Alter IP range and share kvm

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>

cloud-config.txt

@@ -18,8 +18,8 @@ runcmd:
 - mkdir -p /opt/cni/bin
 - curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin
 - mkdir -p /go/src/github.com/openfaas/
-- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.10.2 https://github.com/openfaas/faasd
-- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.10.2/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.11.0 https://github.com/openfaas/faasd
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.11.0/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager

cmd/root.go

@@ -46,7 +46,12 @@ var rootCommand = &cobra.Command{
 	Use:   "faasd",
 	Short: "Start faasd",
 	Long: `
-faasd - serverless without Kubernetes
+faasd - Serverless For Everyone Else
+
+Learn how to build, secure, and monitor functions with faasd with 
+the eBook:
+
+https://gumroad.com/l/serverless-for-everyone-else
 `,
 	RunE:         runRootCommand,
 	SilenceUsage: true,

docker-compose.yaml

@@ -41,7 +41,7 @@ services:
        - "127.0.0.1:9090:9090"
 
   gateway:
-    image: ghcr.io/openfaas/gateway:0.20.8
+    image: ghcr.io/openfaas/gateway:0.20.11
     environment:
       - basic_auth=true
       - functions_provider_url=http://faasd-provider:8081/

docs/DEV.md

@@ -169,7 +169,7 @@ You may find alternative package names for CentOS and other Linux distributions.
 #### Install Go 1.13 (x86_64)
 
 ```bash
-curl -sSLf https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz > /tmp/go.tgz
+curl -SLf https://golang.org/dl/go1.16.linux-amd64.tar.gz > /tmp/go.tgz
 sudo rm -rf /usr/local/go/
 sudo mkdir -p /usr/local/go/
 sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
@@ -190,7 +190,7 @@ echo "export PATH=\$PATH:/usr/local/go/bin/" | tee -a $HOME/.bash_profile
 #### Or on Raspberry Pi (armhf)
 
 ```bash
-curl -SLsf https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz > go.tgz
+curl -SLsf https://golang.org/dl/go1.16.linux-armv6l.tar.gz > go.tgz
 sudo rm -rf /usr/local/go/
 sudo mkdir -p /usr/local/go/
 sudo tar -xvf go.tgz -C /usr/local/go/ --strip-components=1
@@ -233,7 +233,7 @@ export SUFFIX="-armhf"
 export SUFFIX="-arm64"
 
 # Then download
-curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.10.2/faasd$SUFFIX" \
+curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.11.0/faasd$SUFFIX" \
     -o "/tmp/faasd" \
     && chmod +x "/tmp/faasd" 
 sudo mv /tmp/faasd /usr/local/bin/

docs/bootstrap/cloud-config.tpl

@@ -20,8 +20,8 @@ runcmd:
 - mkdir -p /var/lib/faasd/secrets/
 - echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
 - echo admin > /var/lib/faasd/secrets/basic-auth-user
-- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.10.2 https://github.com/openfaas/faasd
-- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.10.2/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.11.0 https://github.com/openfaas/faasd
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.11.0/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager

docs/bootstrap/digitalocean-terraform/cloud-config.tpl

@@ -41,8 +41,8 @@ runcmd:
 - mkdir -p /var/lib/faasd/secrets/
 - echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
 - echo admin > /var/lib/faasd/secrets/basic-auth-user
-- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.10.2 https://github.com/openfaas/faasd
-- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.10.2/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.11.0 https://github.com/openfaas/faasd
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.11.0/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager

go.mod

@@ -30,7 +30,7 @@ require (
 	github.com/opencontainers/runc v1.0.0-rc9 // indirect
 	github.com/opencontainers/runtime-spec v1.0.2
 	github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4
-	github.com/openfaas/faas-provider v0.16.2
+	github.com/openfaas/faas-provider v0.17.3
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/procfs v0.2.0 // indirect
 	github.com/sethvargo/go-password v0.1.3

go.sum

@@ -181,8 +181,14 @@ github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4 h1:JJjthDw7WziZQ7sC5C+M2872mIdud5R+s6Cb0cXyPuA=
 github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4/go.mod h1:E0m2rLup0Vvxg53BKxGgaYAGcZa3Xl+vvL7vSi5yQ14=
-github.com/openfaas/faas-provider v0.16.2 h1:ChpiZh1RM8zFIzvp31OPlKpTbh5Lcm7f91WCFcpW4gA=
-github.com/openfaas/faas-provider v0.16.2/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
+github.com/openfaas/faas-provider v0.17.0 h1:4rT8CosKhI5xaAMqbyihEgR6KefO/ViJdF0a8THTgwM=
+github.com/openfaas/faas-provider v0.17.0/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
+github.com/openfaas/faas-provider v0.17.1 h1:P5xTLN+/08PLLh4auIlO/PaUD/J3BUTmaC3en8N5zbs=
+github.com/openfaas/faas-provider v0.17.1/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
+github.com/openfaas/faas-provider v0.17.2 h1:jZ+Z83A/tyJoI1AnpyLN3o0B4K0UEsz1YJ3erASMu+s=
+github.com/openfaas/faas-provider v0.17.2/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
+github.com/openfaas/faas-provider v0.17.3 h1:LN76lrXUKAx27o5X8l+daKWEzsdiW2E99jMOlI1SO5Q=
+github.com/openfaas/faas-provider v0.17.3/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

pkg/cninetwork/cni_network.go

@@ -42,7 +42,7 @@ const (
 	defaultBridgeName = "openfaas0"
 
 	// defaultSubnet is the default subnet used in the defaultCNIConf -- this value is set to not collide with common container networking subnets:
-	defaultSubnet = "10.62.0.0/16"
+	defaultSubnet = "10.63.0.0/16"
 
 	// defaultIfPrefix is the interface name to be created in the container
 	defaultIfPrefix = "eth"
@@ -179,7 +179,7 @@ func GetIPAddress(container string, PID uint32) (string, error) {
 //
 // Example:
 //
-// /var/run/cni/openfaas-cni-bridge/10.62.0.2
+// /var/run/cni/openfaas-cni-bridge/10.63.0.2
 //
 // nats-621
 // eth1

pkg/cninetwork/cni_network_test.go

@@ -10,7 +10,7 @@ import (
 func Test_isCNIResultForPID_Found(t *testing.T) {
 	body := `nats-621
 eth1`
-	fileName := `10.62.0.2`
+	fileName := `10.63.0.2`
 	container := "nats"
 	PID := uint32(621)
 	fullPath := filepath.Join(os.TempDir(), fileName)
@@ -38,7 +38,7 @@ eth1`
 func Test_isCNIResultForPID_NoMatch(t *testing.T) {
 	body := `nats-621
 eth1`
-	fileName := `10.62.0.3`
+	fileName := `10.63.0.3`
 	container := "gateway"
 	PID := uint32(621)
 	fullPath := filepath.Join(os.TempDir(), fileName)

pkg/provider/handlers/deploy.go

@@ -29,8 +29,8 @@ import (
 
 const annotationLabelPrefix = "com.openfaas.annotations."
 
+// MakeDeployHandler returns a handler to deploy a function
 func MakeDeployHandler(client *containerd.Client, cni gocni.CNI, secretMountPath string, alwaysPull bool) func(w http.ResponseWriter, r *http.Request) {
-
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		if r.Body == nil {
@@ -140,18 +140,26 @@ func deploy(ctx context.Context, req types.FunctionDeployment, client *container
 		memory.Limit = &v
 	}
 
-	container, err := client.NewContainer(
-		ctx,
-		name,
-		containerd.WithImage(image),
+	ctrOps := []containerd.NewContainerOpts{containerd.WithImage(image),
 		containerd.WithSnapshotter(snapshotter),
 		containerd.WithNewSnapshot(name+"-snapshot", image),
 		containerd.WithNewSpec(oci.WithImageConfig(image),
+			oci.WithHostname(name),
 			oci.WithCapabilities([]string{"CAP_NET_RAW"}),
 			oci.WithMounts(mounts),
 			oci.WithEnv(envs),
+			oci.WithLinuxDevice("/dev/kvm", "rmw"),
 			withMemory(memory)),
-		containerd.WithContainerLabels(labels),
+		containerd.WithContainerLabels(labels)}
+
+	if v, ok := os.LookupEnv("FUNCTION_RUNTIME"); ok && len(v) > 0 {
+		ctrOps = append(ctrOps, containerd.WithRuntime(v, nil))
+	}
+
+	container, err := client.NewContainer(
+		ctx,
+		name,
+		ctrOps...,
 	)
 
 	if err != nil {

pkg/provider/handlers/functions.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"strings"
+	"time"
 
 	"github.com/opencontainers/runtime-spec/specs-go"
 
@@ -27,6 +28,7 @@ type Function struct {
 	secrets     []string
 	envVars     map[string]string
 	envProcess  string
+	createdAt   time.Time
 }
 
 // ListFunctions returns a map of all functions with running tasks on namespace
@@ -81,6 +83,11 @@ func GetFunction(client *containerd.Client, name string) (Function, error) {
 		return Function{}, fmt.Errorf("unable to load function spec for reading secrets: %s, error %s", name, err)
 	}
 
+	info, err := c.Info(ctx)
+	if err != nil {
+		return Function{}, fmt.Errorf("can't load info for: %s, error %s", name, err)
+	}
+
 	envVars, envProcess := readEnvFromProcessEnv(spec.Process.Env)
 	secrets := readSecretsFromMounts(spec.Mounts)
 
@@ -92,6 +99,7 @@ func GetFunction(client *containerd.Client, name string) (Function, error) {
 	fn.secrets = secrets
 	fn.envVars = envVars
 	fn.envProcess = envProcess
+	fn.createdAt = info.CreatedAt
 
 	replicas := 0
 	task, err := c.Task(ctx, nil)

pkg/provider/handlers/read.go

@@ -34,6 +34,7 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 				Secrets:     fn.secrets,
 				EnvVars:     fn.envVars,
 				EnvProcess:  fn.envProcess,
+				CreatedAt:   fn.createdAt,
 			})
 		}
 
@@ -41,6 +42,5 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusOK)
 		w.Write(body)
-
 	}
 }

pkg/provider/handlers/replicas.go

@@ -26,6 +26,7 @@ func MakeReplicaReaderHandler(client *containerd.Client) func(w http.ResponseWri
 				Secrets:           f.secrets,
 				EnvVars:           f.envVars,
 				EnvProcess:        f.envProcess,
+				CreatedAt:         f.createdAt,
 			}
 
 			functionBytes, _ := json.Marshal(found)

pkg/supervisor.go

@@ -172,6 +172,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 			containerd.WithImage(image),
 			containerd.WithNewSnapshot(svc.Name+"-snapshot", image),
 			containerd.WithNewSpec(oci.WithImageConfig(image),
+				oci.WithHostname(svc.Name),
 				withUserOrDefault(svc.User),
 				oci.WithCapabilities(svc.Caps),
 				oci.WithMounts(mounts),

vendor/github.com/openfaas/faas-provider/proxy/proxy.go

@@ -34,9 +34,8 @@ import (
 )
 
 const (
-	watchdogPort           = "8080"
-	defaultContentType     = "text/plain"
-	errMissingFunctionName = "Please provide a valid route /function/function_name."
+	watchdogPort       = "8080"
+	defaultContentType = "text/plain"
 )
 
 // BaseURLResolver URL resolver for proxy requests
@@ -75,8 +74,9 @@ func NewHandlerFunc(config types.FaaSConfig, resolver BaseURLResolver) http.Hand
 			http.MethodPut,
 			http.MethodPatch,
 			http.MethodDelete,
-			http.MethodGet:
-
+			http.MethodGet,
+			http.MethodOptions,
+			http.MethodHead:
 			proxyRequest(w, r, proxyClient, resolver)
 
 		default:
@@ -136,15 +136,15 @@ func proxyRequest(w http.ResponseWriter, originalReq *http.Request, proxyClient
 	pathVars := mux.Vars(originalReq)
 	functionName := pathVars["name"]
 	if functionName == "" {
-		httputil.Errorf(w, http.StatusBadRequest, errMissingFunctionName)
+		httputil.Errorf(w, http.StatusBadRequest, "Provide function name in the request path")
 		return
 	}
 
 	functionAddr, resolveErr := resolver.Resolve(functionName)
 	if resolveErr != nil {
 		// TODO: Should record the 404/not found error in Prometheus.
-		log.Printf("resolver error: cannot find %s: %s\n", functionName, resolveErr.Error())
-		httputil.Errorf(w, http.StatusNotFound, "Cannot find service: %s.", functionName)
+		log.Printf("resolver error: no endpoints for %s: %s\n", functionName, resolveErr.Error())
+		httputil.Errorf(w, http.StatusServiceUnavailable, "No endpoints available for: %s.", functionName)
 		return
 	}
 
@@ -153,6 +153,7 @@ func proxyRequest(w http.ResponseWriter, originalReq *http.Request, proxyClient
 		httputil.Errorf(w, http.StatusInternalServerError, "Failed to resolve service: %s.", functionName)
 		return
 	}
+
 	if proxyReq.Body != nil {
 		defer proxyReq.Body.Close()
 	}
@@ -167,7 +168,10 @@ func proxyRequest(w http.ResponseWriter, originalReq *http.Request, proxyClient
 		httputil.Errorf(w, http.StatusInternalServerError, "Can't reach service for: %s.", functionName)
 		return
 	}
-	defer response.Body.Close()
+
+	if response.Body != nil {
+		defer response.Body.Close()
+	}
 
 	log.Printf("%s took %f seconds\n", functionName, seconds.Seconds())
 
@@ -176,7 +180,9 @@ func proxyRequest(w http.ResponseWriter, originalReq *http.Request, proxyClient
 	w.Header().Set("Content-Type", getContentType(originalReq.Header, response.Header))
 
 	w.WriteHeader(response.StatusCode)
-	io.Copy(w, response.Body)
+	if response.Body != nil {
+		io.Copy(w, response.Body)
+	}
 }
 
 // buildProxyRequest creates a request object for the proxy request, it will ensure that

vendor/github.com/openfaas/faas-provider/types/model.go

@@ -1,5 +1,7 @@
 package types
 
+import "time"
+
 // FunctionDeployment represents a request to create or update a Function.
 type FunctionDeployment struct {
 
@@ -100,7 +102,9 @@ type FunctionStatus struct {
 	// mount-point.
 	ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty"`
 
-	// ** Status fields *8
+	// ================
+	// Fields for status
+	// ================
 
 	// InvocationCount count of invocations
 	InvocationCount float64 `json:"invocationCount,omitempty"`
@@ -111,4 +115,8 @@ type FunctionStatus struct {
 	// AvailableReplicas is the count of replicas ready to receive
 	// invocations as reported by the faas-provider
 	AvailableReplicas uint64 `json:"availableReplicas,omitempty"`
+
+	// CreatedAt is the time read back from the faas backend's
+	// data store for when the function or its container was created.
+	CreatedAt time.Time `json:"createdAt,omitempty"`
 }

vendor/modules.txt

@@ -195,7 +195,7 @@ github.com/opencontainers/runtime-spec/specs-go
 # github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4
 ## explicit
 github.com/openfaas/faas/gateway/requests
-# github.com/openfaas/faas-provider v0.16.2
+# github.com/openfaas/faas-provider v0.17.3
 ## explicit
 github.com/openfaas/faas-provider
 github.com/openfaas/faas-provider/auth