OpenFaaS Operator for Kubernetes 1.9 or newer
- Minimal example:
apiVersion: openfaas.com/v1alpha2
kind: Function
metadata:
name: nodeinfo
namespace: openfaas-fn
spec:
name: nodeinfo
image: functions/nodeinfo:latest- Extended example:
apiVersion: openfaas.com/v1alpha2
kind: Function
metadata:
name: nodeinfo
namespace: openfaas-fn
spec:
name: nodeinfo
handler: node main.js
image: functions/nodeinfo:latest
labels:
com.openfaas.scale.min: "2"
com.openfaas.scale.max: "15"
annotations:
current-time: Mon 6 Aug 23:42:00 BST 2018
next-time: Mon 6 Aug 23:42:00 BST 2019
environment:
write_debug: "true"
limits:
cpu: "200m"
memory: "256Mi"
requests:
cpu: "10m"
memory: "128Mi"
constraints:
- "cloud.google.com/gke-nodepool=default-pool"
secrets:
- nodeinfo-secret1Example adapted from artifacts/nodeinfo.yaml
- Generate CRD from
stack.yml
You can generate CRD entries separated by --- by running faas-cli generate in the same folder as a stack.yml file. Each function in the file will be outputted. If you want a CRD for one function only then you can also pass --filter=function-name.
# create a go function for Docker Hub user `alexellis2`
faas-cli new --lang go --prefix alexellis2 crd-example
# build and push an image
faas-cli build -f crd-example.yaml
faas-cli push -f crd-example.yaml
# generate the CRD entry from the "stack.yml" file and apply in the cluster
faas-cli generate -f crd-example.yaml | kubectl apply -f -- Generate CRD from Function Store
# find a function in the store
faas-cli store list
...
# generate to a file
faas-cli generate --from-store="figlet" > figlet-crd.yaml
kubectl apply -f figlet-crd.yamlYou can deploy OpenFaaS and the operator using helm, or generate static YAML through the helm template command.
Two namespaces will be used - openfaas for the core services and openfaas-fn for functions.
# create OpenFaaS namespaces
kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml
# add OpenFaaS Helm repo
helm repo add openfaas https://openfaas.github.io/faas-netes/
# generate a random password
PASSWORD=$(head -c 12 /dev/urandom | shasum| cut -d' ' -f1)
kubectl -n openfaas create secret generic basic-auth \
--from-literal=basic-auth-user=admin \
--from-literal=basic-auth-password="$PASSWORD"
# get latest chart version
helm repo update
# install with basic auth enabled
helm upgrade openfaas --install openfaas/openfaas \
--namespace openfaas \
--set basic_auth=true \
--set functionNamespace=openfaas-fn \
--set operator.create=trueNote: If you are switching from the OpenFaaS
faas-netescontroller, then you will need to remove all functions and redeploy them after switching to the operator.
kubectl -n openfaas-fn apply -f ./artifacts/nodeinfo.yamlOn armhf use:
kubectl -n openfaas-fn apply -f ./artifacts/figlet-armhf.yamlkubectl -n openfaas-fn get functions
kubectl -n openfaas-fn get allkubectl -n openfaas-fn create secret generic faas-token --from-literal=faas-token=token
kubectl -n openfaas-fn create secret generic faas-key --from-literal=faas-key=key
kubectl -n openfaas-fn apply -f ./artifacts/gofast.yamlTest that secrets are available inside the gofast pod:
kubectl -n openfaas-fn exec -it gofast-84fd464784-sd5ml -- sh
~ $ cat /var/openfaas/faas-key
key
~ $ cat /var/openfaas/faas-token
tokenTest that node selectors work on GKE by adding the following to gofast.yaml:
constraints:
- "cloud.google.com/gke-nodepool=default-pool"Apply the function and check the deployment specs with:
kubectl -n openfaas-fn describe deployment gofastThe OpenFaaS Operator runs as a sidecar in the gateway pod. For end to end testing you need to update the sidecar to use your development image.
- Build, tag and push your image to your own public docker repository:
export USERNAME="username"
make build \
&& docker tag openfaas/openfaas-operator:latest $USERNAME/openfaas-operator:latest-dev \
&& docker push $USERNAME/openfaas-operator:latest-dev- Update your helm deployment
helm upgrade openfaas --install openfaas/openfaas \
--namespace openfaas \
--set functionNamespace=openfaas-fn \
--set operator.create=true \
--set operator.image=$USERNAME/openfaas-operator:latest-devYou will a KUBECONFIG file and accessible in your path.
- Create the OpenFaaS CRD
$ kubectl apply -f artifacts/operator-crd.yaml- Build and launch the OpenFaaS controller locally
$ go build \
&& ./openfaas-operator -kubeconfig=$HOME/.kube/config -v=4As an alternative, you can use go run
$ go run *.go -kubeconfig=$HOME/.kube/configTo use an alternative port set the port environmental variable to another value.
Create a function:
$ kubectl apply -f artifacts/nodeinfo.yamlCheck if nodeinfo deployment and service were created through the CRD:
$ kubectl get deployment nodeinfo
$ kubectl get service nodeinfoTest if nodeinfo service can access the pods:
$ kubectl run -it --rm --restart=Never curl --image=byrnedo/alpine-curl:latest --command -- sh
/ # curl -d 'verbose' http://nodeinfo.default:8080Delete nodeinfo function:
kubectl delete -f artifacts/nodeinfo.yaml Check if nodeinfo pods, rc, deployment and service were removed:
kubectl get allThe operator also implements the OpenFaaS REST API which provides an additional way to manage functions and secrets in addition to using the CRD with kubectl directly.
If OpenFaaS is configured with the basic_auth=true flag then Basic Authentication is enabled on the REST API. If that is the case then reformat each curl command to also include the credentials.
- Basic Auth off
curl -s http://localhost:8081/system/functions | jq .- Basic Auth enabled
export USER=""
export PASSWORD=""
curl -s http://$USER:$PASSWORD@localhost:8081/system/functions | jq .Create or update a function:
curl -d '{"service":"nodeinfo","image":"functions/nodeinfo:burner","envProcess":"node main.js","labels":{"com.openfaas.scale.min":"2","com.openfaas.scale.max":"15"},"environment":{"output":"verbose","debug":"true"}}' -X POST http://localhost:8081/system/functionsList functions:
curl -s http://localhost:8081/system/functions | jq .Scale PODs up/down:
curl -d '{"serviceName":"nodeinfo", "replicas": 3}' -X POST http://localhost:8081/system/scale-function/nodeinfoGet available replicas:
curl -s http://localhost:8081/system/function/nodeinfo | jq .availableReplicasRemove function:
curl -d '{"functionName":"nodeinfo"}' -X DELETE http://localhost:8081/system/functionsCreate secret:
curl -d '{"name":"test","value":"test"}' -X POST http://localhost:8081/system/secretsList secrets:
curl -X GET http://localhost:8081/system/secretsUpdate secret:
curl -d '{"name":"test","value":"test update"}' -X PUT http://localhost:8081/system/secretsDelete secret:
curl -d '{"name":"test"}' -X DELETE http://localhost:8081/system/secretsExample service account:
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
namespace: openfaas-fnSet the following in your function spec:
annotations:
com.openfaas.serviceaccount: "build-robot"Verbosity levels:
-v=0CRUD actions via API and Controller including errors-v=2function call duration (Proxy API)-v=4Kubernetes informers events (highly verbose)
Prometheus route:
curl http://localhost:8081/metricsProfiling is disabled by default, to enable it set pprof environment variable to true.
The pprof UI can be access at http://localhost:8081/debug/pprof/. The goroutine, heap and threadcreate
profilers are enabled along with the full goroutine stack dump.
Run the heap profiler:
go tool pprof goprofex http://localhost:8081/debug/pprof/heapRun the goroutine profiler:
go tool pprof goprofex http://localhost:8081/debug/pprof/goroutine
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent