
-## explicit
 # github.com/sethvargo/go-password v0.1.3
-## explicit
 github.com/sethvargo/go-password/password
 # github.com/sirupsen/logrus v1.7.0
 github.com/sirupsen/logrus
 # github.com/spf13/cobra v0.0.5
-## explicit
 github.com/spf13/cobra
 # github.com/spf13/pflag v1.0.5
-## explicit
 github.com/spf13/pflag
 # github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
-## explicit
 github.com/syndtr/gocapability/capability
 # github.com/vishvananda/netlink v1.1.0
-## explicit
 github.com/vishvananda/netlink
 github.com/vishvananda/netlink/nl
 # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
-## explicit
 github.com/vishvananda/netns
 # github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
-## explicit
 github.com/xeipuuv/gojsonpointer
 # github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
 github.com/xeipuuv/gojsonreference
 # github.com/xeipuuv/gojsonschema v1.2.0
 github.com/xeipuuv/gojsonschema
-# go.etcd.io/bbolt v1.3.5
-## explicit
 # go.opencensus.io v0.22.2
-## explicit
 go.opencensus.io
 go.opencensus.io/internal
 go.opencensus.io/trace
 go.opencensus.io/trace/internal
 go.opencensus.io/trace/tracestate
 # golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553
-## explicit
 golang.org/x/net/context
 golang.org/x/net/context/ctxhttp
 golang.org/x/net/http/httpguts
@@ -259,7 +216,6 @@ golang.org/x/net/trace
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
 # golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5
-## explicit
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 # golang.org/x/text v0.3.2
@@ -268,10 +224,8 @@ golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/unicode/norm
 # google.golang.org/genproto v0.0.0-20191216205247-b31c10ee225f
-## explicit
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.23.0
-## explicit
 google.golang.org/grpc
 google.golang.org/grpc/balancer
 google.golang.org/grpc/balancer/base
@@ -311,5 +265,4 @@ gopkg.in/inf.v0
 # gopkg.in/yaml.v2 v2.3.0
 gopkg.in/yaml.v2
 # k8s.io/apimachinery v0.18.9
-## explicit
 k8s.io/apimachinery/pkg/api/resource