Print start-up timings as human-readable approximation

Signed-off-by: Han Verstraete <welteki@pm.me>

.github/ISSUE_TEMPLATE.md

@@ -1,3 +1,7 @@
+## Due diligence
+
+Before you for help or support, make sure that you've [consulted the faasd manual "Serverless For Everyone Else"](https://openfaas.gumroad.com/l/serverless-for-everyone-else).
+
 <!--- Provide a general summary of the issue in the Title above -->
 
 ## Expected Behaviour

cloud-config.txt

@@ -10,17 +10,7 @@ packages:
  - git
 
 runcmd:
-- curl -sLSf https://github.com/containerd/containerd/releases/download/v1.5.4/containerd-1.5.4-linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
-- curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.5.4/containerd.service | tee /etc/systemd/system/containerd.service
-- systemctl daemon-reload && systemctl start containerd
-- systemctl enable containerd
-- /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
-- mkdir -p /opt/cni/bin
-- curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin
-- mkdir -p /go/src/github.com/openfaas/
-- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.13.0 https://github.com/openfaas/faasd
-- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.13.0/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
-- cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
+- curl -sfL https://raw.githubusercontent.com/openfaas/faasd/master/hack/install.sh | sh -s -
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager
 - systemctl status -l faasd-provider --no-pager

cmd/provider.go

@@ -103,7 +103,7 @@ func makeProviderCmd() *cobra.Command {
 			HealthHandler:        func(w http.ResponseWriter, r *http.Request) {},
 			InfoHandler:          handlers.MakeInfoHandler(Version, GitCommit),
 			ListNamespaceHandler: handlers.MakeNamespacesLister(client),
-			SecretHandler:        handlers.MakeSecretHandler(client, baseUserSecretsPath),
+			SecretHandler:        handlers.MakeSecretHandler(client.NamespaceService(), baseUserSecretsPath),
 			LogHandler:           logs.NewLogHandlerFunc(faasdlogs.New(), config.ReadTimeout),
 		}
 

cmd/up.go

@@ -16,6 +16,7 @@ import (
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"
 
+	units "github.com/docker/go-units"
 	"github.com/openfaas/faasd/pkg"
 )
 
@@ -68,7 +69,7 @@ func runUp(cmd *cobra.Command, _ []string) error {
 		return err
 	}
 
-	log.Printf("Supervisor created in: %s\n", time.Since(start).String())
+	log.Printf("Supervisor created in: %s\n", units.HumanDuration(time.Since(start)))
 
 	start = time.Now()
 	if err := supervisor.Start(services); err != nil {
@@ -76,7 +77,7 @@ func runUp(cmd *cobra.Command, _ []string) error {
 	}
 	defer supervisor.Close()
 
-	log.Printf("Supervisor init done in: %s\n", time.Since(start).String())
+	log.Printf("Supervisor init done in: %s\n", units.HumanDuration(time.Since(start)))
 
 	shutdownTimeout := time.Second * 1
 	timeout := time.Second * 60

docker-compose.yaml

@@ -56,7 +56,7 @@ services:
        - "127.0.0.1:9090:9090"
 
   gateway:
-    image: ghcr.io/openfaas/gateway:0.21.0
+    image: ghcr.io/openfaas/gateway:0.21.3
     environment:
       - basic_auth=true
       - functions_provider_url=http://faasd-provider:8081/

docs/MULTIPASS.md

@@ -27,111 +27,112 @@ It took me about 2-3 minutes to run through everything after installing multipas
 
 * Get my cloud-config.txt file
 
-```sh
-curl -sSLO https://raw.githubusercontent.com/openfaas/faasd/master/cloud-config.txt
-```
+    ```sh
+    curl -sSLO https://raw.githubusercontent.com/openfaas/faasd/master/cloud-config.txt
+    ```
 
-* Update the SSH key to match your own, edit `cloud-config.txt`:
+* Boot the VM 
 
-Replace the 2nd line with the contents of `~/.ssh/id_rsa.pub`:
+    The `cloud-config.txt` contains an ssh key to allow your local machine to access the VM. However, this must be updated with your local ssh key. 
+    This command will update the key with your local public key value and start the VM.
 
-```
-ssh_authorized_keys:
-  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Q/aUYUr3P1XKVucnO9mlWxOjJm+K01lHJR90MkHC9zbfTqlp8P7C3J26zKAuzHXOeF+VFxETRr6YedQKW9zp5oP7sN+F2gr/pO7GV3VmOqHMV7uKfyUQfq7H1aVzLfCcI7FwN2Zekv3yB7kj35pbsMa1Za58aF6oHRctZU6UWgXXbRxP+B04DoVU7jTstQ4GMoOCaqYhgPHyjEAS3DW0kkPW6HzsvJHkxvVcVlZ/wNJa1Ie/yGpzOzWIN0Ol0t2QT/RSWOhfzO1A2P0XbPuZ04NmriBonO9zR7T1fMNmmtTuK7WazKjQT3inmYRAqU6pe8wfX8WIWNV7OowUjUsv alex@alexr.local
-```
+    ```sh
+    sed "s/ssh-rsa.*/$(cat $HOME/.ssh/id_*.pub)/" cloud-config.txt | multipass launch --name faasd --cloud-init -
+    ```
 
-* Boot the VM
+    This can also be done manually, just replace the 2nd line of the `cloud-config.txt` with the coPntents of your public ssh key, usually either `~/.ssh/id_rsa.pub` or `~/.ssh/id_ed25519.pub`
 
-```sh
-multipass launch --cloud-init cloud-config.txt  --name faasd
-```
+    ```
+    ssh_authorized_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Q/aUYUr3P1XKVucnO9mlWxOjJm+K01lHJR90MkHC9zbfTqlp8P7C3J26zKAuzHXOeF+VFxETRr6YedQKW9zp5oP7sN+F2gr/pO7GV3VmOqHMV7uKfyUQfq7H1aVzLfCcI7FwN2Zekv3yB7kj35pbsMa1Za58aF6oHRctZU6UWgXXbRxP+B04DoVU7jTstQ4GMoOCaqYhgPHyjEAS3DW0kkPW6HzsvJHkxvVcVlZ/wNJa1Ie/yGpzOzWIN0Ol0t2QT/RSWOhfzO1A2P0XbPuZ04NmriBonO9zR7T1fMNmmtTuK7WazKjQT3inmYRAqU6pe8wfX8WIWNV7OowUjUsv alex@alexr.local
+    ```
 
 * Get the VM's IP and connect with `ssh`
 
-```sh
-multipass info faasd
-Name:           faasd
-State:          Running
-IPv4:           192.168.64.14
-Release:        Ubuntu 18.04.3 LTS
-Image hash:     a720c34066dc (Ubuntu 18.04 LTS)
-Load:           0.79 0.19 0.06
-Disk usage:     1.1G out of 4.7G
-Memory usage:   145.6M out of 985.7M
-```
+    ```sh
+    multipass info faasd
+    Name:           faasd
+    State:          Running
+    IPv4:           192.168.64.14
+    Release:        Ubuntu 18.04.3 LTS
+    Image hash:     a720c34066dc (Ubuntu 18.04 LTS)
+    Load:           0.79 0.19 0.06
+    Disk usage:     1.1G out of 4.7G
+    Memory usage:   145.6M out of 985.7M
+    ```
 
-Set the variable `IP`:
+    Set the variable `IP`:
 
-```
-export IP="192.168.64.14"
-```
+    ```
+    export IP="192.168.64.14"
+    ```
 
-You can also try to use `jq` to get the IP into a variable:
+    You can also try to use `jq` to get the IP into a variable:
 
-```sh
-export IP=$(multipass info faasd --format json| jq -r '.info.faasd.ipv4[0]')
-```
+    ```sh
+    export IP=$(multipass info faasd --format json| jq -r '.info.faasd.ipv4[0]')
+    ```
 
-Connect to the IP listed:
+    Connect to the IP listed:
 
-```sh
-ssh ubuntu@$IP
-```
+    ```sh
+    ssh ubuntu@$IP
+    ```
 
-Log out once you know it works.
+    Log out once you know it works.
 
 * Let's capture the authentication password into a file for use with `faas-cli`
 
-```
-ssh ubuntu@$IP "sudo cat /var/lib/faasd/secrets/basic-auth-password" > basic-auth-password
-```
+    ```
+    ssh ubuntu@$IP "sudo cat /var/lib/faasd/secrets/basic-auth-password" > basic-auth-password
+    ```
 
 ## Try faasd (OpenFaaS)
 
 * Login from your laptop (the host)
 
-```
-export OPENFAAS_URL=http://$IP:8080
-cat basic-auth-password | faas-cli login -s
-```
+    ```
+    export OPENFAAS_URL=http://$IP:8080
+    cat basic-auth-password | faas-cli login -s
+    ```
 
 * Deploy a function and invoke it
 
-```
-faas-cli store deploy figlet --env write_timeout=1s
-echo "faasd" | faas-cli invoke figlet
+    ```
+    faas-cli store deploy figlet --env write_timeout=1s
+    echo "faasd" | faas-cli invoke figlet
 
-faas-cli describe figlet
+    faas-cli describe figlet
 
-# Run async
-curl -i -d "faasd-async" $OPENFAAS_URL/async-function/figlet
+    # Run async
+    curl -i -d "faasd-async" $OPENFAAS_URL/async-function/figlet
 
-# Run async with a callback
+    # Run async with a callback
 
-curl -i -d "faasd-async" -H "X-Callback-Url: http://some-request-bin.com/path" $OPENFAAS_URL/async-function/figlet
-```
+    curl -i -d "faasd-async" -H "X-Callback-Url: http://some-request-bin.com/path" $OPENFAAS_URL/async-function/figlet
+    ```
 
-You can also checkout the other store functions: `faas-cli store list`
+    You can also checkout the other store functions: `faas-cli store list`
 
 * Try the UI
 
-Head over to the UI from your laptop and remember that your password is in the `basic-auth-password` file. The username is `admin`:
+    Head over to the UI from your laptop and remember that your password is in the `basic-auth-password` file. The username is `admin`:
 
-```
-echo http://$IP:8080
-```
+    ```
+    echo http://$IP:8080
+    ```
 
 * Stop/start the instance
 
-```sh
-multipass stop faasd
-```
+    ```sh
+    multipass stop faasd
+    ```
 
 * Delete, if you want to:
 
-```
-multipass delete --purge faasd
-```
+    ```
+    multipass delete --purge faasd
+    ```
 
 You now have a faasd appliance on your Mac. You can also use this cloud-init file with public cloud like AWS or DigitalOcean.
 

go.mod

@@ -10,14 +10,15 @@ require (
 	github.com/containerd/go-cni v1.0.2
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
 	github.com/docker/cli v0.0.0-20191105005515-99c5edceb48d
-	github.com/docker/distribution v2.7.1+incompatible
+	github.com/docker/distribution v2.8.0+incompatible
 	github.com/docker/docker v17.12.0-ce-rc1.0.20191113042239-ea84732a7725+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.3 // indirect
+	github.com/docker/go-units v0.4.0
 	github.com/gorilla/mux v1.8.0
 	github.com/morikuni/aec v1.0.0
 	github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d
-	github.com/openfaas/faas-provider v0.18.6
-	github.com/openfaas/faas/gateway v0.0.0-20210726163109-539f0a2c946e
+	github.com/openfaas/faas-provider v0.18.9
+	github.com/openfaas/faas/gateway v0.0.0-20220124164130-cdb6badddaed
 	github.com/pkg/errors v0.9.1
 	github.com/sethvargo/go-password v0.2.0
 	github.com/spf13/cobra v1.2.1

go.sum

@@ -275,8 +275,9 @@ github.com/docker/cli v0.0.0-20191105005515-99c5edceb48d h1:SknEFm9d070Wn2GeX8dy
 github.com/docker/cli v0.0.0-20191105005515-99c5edceb48d/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY=
+github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v17.12.0-ce-rc1.0.20191113042239-ea84732a7725+incompatible h1:m+SEbBCq0i1e399zUpu70L8AYiTT5UiF7O0IO+5AorM=
 github.com/docker/docker v17.12.0-ce-rc1.0.20191113042239-ea84732a7725+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ=
@@ -662,10 +663,12 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
 github.com/opencontainers/selinux v1.8.0 h1:+77ba4ar4jsCbL1GLbFL8fFM57w6suPfSS9PDLDY7KM=
 github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/openfaas/faas-provider v0.18.6 h1:wypzvPKZqta8t4rx3W6Dm14ommBCc+rQ4DKDiBdGB7M=
 github.com/openfaas/faas-provider v0.18.6/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
-github.com/openfaas/faas/gateway v0.0.0-20210726163109-539f0a2c946e h1:FeJv/Kj1Bgvc8W89GYKP33MlEl++vat/rmMtLKmQjS4=
-github.com/openfaas/faas/gateway v0.0.0-20210726163109-539f0a2c946e/go.mod h1:dTwtGnbhwl7CjLuYTvp8fgNHq93PrQSTDKkNRpLce18=
+github.com/openfaas/faas-provider v0.18.7/go.mod h1:S217qfIaMrv+XKJxgbhBzJzCfyFvoIF+BvYdDo6XIDQ=
+github.com/openfaas/faas-provider v0.18.9 h1:nHPlq9PYLGLuyhuXfASlBPOvXiZC/fJqHOr6m+0Fn1s=
+github.com/openfaas/faas-provider v0.18.9/go.mod h1:S217qfIaMrv+XKJxgbhBzJzCfyFvoIF+BvYdDo6XIDQ=
+github.com/openfaas/faas/gateway v0.0.0-20220124164130-cdb6badddaed h1:IUR44PymXKr2Dj/fd5AsmHQQ7qKBqqkRsv7L05WUUvM=
+github.com/openfaas/faas/gateway v0.0.0-20220124164130-cdb6badddaed/go.mod h1:whIGF77conBmsgi5s56E2yjX3dXiw4DXypt4+eTxVQM=
 github.com/openfaas/nats-queue-worker v0.0.0-20210726161954-ada9a31504c9/go.mod h1:ajlN2z+D8JPBq3kWNv4WLT6mtKPqlgeE3dYEx39d1tk=
 github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
 github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=

hack/install.sh

@@ -45,8 +45,12 @@ has_pacman() {
 
 install_required_packages() {
   if $(has_apt_get); then
+    # Debian bullseye is missing iptables. Added to required packages
+    # to get it working in raspberry pi. No such known issues in
+    # other distros. Hence, adding only to this block.
+    # reference: https://github.com/openfaas/faasd/pull/237
     $SUDO apt-get update -y
-    $SUDO apt-get install -y curl runc bridge-utils
+    $SUDO apt-get install -y curl runc bridge-utils iptables
   elif $(has_yum); then
     $SUDO yum check-update -y
     $SUDO yum install -y curl runc

pkg/provider/handlers/delete.go

@@ -43,7 +43,7 @@ func MakeDeleteHandler(client *containerd.Client, cni gocni.CNI) func(w http.Res
 		lookupNamespace := getRequestNamespace(readNamespaceFromQuery(r))
 
 		// Check if namespace exists, and it has the openfaas label
-		valid, err := validNamespace(client, lookupNamespace)
+		valid, err := validNamespace(client.NamespaceService(), lookupNamespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return

pkg/provider/handlers/deploy.go

@@ -54,7 +54,7 @@ func MakeDeployHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 		namespace := getRequestNamespace(req.Namespace)
 
 		// Check if namespace exists, and it has the openfaas label
-		valid, err := validNamespace(client, namespace)
+		valid, err := validNamespace(client.NamespaceService(), namespace)
 
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)

pkg/provider/handlers/functions.go

@@ -37,7 +37,7 @@ type Function struct {
 func ListFunctions(client *containerd.Client, namespace string) (map[string]*Function, error) {
 
 	// Check if namespace exists, and it has the openfaas label
-	valid, err := validNamespace(client, namespace)
+	valid, err := validNamespace(client.NamespaceService(), namespace)
 	if err != nil {
 		return nil, err
 	}

pkg/provider/handlers/read.go

@@ -2,10 +2,11 @@ package handlers
 
 import (
 	"encoding/json"
-	"k8s.io/apimachinery/pkg/api/resource"
 	"log"
 	"net/http"
 
+	"k8s.io/apimachinery/pkg/api/resource"
+
 	"github.com/containerd/containerd"
 	"github.com/openfaas/faas-provider/types"
 )
@@ -16,7 +17,7 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 
 		lookupNamespace := getRequestNamespace(readNamespaceFromQuery(r))
 		// Check if namespace exists, and it has the openfaas label
-		valid, err := validNamespace(client, lookupNamespace)
+		valid, err := validNamespace(client.NamespaceService(), lookupNamespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
@@ -39,7 +40,7 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 			annotations := &fn.annotations
 			labels := &fn.labels
 			memory := resource.NewQuantity(fn.memoryLimit, resource.BinarySI)
-			res = append(res, types.FunctionStatus{
+			status := types.FunctionStatus{
 				Name:        fn.name,
 				Image:       fn.image,
 				Replicas:    uint64(fn.replicas),
@@ -49,9 +50,17 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 				Secrets:     fn.secrets,
 				EnvVars:     fn.envVars,
 				EnvProcess:  fn.envProcess,
-				Limits:      &types.FunctionResources{Memory: memory.String()},
 				CreatedAt:   fn.createdAt,
-			})
+			}
+
+			// Do not remove below memory check for 0
+			// Memory limit should not be included in status until set explicitly
+			limit := &types.FunctionResources{Memory: memory.String()}
+			if limit.Memory != "0" {
+				status.Limits = limit
+			}
+
+			res = append(res, status)
 		}
 
 		body, _ := json.Marshal(res)

pkg/provider/handlers/replicas.go

@@ -17,7 +17,7 @@ func MakeReplicaReaderHandler(client *containerd.Client) func(w http.ResponseWri
 		lookupNamespace := getRequestNamespace(readNamespaceFromQuery(r))
 
 		// Check if namespace exists, and it has the openfaas label
-		valid, err := validNamespace(client, lookupNamespace)
+		valid, err := validNamespace(client.NamespaceService(), lookupNamespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
@@ -31,6 +31,7 @@ func MakeReplicaReaderHandler(client *containerd.Client) func(w http.ResponseWri
 		if f, err := GetFunction(client, functionName, lookupNamespace); err == nil {
 			found := types.FunctionStatus{
 				Name:              functionName,
+				Image:             f.image,
 				AvailableReplicas: uint64(f.replicas),
 				Replicas:          uint64(f.replicas),
 				Namespace:         f.namespace,

pkg/provider/handlers/scale.go

@@ -42,7 +42,7 @@ func MakeReplicaUpdateHandler(client *containerd.Client, cni gocni.CNI) func(w h
 		namespace := getRequestNamespace(readNamespaceFromQuery(r))
 
 		// Check if namespace exists, and it has the openfaas label
-		valid, err := validNamespace(client, namespace)
+		valid, err := validNamespace(client.NamespaceService(), namespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return

pkg/provider/handlers/secret.go

@@ -10,14 +10,14 @@ import (
 	"path"
 	"strings"
 
-	"github.com/containerd/containerd"
 	"github.com/openfaas/faas-provider/types"
+	provider "github.com/openfaas/faasd/pkg/provider"
 )
 
 const secretFilePermission = 0644
 const secretDirPermission = 0755
 
-func MakeSecretHandler(c *containerd.Client, mountPath string) func(w http.ResponseWriter, r *http.Request) {
+func MakeSecretHandler(store provider.Labeller, mountPath string) func(w http.ResponseWriter, r *http.Request) {
 
 	err := os.MkdirAll(mountPath, secretFilePermission)
 	if err != nil {
@@ -31,13 +31,13 @@ func MakeSecretHandler(c *containerd.Client, mountPath string) func(w http.Respo
 
 		switch r.Method {
 		case http.MethodGet:
-			listSecrets(c, w, r, mountPath)
+			listSecrets(store, w, r, mountPath)
 		case http.MethodPost:
-			createSecret(c, w, r, mountPath)
+			createSecret(w, r, mountPath)
 		case http.MethodPut:
-			createSecret(c, w, r, mountPath)
+			createSecret(w, r, mountPath)
 		case http.MethodDelete:
-			deleteSecret(c, w, r, mountPath)
+			deleteSecret(w, r, mountPath)
 		default:
 			w.WriteHeader(http.StatusBadRequest)
 			return
@@ -46,11 +46,11 @@ func MakeSecretHandler(c *containerd.Client, mountPath string) func(w http.Respo
 	}
 }
 
-func listSecrets(c *containerd.Client, w http.ResponseWriter, r *http.Request, mountPath string) {
+func listSecrets(store provider.Labeller, w http.ResponseWriter, r *http.Request, mountPath string) {
 
 	lookupNamespace := getRequestNamespace(readNamespaceFromQuery(r))
 	// Check if namespace exists, and it has the openfaas label
-	valid, err := validNamespace(c, lookupNamespace)
+	valid, err := validNamespace(store, lookupNamespace)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
@@ -63,8 +63,15 @@ func listSecrets(c *containerd.Client, w http.ResponseWriter, r *http.Request, m
 
 	mountPath = getNamespaceSecretMountPath(mountPath, lookupNamespace)
 
-	files, err := ioutil.ReadDir(mountPath)
+	files, err := os.ReadDir(mountPath)
+	if os.IsNotExist(err) {
+		bytesOut, _ := json.Marshal([]types.Secret{})
+		w.Write(bytesOut)
+		return
+	}
+
 	if err != nil {
+		fmt.Printf("Error Occured: %s \n", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
@@ -78,7 +85,7 @@ func listSecrets(c *containerd.Client, w http.ResponseWriter, r *http.Request, m
 	w.Write(bytesOut)
 }
 
-func createSecret(c *containerd.Client, w http.ResponseWriter, r *http.Request, mountPath string) {
+func createSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
 	secret, err := parseSecret(r)
 	if err != nil {
 		log.Printf("[secret] error %s", err.Error())
@@ -118,7 +125,7 @@ func createSecret(c *containerd.Client, w http.ResponseWriter, r *http.Request,
 	}
 }
 
-func deleteSecret(c *containerd.Client, w http.ResponseWriter, r *http.Request, mountPath string) {
+func deleteSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
 	secret, err := parseSecret(r)
 	if err != nil {
 		log.Printf("[secret] error %s", err.Error())

pkg/provider/handlers/secret_test.go

@@ -1,6 +1,9 @@
 package handlers
 
 import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -10,6 +13,8 @@ import (
 	"testing"
 
 	"github.com/openfaas/faas-provider/types"
+	"github.com/openfaas/faasd/pkg"
+	provider "github.com/openfaas/faasd/pkg/provider"
 )
 
 func Test_parseSecret(t *testing.T) {
@@ -161,3 +166,87 @@ func TestSecretCreation(t *testing.T) {
 		})
 	}
 }
+
+func TestListSecrets(t *testing.T) {
+	mountPath, err := os.MkdirTemp("", "test_secret_creation")
+	if err != nil {
+		t.Fatalf("unexpected error while creating temp directory: %s", err)
+	}
+
+	defer os.RemoveAll(mountPath)
+
+	cases := []struct {
+		name       string
+		verb       string
+		namespace  string
+		labels     map[string]string
+		status     int
+		secretPath string
+		secret     string
+		err        string
+		expected   []types.Secret
+	}{
+		{
+			name:       "Get empty secret list for default namespace having no secret",
+			verb:       http.MethodGet,
+			status:     http.StatusOK,
+			secretPath: "/test-fn/foo",
+			secret:     "bar",
+			expected:   make([]types.Secret, 0),
+		},
+		{
+			name:       "Get empty secret list for non-default namespace having no secret",
+			verb:       http.MethodGet,
+			status:     http.StatusOK,
+			secretPath: "/test-fn/foo",
+			secret:     "bar",
+			expected:   make([]types.Secret, 0),
+			namespace:  "other-ns",
+			labels: map[string]string{
+				pkg.NamespaceLabel: "true",
+			},
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			labelStore := provider.NewFakeLabeller(tc.labels)
+
+			handler := MakeSecretHandler(labelStore, mountPath)
+
+			path := "http://example.com/foo"
+			if len(tc.namespace) > 0 {
+				path = path + fmt.Sprintf("?namespace=%s", tc.namespace)
+			}
+			req := httptest.NewRequest(tc.verb, path, nil)
+			w := httptest.NewRecorder()
+
+			handler(w, req)
+
+			resp := w.Result()
+			if resp.StatusCode != tc.status {
+				t.Fatalf("want status: %d, but got: %d", tc.status, resp.StatusCode)
+			}
+
+			if resp.StatusCode != http.StatusOK && w.Body.String() != tc.err {
+				t.Fatalf("want error message: %q, but got %q", tc.err, w.Body.String())
+			}
+
+			body, err := ioutil.ReadAll(resp.Body)
+			if err != nil {
+				t.Fatalf("can't read response of list %v", err)
+			}
+
+			var res []types.Secret
+			err = json.Unmarshal(body, &res)
+
+			if err != nil {
+				t.Fatalf("unable to unmarshal %q, error: %v", string(body), err)
+			}
+
+			if !reflect.DeepEqual(res, tc.expected) {
+				t.Fatalf("want response: %v, but got: %v", tc.expected, res)
+			}
+		})
+	}
+}

pkg/provider/handlers/update.go

@@ -43,7 +43,7 @@ func MakeUpdateHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 		namespace := getRequestNamespace(req.Namespace)
 
 		// Check if namespace exists, and it has the openfaas label
-		valid, err := validNamespace(client, namespace)
+		valid, err := validNamespace(client.NamespaceService(), namespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return

pkg/provider/handlers/utils.go

@@ -5,10 +5,9 @@ import (
 	"net/http"
 	"path"
 
-	"github.com/containerd/containerd"
-
 	"github.com/openfaas/faasd/pkg"
 	faasd "github.com/openfaas/faasd/pkg"
+	provider "github.com/openfaas/faasd/pkg/provider"
 )
 
 func getRequestNamespace(namespace string) string {
@@ -30,12 +29,11 @@ func getNamespaceSecretMountPath(userSecretPath string, namespace string) string
 
 // validNamespace indicates whether the namespace is eligable to be
 // used for OpenFaaS functions.
-func validNamespace(client *containerd.Client, namespace string) (bool, error) {
+func validNamespace(store provider.Labeller, namespace string) (bool, error) {
 	if namespace == faasd.DefaultFunctionNamespace {
 		return true, nil
 	}
 
-	store := client.NamespaceService()
 	labels, err := store.Labels(context.Background(), namespace)
 	if err != nil {
 		return false, err

pkg/provider/labeller.go

@@ -0,0 +1,25 @@
+package provider
+
+import "context"
+
+// Labeller can return labels for a namespace from containerd.
+type Labeller interface {
+	Labels(ctx context.Context, namespace string) (map[string]string, error)
+}
+
+//
+// FakeLabeller can be used to fake labels applied on namespace to mark
+// them valid/invalid for openfaas functions
+type FakeLabeller struct {
+	labels map[string]string
+}
+
+func NewFakeLabeller(labels map[string]string) Labeller {
+	return &FakeLabeller{
+		labels: labels,
+	}
+}
+
+func (s *FakeLabeller) Labels(ctx context.Context, namespace string) (map[string]string, error) {
+	return s.labels, nil
+}

pkg/supervisor.go

@@ -24,6 +24,7 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/containerd/containerd/namespaces"
+	units "github.com/docker/go-units"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -112,7 +113,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 		}
 		images[svc.Name] = img
 		size, _ := img.Size(ctx)
-		fmt.Printf("Prepare done for: %s, %d bytes\n", svc.Image, size)
+		fmt.Printf("Prepare done for: %s, %s\n", svc.Image, units.HumanSize(float64(size)))
 	}
 
 	for _, svc := range svcs {

vendor/github.com/docker/distribution/reference/normalize.go

@@ -56,6 +56,35 @@ func ParseNormalizedNamed(s string) (Named, error) {
 	return named, nil
 }
 
+// ParseDockerRef normalizes the image reference following the docker convention. This is added
+// mainly for backward compatibility.
+// The reference returned can only be either tagged or digested. For reference contains both tag
+// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@
+// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as
+// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa.
+func ParseDockerRef(ref string) (Named, error) {
+	named, err := ParseNormalizedNamed(ref)
+	if err != nil {
+		return nil, err
+	}
+	if _, ok := named.(NamedTagged); ok {
+		if canonical, ok := named.(Canonical); ok {
+			// The reference is both tagged and digested, only
+			// return digested.
+			newNamed, err := WithName(canonical.Name())
+			if err != nil {
+				return nil, err
+			}
+			newCanonical, err := WithDigest(newNamed, canonical.Digest())
+			if err != nil {
+				return nil, err
+			}
+			return newCanonical, nil
+		}
+	}
+	return TagNameOnly(named), nil
+}
+
 // splitDockerDomain splits a repository name to domain and remotename string.
 // If no valid domain is found, the default domain is used. Repository name
 // needs to be already validated before.

vendor/github.com/docker/distribution/reference/reference.go

@@ -205,7 +205,7 @@ func Parse(s string) (Reference, error) {
 	var repo repository
 
 	nameMatch := anchoredNameRegexp.FindStringSubmatch(matches[1])
-	if nameMatch != nil && len(nameMatch) == 3 {
+	if len(nameMatch) == 3 {
 		repo.domain = nameMatch[1]
 		repo.path = nameMatch[2]
 	} else {

vendor/github.com/openfaas/faas-provider/go.mod

@@ -1,6 +1,6 @@
 module github.com/openfaas/faas-provider
 
-go 1.13
+go 1.16
 
 require (
 	github.com/gorilla/mux v1.8.0

vendor/github.com/openfaas/faas-provider/go.sum

@@ -11,8 +11,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-go.uber.org/goleak v0.10.0 h1:G3eWbSNIskeRqtsN/1uI5B+eP73y3JUuBsv9AZjehb4=
-go.uber.org/goleak v0.10.0/go.mod h1:VCZuO8V8mFPlL0F5J5GK1rtHV3DrFcQ1R8ryq7FK0aI=
 go.uber.org/goleak v1.1.0 h1:MJDxhkyAAWXEJf/y4NSOPYD/bBx7JAzIjUbv12/4FFs=
 go.uber.org/goleak v1.1.0/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -27,7 +25,6 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11 h1:Yq9t9jnGoR+dBuitxdo9l6Q7xh/zOyNnYUtDKaQ3x0E=
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=

vendor/github.com/openfaas/faas-provider/types/function_deployment.go

@@ -0,0 +1,51 @@
+package types
+
+// FunctionDeployment represents a request to create or update a Function.
+type FunctionDeployment struct {
+
+	// Service is the name of the function deployment
+	Service string `json:"service"`
+
+	// Image is a fully-qualified container image
+	Image string `json:"image"`
+
+	// Namespace for the function, if supported by the faas-provider
+	Namespace string `json:"namespace,omitempty"`
+
+	// EnvProcess overrides the fprocess environment variable and can be used
+	// with the watchdog
+	EnvProcess string `json:"envProcess,omitempty"`
+
+	// EnvVars can be provided to set environment variables for the function runtime.
+	EnvVars map[string]string `json:"envVars,omitempty"`
+
+	// Constraints are specific to the faas-provider.
+	Constraints []string `json:"constraints,omitempty"`
+
+	// Secrets list of secrets to be made available to function
+	Secrets []string `json:"secrets,omitempty"`
+
+	// Labels are metadata for functions which may be used by the
+	// faas-provider or the gateway
+	Labels *map[string]string `json:"labels,omitempty"`
+
+	// Annotations are metadata for functions which may be used by the
+	// faas-provider or the gateway
+	Annotations *map[string]string `json:"annotations,omitempty"`
+
+	// Limits for function
+	Limits *FunctionResources `json:"limits,omitempty"`
+
+	// Requests of resources requested by function
+	Requests *FunctionResources `json:"requests,omitempty"`
+
+	// ReadOnlyRootFilesystem removes write-access from the root filesystem
+	// mount-point.
+	ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty"`
+}
+
+// FunctionResources Memory and CPU
+type FunctionResources struct {
+	Memory string `json:"memory,omitempty"`
+	CPU    string `json:"cpu,omitempty"`
+}

vendor/github.com/openfaas/faas-provider/types/function_status.go

@@ -2,72 +2,6 @@ package types
 
 import "time"
 
-// Secret for underlying orchestrator
-type Secret struct {
-	// Name of the secret
-	Name string `json:"name"`
-
-	// Namespace if applicable for the secret
-	Namespace string `json:"namespace,omitempty"`
-
-	// Value is a string representing the string's value
-	Value string `json:"value,omitempty"`
-
-	// RawValue can be used to provide binary data when
-	// Value is not set
-	RawValue []byte `json:"rawValue,omitempty"`
-}
-
-// FunctionDeployment represents a request to create or update a Function.
-type FunctionDeployment struct {
-
-	// Service is the name of the function deployment
-	Service string `json:"service"`
-
-	// Image is a fully-qualified container image
-	Image string `json:"image"`
-
-	// Namespace for the function, if supported by the faas-provider
-	Namespace string `json:"namespace,omitempty"`
-
-	// EnvProcess overrides the fprocess environment variable and can be used
-	// with the watchdog
-	EnvProcess string `json:"envProcess,omitempty"`
-
-	// EnvVars can be provided to set environment variables for the function runtime.
-	EnvVars map[string]string `json:"envVars,omitempty"`
-
-	// Constraints are specific to the faas-provider.
-	Constraints []string `json:"constraints,omitempty"`
-
-	// Secrets list of secrets to be made available to function
-	Secrets []string `json:"secrets,omitempty"`
-
-	// Labels are metadata for functions which may be used by the
-	// faas-provider or the gateway
-	Labels *map[string]string `json:"labels,omitempty"`
-
-	// Annotations are metadata for functions which may be used by the
-	// faas-provider or the gateway
-	Annotations *map[string]string `json:"annotations,omitempty"`
-
-	// Limits for function
-	Limits *FunctionResources `json:"limits,omitempty"`
-
-	// Requests of resources requested by function
-	Requests *FunctionResources `json:"requests,omitempty"`
-
-	// ReadOnlyRootFilesystem removes write-access from the root filesystem
-	// mount-point.
-	ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty"`
-}
-
-// FunctionResources Memory and CPU
-type FunctionResources struct {
-	Memory string `json:"memory,omitempty"`
-	CPU    string `json:"cpu,omitempty"`
-}
-
 // FunctionStatus exported for system/functions endpoint
 type FunctionStatus struct {
 
@@ -128,4 +62,24 @@ type FunctionStatus struct {
 	// CreatedAt is the time read back from the faas backend's
 	// data store for when the function or its container was created.
 	CreatedAt time.Time `json:"createdAt,omitempty"`
+
+	// Usage represents CPU and RAM used by all of the
+	// functions' replicas. Divide by AvailableReplicas for an
+	// average value per replica.
+	Usage *FunctionUsage `json:"usage,omitempty"`
+}
+
+// FunctionUsage represents CPU and RAM used by all of the
+// functions' replicas.
+//
+// CPU is measured in seconds consumed since the last measurement
+// RAM is measured in total bytes consumed
+//
+type FunctionUsage struct {
+	// CPU is the increase in CPU usage since the last measurement
+	// equivalent to Kubernetes' concept of millicores.
+	CPU float64 `json:"cpu,omitempty"`
+
+	//TotalMemoryBytes is the total memory usage in bytes.
+	TotalMemoryBytes float64 `json:"totalMemoryBytes,omitempty"`
 }

vendor/github.com/openfaas/faas-provider/types/secret.go

@@ -0,0 +1,17 @@
+package types
+
+// Secret for underlying orchestrator
+type Secret struct {
+	// Name of the secret
+	Name string `json:"name"`
+
+	// Namespace if applicable for the secret
+	Namespace string `json:"namespace,omitempty"`
+
+	// Value is a string representing the string's value
+	Value string `json:"value,omitempty"`
+
+	// RawValue can be used to provide binary data when
+	// Value is not set
+	RawValue []byte `json:"rawValue,omitempty"`
+}

vendor/modules.txt

@@ -132,7 +132,7 @@ github.com/docker/cli/cli/config
 github.com/docker/cli/cli/config/configfile
 github.com/docker/cli/cli/config/credentials
 github.com/docker/cli/cli/config/types
-# github.com/docker/distribution v2.7.1+incompatible
+# github.com/docker/distribution v2.8.0+incompatible
 ## explicit
 github.com/docker/distribution/digestset
 github.com/docker/distribution/reference
@@ -151,6 +151,7 @@ github.com/docker/go-connections/nat
 # github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
 github.com/docker/go-events
 # github.com/docker/go-units v0.4.0
+## explicit
 github.com/docker/go-units
 # github.com/gogo/googleapis v1.4.0
 github.com/gogo/googleapis/google/rpc
@@ -209,7 +210,7 @@ github.com/opencontainers/runtime-spec/specs-go
 github.com/opencontainers/selinux/go-selinux
 github.com/opencontainers/selinux/go-selinux/label
 github.com/opencontainers/selinux/pkg/pwalk
-# github.com/openfaas/faas-provider v0.18.6
+# github.com/openfaas/faas-provider v0.18.9
 ## explicit
 github.com/openfaas/faas-provider
 github.com/openfaas/faas-provider/auth
@@ -217,7 +218,7 @@ github.com/openfaas/faas-provider/httputil
 github.com/openfaas/faas-provider/logs
 github.com/openfaas/faas-provider/proxy
 github.com/openfaas/faas-provider/types
-# github.com/openfaas/faas/gateway v0.0.0-20210726163109-539f0a2c946e
+# github.com/openfaas/faas/gateway v0.0.0-20220124164130-cdb6badddaed
 ## explicit
 github.com/openfaas/faas/gateway/requests
 # github.com/pkg/errors v0.9.1