Update images for NATS / GW / queue-worker

Routine updates to the containers that are used for faasd CE

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>

.github/ISSUE_TEMPLATE.md

@@ -8,6 +8,10 @@ Before you ask for help or support, make sure that you've [consulted the manual
 <!-- How is this affecting you? What task are you trying to accomplish? -->
 ## Why do you need this?
 
+<!-- Attempts to mask or hide this may result in the issue being closed -->
+## Who is this for?
+
+What company is this for? Are you listed in the [ADOPTERS.md](https://github.com/openfaas/faas/blob/master/ADOPTERS.md) file?
 
 <!--- Provide a general summary of the issue in the Title above -->
 ## Expected Behaviour

.github/workflows/verify-images.yaml

@@ -0,0 +1,18 @@
+name: Verify Docker Compose Images
+
+on:
+  push:
+    paths:
+      - '**.yaml'
+
+jobs:
+  verifyImages:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@master
+      - uses: alexellis/setup-arkade@v2
+      - name: Verify chart images
+        id: verify_images
+        run: |
+          VERBOSE=true make verify-compose

Makefile

@@ -66,3 +66,7 @@ test-e2e:
 
 # Removed due to timing issue in CI on GitHub Actions
 #	/usr/local/bin/faas-cli logs figlet --since 15m --follow=false | grep Forking
+
+verify-compose:
+	@echo Verifying docker-compose.yaml images in remote registries && \
+	arkade chart verify --verbose=$(VERBOSE) -f ./docker-compose.yaml

README.md

@@ -1,9 +1,8 @@
 # faasd - a lightweight & portable faas engine
 
-[![Sponsor this](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&link=https://github.com/sponsors/openfaas)](https://github.com/sponsors/openfaas)
+[![Sponsor faasd](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&link=https://github.com/sponsors/openfaas)](https://github.com/sponsors/openfaas)
 [![Build Status](https://github.com/openfaas/faasd/workflows/build/badge.svg?branch=master)](https://github.com/openfaas/faasd/actions)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-[![OpenFaaS](https://img.shields.io/badge/openfaas-serverless-blue.svg)](https://www.openfaas.com)
 ![Downloads](https://img.shields.io/github/downloads/openfaas/faasd/total)
 
 faasd is [OpenFaaS](https://github.com/openfaas/) reimagined, but without the cost and complexity of Kubernetes. It runs on a single host with very modest requirements, making it fast and easy to manage. Under the hood it uses [containerd](https://containerd.io/) and [Container Networking Interface (CNI)](https://github.com/containernetworking/cni) along with the same core OpenFaaS components from the main project.
@@ -78,6 +77,8 @@ You can use the standard [faas-cli](https://github.com/openfaas/faas-cli) along
 
 faasd does not create the same maintenance burden you'll find with maintaining, upgrading, and securing a Kubernetes cluster. You can deploy it and walk away, in the worst case, just deploy a new VM and deploy your functions again.
 
+You can learn more about supported OpenFaaS features in the [ROADMAP.md](/docs/ROADMAP.md)
+
 ## Learning faasd
 
 The faasd project is MIT licensed and open source, and you will find some documentation, blog posts and videos for free.
@@ -161,11 +162,9 @@ If you are learning faasd, or want to share your use-case, you can join the Open
 * [Become an OpenFaaS GitHub Sponsor](https://github.com/sponsors/openfaas/)
 * [Join the weekly Office Hours call](https://docs.openfaas.com/community/)
 
-### Backlog, features and known issues
+### Backlog, features, design limitations and any known issues
 
-For completed features, WIP and upcoming roadmap see:
+For open backlog items, shipped features, design limitations and any known issues, see [ROADMAP.md](docs/ROADMAP.md)
-
-See [ROADMAP.md](docs/ROADMAP.md)
 
 Want to build a patch without setting up a complete development environment? See [docs/PATCHES.md](docs/PATCHES.md)
 

docker-compose.yaml

@@ -1,7 +1,11 @@
 version: "3.7"
 services:
+
+  # AE: The basic-auth-plugin is deprecated for OpenFaaS CE
+  # and will be removed in a future release. The behaviour is 
+  # now part of the gateway itself.
   basic-auth-plugin:
-    image: ghcr.io/openfaas/basic-auth:0.25.2
+    image: ghcr.io/openfaas/basic-auth:0.25.5
     environment:
       - port=8080
       - secret_mount_path=/run/secrets
@@ -19,7 +23,7 @@ services:
       - CAP_NET_RAW
 
   nats:
-    image: docker.io/library/nats-streaming:0.24.6
+    image: docker.io/library/nats-streaming:0.25.3
 # nobody
     user: "65534"
     command:
@@ -38,7 +42,7 @@ services:
     #    - "127.0.0.1:8222:8222"
 
   prometheus:
-    image: docker.io/prom/prometheus:v2.38.0
+    image: docker.io/prom/prometheus:v2.41.0
 # nobody
     user: "65534"
     volumes:
@@ -56,7 +60,7 @@ services:
        - "127.0.0.1:9090:9090"
 
   gateway:
-    image: ghcr.io/openfaas/gateway:0.25.2
+    image: ghcr.io/openfaas/gateway:0.26.2
     environment:
       - basic_auth=true
       - functions_provider_url=http://faasd-provider:8081/
@@ -89,7 +93,7 @@ services:
        - "8080:8080"
 
   queue-worker:
-    image: ghcr.io/openfaas/queue-worker:0.13.1
+    image: ghcr.io/openfaas/queue-worker:0.13.3
     environment:
       - faas_nats_address=nats
       - faas_nats_port=4222

docs/ROADMAP.md

@@ -2,54 +2,74 @@
 
 ## Supported operations
 
-* `faas login`
+* `faas-cli login`
-* `faas up`
+* `faas-cli up`
-* `faas list`
+* `faas-cli list`
-* `faas describe`
+* `faas-cli describe`
-* `faas deploy --update=true --replace=false`
+* `faas-cli deploy --update=true --replace=false`
-* `faas invoke --async`
+* `faas-cli invoke --async`
-* `faas invoke`
+* `faas-cli invoke`
-* `faas rm`
+* `faas-cli rm`
-* `faas store list/deploy/inspect`
+* `faas-cli store list/deploy/inspect`
-* `faas version`
+* `faas-cli version`
-* `faas namespace`
+* `faas-cli namespace`
-* `faas secret`
+* `faas-cli secret`
-* `faas logs`
+* `faas-cli logs`
-* `faas auth` - supported for Basic Authentication and OpenFaaS PRO with OIDC and Single-sign On.
+* `faas-cli auth` - supported for Basic Authentication and OpenFaaS Pro with OIDC and Single-sign On.
 
 Scale from and to zero is also supported. On a Dell XPS with a small, pre-pulled image unpausing an existing task took 0.19s and starting a task for a killed function took 0.39s. There may be further optimizations to be gained.
 
+The OpenFaaS REST API is supported by faasd, learn more in the [manual](https://store.openfaas.com/l/serverless-for-everyone-else) under "Can I get an API with that?"
+
 ## Constraints vs OpenFaaS on Kubernetes
 
-faasd suits certain use-cases as mentioned in the README file, for those who want a solution which can scale out horizontally with minimum effort, Kubernetes or K3s is a valid option.
+faasd suits certain use-cases as mentioned in the [README.md](/README.md) file, for those who want a solution which can scale out horizontally with minimum effort, Kubernetes or K3s is a valid option.
+
+Which is right for you? [Read a comparison in the OpenFaaS docs](https://docs.openfaas.com/deployment/)
 
 ### One replica per function
 
-Functions only support one replica, so cannot scale horizontally, but can scale vertically.
+Functions only support one replica for each function, so that means horizontal scaling is not available.
 
-Workaround: deploy one uniquely named function per replica.
+It can scale vertically, and this may be a suitable alternative for many use-cases. See the [YAML reference for how to configure limits](https://docs.openfaas.com/reference/yaml/).
+
+Workaround: deploy multiple, dynamically named functions `scraper-1`, `scraper-2`, `scraper-3` and set up a reverse proxy rule to load balance i.e. `scraper.example.com => [/function/scraper-1, /function/scraper-2, /function/scraper-3]`.
 
 ### Scale from zero may give a non-200
 
-When scaling from zero there is no health check implemented, so the request may arrive before your HTTP server is ready to serve a request, and therefore give a non-200 code.
+faasd itself does not implement a health check to determine if a function is ready for traffic. Since faasd doesn't support auto-scaling, this is unlikely to affect you.
 
-Workaround: Do not scale to zero, or have your client retry HTTP calls.
+Workaround: Have your client retry HTTP calls, or don't scale to zero.
 
-### No clustering is available
+### Single node, no clustering
 
-No clustering is available in faasd, however you can still apply fault-tolerance and high availability techniques.
+faasd is operates on a single-node model. If this is an issue for you, but you have resource constraints, you will need to use OpenFaaS on Kubernetes.
 
-Workaround: deploy multiple faasd instances and use a hardware or software load-balancer. Take regular VM/host snapshots or backups.
+There are no plans to add any form of clustering or multi-node support to faasd. See also: [HA / resilience in faasd #225](https://github.com/openfaas/faasd/issues/225)
 
-### No rolling updates
+What about HA and fault tolerance?
 
-When running `faas-cli deploy`, your old function is removed before the new one is started. This may cause a small amount of downtime, depending on the timeouts and grace periods you set.
+To achieve fault tolerance, you could put two faasd instances behind a load balancer or proxy, but you will need to deploy the same set of functions to each.
 
-Workaround: deploy uniquely named functions per version, and switch an Ingress or Reverse Proxy record to point at a new version once it is ready.
+An alternative would be to take regular VM backups or snapshots.
+
+### No rolling updates are available today
+
+When running `faas-cli deploy`, your old function is removed before the new one is started. This may cause a period of downtime, depending on the timeouts and grace periods you set.
+
+Workaround: deploy uniquely named functions i.e. `scraper-1` and `scraper-2` with a reverse proxy rule that maps `/function/scraper` to the active version.
 
 ## Known issues
 
-### Non 200 HTTP status from the gateway upon first use
+### Troubleshooting
+
+There is a very detailed chapter on troubleshooting in the eBook [Serverless For Everyone Else](https://store.openfaas.com/l/serverless-for-everyone-else)
+
+### Your function timed-out at 60 seconds
+
+This is no longer an issue, see the manual for how to configure a longer timeout, updated 3rd October 2022.
+
+### Non 200 HTTP status from the gateway upon reboot
 
 This issue appears to happen sporadically and only for some users.
 
@@ -75,16 +95,19 @@ sudo systemctl restart faasd
 
 Should have:
 
-* [ ] Offer a recommendation or implement a strategy for faasd replication/HA
 * [ ] Monitor and restart any of the core components at runtime if the container stops
 * [ ] Asynchronous function deletion instead of synchronous
 * [ ] Asynchronous function start-up instead of synchronous
 
 Nice to Have:
 
-* [ ] Terraform for AWS (in-progress)
+* [ ] Live rolling-updates, with zero downtime - requires moving to IDs vs. names for function containers
-* [ ] Total memory limits - if a node has 1GB of RAM, don't allow more than 1000MB of RAM to be reserved via limits
+* [ ] Total memory limits for a node - if a node has 1GB of RAM, don't allow more than 1000MB of RAM to be reserved via limits
-* [ ] Offer live rolling-updates, with zero downtime - requires moving to IDs vs. names for function containers
+* [ ] Terraform for AWS EC2
+
+Won't have:
+
+* [ ] Clustering
 * [ ] Multiple replicas per function
 
 ### Completed
@@ -115,4 +138,5 @@ Nice to Have:
 * [x] Terraform for DigitalOcean
 * [x] [Store and retrieve annotations in function spec](https://github.com/openfaas/faasd/pull/86) - in progress
 * [x] An installer for faasd and dependencies - runc, containerd
+* [x] Offer a recommendation or implement a strategy for faasd replication/HA
 

pkg/provider/config/read.go

@@ -20,9 +20,11 @@ func ReadFromEnv(hasEnv types.HasEnv) (*types.FaaSConfig, *ProviderConfig, error
 
 	serviceTimeout := types.ParseIntOrDurationValue(hasEnv.Getenv("service_timeout"), time.Second*60)
 
-	config.EnableHealth = true
 	config.ReadTimeout = serviceTimeout
 	config.WriteTimeout = serviceTimeout
+	config.EnableBasicAuth = true
+	config.MaxIdleConns = types.ParseIntValue(hasEnv.Getenv("max_idle_conns"), 1024)
+	config.MaxIdleConnsPerHost = types.ParseIntValue(hasEnv.Getenv("max_idle_conns_per_host"), 1024)
 
 	port := types.ParseIntValue(hasEnv.Getenv("port"), 8081)
 	config.TCPPort = &port