faas-netes operator README
- Minimal example:
apiVersion: openfaas.com/v1
kind: Function
metadata:
name: nodeinfo
namespace: openfaas-fn
spec:
name: nodeinfo
image: functions/nodeinfo:latest- Extended example:
apiVersion: openfaas.com/v1
kind: Function
metadata:
name: nodeinfo
namespace: openfaas-fn
spec:
name: nodeinfo
handler: node main.js
image: functions/nodeinfo:latest
labels:
com.openfaas.scale.min: "2"
com.openfaas.scale.max: "15"
annotations:
current-time: Mon 6 Aug 23:42:00 BST 2018
next-time: Mon 6 Aug 23:42:00 BST 2019
environment:
write_debug: "true"
limits:
cpu: "200m"
memory: "256Mi"
requests:
cpu: "10m"
memory: "128Mi"
constraints:
- "cloud.google.com/gke-nodepool=default-pool"
secrets:
- nodeinfo-secret1Example adapted from artifacts/nodeinfo.yaml
- Generate CRD from
stack.yml
You can generate CRD entries separated by --- by running faas-cli generate in the same folder as a stack.yml file. Each function in the file will be outputted. If you want a CRD for one function only then you can also pass --filter=function-name.
# create a go function for Docker Hub user `alexellis2`
faas-cli new --lang go --prefix alexellis2 crd-example
# build and push an image
faas-cli build -f crd-example.yaml
faas-cli push -f crd-example.yaml
# generate the CRD entry from the "stack.yml" file and apply in the cluster
faas-cli generate -f crd-example.yaml | kubectl apply -f -- Generate CRD from Function Store
# find a function in the store
faas-cli store list
...
# generate to a file
faas-cli generate --from-store="figlet" > figlet-crd.yaml
kubectl apply -f figlet-crd.yamlYou can deploy OpenFaaS and the operator using helm, or generate static YAML through the helm template command.
Two namespaces will be created - openfaas for the core services and openfaas-fn for functions.
arkade install openfaas --operatorYou will see the connection info and password after the command has completed, you can get the info back at any point in time with the arkade info openfaas command.
Two namespaces will be used - openfaas for the core services and openfaas-fn for functions.
# create OpenFaaS namespaces
kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml
# add OpenFaaS Helm repo
helm repo add openfaas https://openfaas.github.io/faas-netes/
# generate a random password
PASSWORD=$(head -c 12 /dev/urandom | shasum| cut -d' ' -f1)
kubectl -n openfaas create secret generic basic-auth \
--from-literal=basic-auth-user=admin \
--from-literal=basic-auth-password="$PASSWORD"
# get latest chart version
helm repo update
# install with basic auth enabled
helm upgrade openfaas --install openfaas/openfaas \
--namespace openfaas \
--set basic_auth=true \
--set functionNamespace=openfaas-fn \
--set operator.create=trueNote: If you are switching from the OpenFaaS
faas-netescontroller, then you will need to remove all functions and redeploy them after switching to the operator.
If you want to enable multiple namespaces feature which enables you to create functions across namespaces in the cluster, set clusterRole=true.
kubectl -n openfaas-fn apply -f ./artifacts/nodeinfo.yamlkubectl -n openfaas-fn get functions
kubectl -n openfaas-fn get allkubectl -n openfaas-fn create secret generic faas-token --from-literal=faas-token=token
kubectl -n openfaas-fn create secret generic faas-key --from-literal=faas-key=keyAdd the secrets section in nodeinfo.yaml and re-apply the function:
secrets:
- faas-token
- faas-keyTest that secrets are available inside the nodeinfo pod:
kubectl -n openfaas-fn exec -it nodeinfo-84fd464784-sd5ml -- sh
~ $ cat /var/openfaas/faas-key
key
~ $ cat /var/openfaas/faas-token
tokenTest that node selectors work on GKE by adding the following to nodeinfo.yaml:
constraints:
- "cloud.google.com/gke-nodepool=default-pool"Apply the function and check the deployment specs with:
kubectl -n openfaas-fn describe deployment nodeinfoThe OpenFaaS Operator runs as a sidecar in the gateway pod. For end to end testing you need to update the sidecar to use your development image.
- Build, tag and push your image to your own public docker repository:
export USERNAME="username"
make build \
&& docker tag openfaas/openfaas-operator:latest $USERNAME/openfaas-operator:latest-dev \
&& docker push $USERNAME/openfaas-operator:latest-dev- Update your helm deployment
helm upgrade openfaas --install openfaas/openfaas \
--namespace openfaas \
--set functionNamespace=openfaas-fn \
--set operator.create=true \
--set operator.image=$USERNAME/openfaas-operator:latest-devYou will a KUBECONFIG file and accessible in your path.
- Create the OpenFaaS CRD
$ kubectl apply -f artifacts/operator-crd.yaml- Build and launch the OpenFaaS controller locally
$ go build \
&& ./openfaas-operator -kubeconfig=$HOME/.kube/config -v=4As an alternative, you can use go run
$ go run *.go -kubeconfig=$HOME/.kube/configTo use an alternative port set the port environmental variable to another value.
Create a function:
$ kubectl apply -f artifacts/nodeinfo.yamlCheck if nodeinfo deployment and service were created through the CRD:
$ kubectl get deployment nodeinfo
$ kubectl get service nodeinfoTest if nodeinfo service can access the pods:
$ kubectl run -it --rm --restart=Never curl --image=byrnedo/alpine-curl:latest --command -- sh
/ # curl -d 'verbose' http://nodeinfo.default:8080Delete nodeinfo function:
kubectl delete -f artifacts/nodeinfo.yaml Check if nodeinfo pods, rc, deployment and service were removed:
kubectl get allThe operator also implements the OpenFaaS REST API which provides an additional way to manage functions and secrets in addition to using the CRD with kubectl directly.
If OpenFaaS is configured with the basic_auth=true flag then Basic Authentication is enabled on the REST API. If that is the case then reformat each curl command to also include the credentials.
- Basic Auth off
curl -s http://localhost:8081/system/functions | jq .- Basic Auth enabled
export USER=""
export PASSWORD=""
curl -s http://$USER:$PASSWORD@localhost:8081/system/functions | jq .Create or update a function:
curl -d '{"service":"nodeinfo","image":"functions/nodeinfo:burner","envProcess":"node main.js","labels":{"com.openfaas.scale.min":"2","com.openfaas.scale.max":"15"},"environment":{"output":"verbose","debug":"true"}}' -X POST http://localhost:8081/system/functionsList functions:
curl -s http://localhost:8081/system/functions | jq .Scale PODs up/down:
curl -d '{"serviceName":"nodeinfo", "replicas": 1}' -X POST http://localhost:8081/system/scale-function/nodeinfoGet available replicas:
curl -s http://localhost:8081/system/function/nodeinfo | jq .availableReplicasRemove function:
curl -d '{"functionName":"nodeinfo"}' -X DELETE http://localhost:8081/system/functionsCreate secret:
curl -d '{"name":"test","value":"test"}' -X POST http://localhost:8081/system/secretsList secrets:
curl -X GET http://localhost:8081/system/secretsUpdate secret:
curl -d '{"name":"test","value":"test update"}' -X PUT http://localhost:8081/system/secretsDelete secret:
curl -d '{"name":"test"}' -X DELETE http://localhost:8081/system/secretsExample service account:
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
namespace: openfaas-fnSet the following in your function spec:
annotations:
com.openfaas.serviceaccount: "build-robot"Verbosity levels:
-v=0CRUD actions via API and Controller including errors-v=2function call duration (Proxy API)-v=4Kubernetes informers events (highly verbose)
Prometheus route:
curl http://localhost:8081/metricsProfiling is disabled by default, to enable it set pprof environment variable to true.
The pprof UI can be access at http://localhost:8081/debug/pprof/. The goroutine, heap and threadcreate
profilers are enabled along with the full goroutine stack dump.
Run the heap profiler:
go tool pprof goprofex http://localhost:8081/debug/pprof/heapRun the goroutine profiler:
go tool pprof goprofex http://localhost:8081/debug/pprof/goroutine