openfaas / faas Goto Github PK
View Code? Open in Web Editor NEWOpenFaaS - Serverless Functions Made Simple
Home Page: https://www.openfaas.com
License: MIT License
OpenFaaS - Serverless Functions Made Simple
Home Page: https://www.openfaas.com
License: MIT License
Kubernetes has a convention of a healthz endpoint on port 10254.
London - 14th June
Title: How Serverless Functions will XLR8 your Cloud with Docker
Slot: 20 min
Audience: seats 100
Abstract:
This talk gives an overview of Serverless - a new architecture for building small, discrete and reusable chunks of code which when combined are more than the sum of their parts. You will see demos of integrations with the Amazon Alexa voice assistant, Twitter and Slack. The baked-in metrics give operational oversight and allows your functions to scale to demand - automatically.
Functions as a Service (FaaS) by Alex Ellis is a framework for building serverless functions on Docker with first class support for metrics. Any code can be packaged as a function enabling you to consume a range of web events without repetitive boilerplate coding.
This way cool, and thanks for posting this project!
I ran the quickstart, and again on my local machine, however I wasn't able to successfully bring the UI portal up.
docker swarm init --advertise-addr=$(ifconfig eth0| grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}') && git clone https://github.com/alexellis/faas && cd faas && ./deploy_stack.sh && docker service ls
Curious if you have any tips to get to the UX screen.
TIA!
Is it possible to keep a function running? The initialization of my function takes a long time so I have a delay in every call I make. It would be nice if my function could stay open and read every new line that is coming in via STDIN.
Now that the Gateway can be load-balanced an invocation count should cover the count across all of the gateways.
For Swarm it shows the current gateway instance since we're reading the local counter
For Kubernetes it shows as empty
Query the Prometheus API from the gateway:
PromQL example:
gateway_function_invocation_total{}
Concerns:
creates a circular dependency since the gateway is a scrape target
scrape interval is around 5-15s meaning we won't see the invocation count increase live.
this data needs to be overlaid on top of the "list functions" response from Swarm or the external gateway - See: faasHandlers.ListFunctions
in server.go
for the FaaS gateway
Both
With Lambda a modified Flask library can be used called Zappa to handle single requests.
CC @JockDaRock
This appears to be incompatible, but..
A CGI handler works in its place and lets you retain template functionality and views etc.
Improve logging for functions during error conditions via @thejibz
Within watchdog binary:
The exec of process:
Also review whether panic is the correct behaviour for failure of exec.
If there is a mix of resolved/firing statuses for > 1 function both auto-scale.
The function at a reasonable rate should not scale. The function under pressure should
The previous function that had an alert scales with the new function under load
Check the message for more detail - specifically to see if each function has an individual status of OK/firing.
Force NodeInfo sample to scale - let it back off - then force EchoIt to scale. Both will scale together even though they shouldn't.
DIND Docker in Docker can be used to deploy FaaS, run some basic tests and get a confidence level RE: PRs/changes.
Initial version of this would deploy built-in stack and test echo function for example.
Help wanted on this (re: time)
Write a lock file in /tmp/ on start so that we know the function can accept HTTP connections.
Initial areas for security strategy. Implementation needs to be easy to use when deployed locally or in development environment.
UI
Static Angular UI tester visible when deployed
Suggestion - HTTPs / basic auth and cookie. Minimum initial version could have a single admin account.
System API
Endpoints: deploy function / delete function / get a list of functions
Approach needs to be consumed by the UI and by an optional CLI.
Functions API
I.e. /function/function_name [POST]
This can be split into two use-cases:
For the functions expecting webhooks, it's rare that I've seen anything here - sometimes a digest of the message from the remote party. Mainly just a HTTP POST with a body to your endpoint.
For endpoints not receiving webhooks from third-parties, but being used as part of a chain of functions etc - maybe here it makes sense to add some kind of header/bearer token / JWT.
Related
It would be great to have a basic security on admin ui and / or function call
The goal would be to provide an API token to enble basic security on gateway UI access and function call.
There is no security to access gateway UI or call a function. Anybody that have access to ui can add a function.
Add an API key for each call to gateway UI to secure access.
Add an generated API key for each function in order to secure access to them
Ease the use and pipelining of FaaS functions within a shell script.
Pipe from and to FaaS function just as with local utils.
We can curl http://faas... |
and | curl -X post -d '$(</dev/stdin)' http://faas
but it feels quite clumsy.
Maybe a little wrapper script or Go app could help, to pipe from/to a single faas-exec without extraneous switches.
cat input.txt | faas-exec func1 | faas-exec -extraparam func2
cat input.json | faas-exec func1 | faas-exec func2
(recognizes json and sets header)
Then, chaining FaaS would just be as simple as using core shell utils.
Trying to demo the ease of use of FaaS by running complex stacks (NLP) within Docker containers, but need some transform steps on data before and after. Need an easy way to chain local and FaaS processes.
A logo will be useful for promoting project. Currently underway with designer.
At the same time a new project name could be useful. FaaS sounds a lot like "fast" which was confusing in the US.
Long running functions (8+ seconds) return with empty responses.
STDOUT should be returned in the response body.
The response body is empty.
Deploy faas.
Create the following files:
version: '3.1'
services:
test:
image: functions/alpine
networks: [ func_functions ]
labels:
function: 'true'
environment:
read_timeout: 60
write_timeout: 60
fprocess: 'sh /root/func.sh'
volumes:
- .:/root
networks:
func_functions:
external: true
DELAY=`cat -`
echo hi, sleeping for $DELAY
sleep $DELAY
echo done sleeping, bye!
This function takes a number as input and sleeps for that duration before responding.
Let's deploy it:
> docker deploy -c func.yml issue
> docker service logs -f issue_test
And curl the service to run for different lengths:
> time curl localhost:8089/function/issue_test -XPOST -d6
hi, sleeping for 6
done sleeping, bye!
real 0m6.013s
user 0m0.004s
sys 0m0.001s
> time curl localhost:8089/function/issue_test -XPOST -d7
hi, sleeping for 7
done sleeping, bye!
real 0m7.013s
user 0m0.000s
sys 0m0.006s
> time curl localhost:8089/function/issue_test -XPOST -d8
curl: (52) Empty reply from server
real 0m8.013s
user 0m0.000s
sys 0m0.005s
> time curl localhost:8089/function/issue_test -XPOST -d9
curl: (52) Empty reply from server
real 0m9.013s
user 0m0.002s
sys 0m0.003s
The test cases for 8 and 9 seconds still return a response, but the response is empty.
@cgpuglie and I are trying to run a web-scraper with nightmare-js as a faas function.
The runtime is variable, but typically longer than 8 seconds.
> docker version
Client:
Version: 17.05.0-ce
API version: 1.29
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:10:29 2017
OS/Arch: linux/amd64
Server:
Version: 17.05.0-ce
API version: 1.29 (minimum version 1.12)
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:10:29 2017
OS/Arch: linux/amd64
Experimental: true
Bump to Golang 1.8.x across all repos
This includes faas, faas-cli and faas-netes.
All existing tests should pass including functional test.
This will also need an ARMHF Golang Dockerfile.
I currently haven't tried FaaS yet, but will do asap. I have one question though, something I couldn't make up from the documentation.
Is it currently possible to create pipes? Thus, to link the STDOUT from one function to the STDIN of another function? Would something like this work?
mkfifo fifo
./process1 argument1 < fifo | ./process2 argument1 > fifo
Thanks,
Bas
The benchmark tools at https://github.com/networknt/microservices-framework-benchmark provides a common "microservices" framework for testing and characterizing performance across systems; it would be useful to set something up for this.
The benchmark provided is a simple "Hello world" fetch, which is simple to implement.
Performance of FaaS is well-characterized.
Performance of FaaS seems to be good, but there aren't numbers.
Do some simple load testing, and characterize performance, prior to running a benchmark.
The "microservices" list has a lot of interesting projects in it which is worthwhile to review in any case.
Hard timeouts should be available for functions to prevent them running beyond desired duration.
I.e. with a hard_timeout of 3 seconds, the process/request should be killed with appropriate HTTP error code after going beyond 3000 ms.
Read/Write timeouts are set at the HTTP gateway.
Go routine / timer
A CLI that would allow FaaS to build / deploy functions without using curl / docker CLI directly.
Some progress started at:
From Alibaba employee - Quai.io is banned in China, change to Hub reference.
If there are multiple gateways in the same swarm, it should be possible to configure the gateways to pick up specific sets of functions, perhaps by labels. Otherwise, each gateway picks up all function services in the swarm.
Function services are currently denoted by the presence of a function
label on the service. Gateways automatically pick up all services with this label.
As an example, Traefik can be configured with constraints for which Traefik configured services it handles. Only services that match the constraint (via tags on labels) will be handled by the Traefik instance. This enables multiple instances of Traefik to be deployed on a swarm, each handling a different set of services.
I'm trying out FaaS in a project. The repo branches for this project are automatically built and deployed on a Docker swarm for review as part of a CI/CD process. The FaaS gateways from the deployments are picking up the functions from all the deployments, not just the specific branch. There doesn't seem to be a way to limit each gateway to the services for a specific deployment.
docker version
(e.g. Docker 17.0.03 ): 17.0.04I expect to be able to add a new function to a running installation without relaunching all of them, but I get an ambiguous error from the docker command I try. Instead I need rerun deploy_stack to relaunch everything.
Edwards-Air:oblique emv$ docker run --label "function:true" --network func_functions --env "fprocess:oblique" vielmetti/faas-oblique
docker: Error response from daemon: Could not attach to network func_functions: rpc error: code = 7 desc = network func_functions not manually attachable.
ERRO[0000] error getting events from daemon: net/http: request canceled
I expected to be able to add a function to the func_functions network, but was rejected. Is this a Docker issue? Did I get the attach command wrong?
This might just be a documentation issue, as this was my first go-around at trying this.
My function is in the Docker container vielmetti/faas-oblique, and it implements Brian Eno's "Oblique Strategies" card deck by emitting a random card from that deck as a line of text.
Watchdog not reading config overrides when set to false
Using kubeadm
or similar - FaaS should be able to deploy on a Kubernetes cluster using the API server to schedule and scale services.
Does the auto-scaling component need to be refactored into its own process/container?
via @errm - should API gateway create / apply new functions or should this be done via kubelet?
Alex - symmetric design would have the gateway create services on Swarm or Kubernetes via API
Other notes:
Kubernetes also supports ARMv7 (Raspberry Pi 2/3) but not the Zero/Pi 1 due to memory constraints.
The function watchdog can already be scheduled as a service to a Kubernetes cluster without changes.
I'd like to see a function container that was not restarted upon every request, preferably something that would accept HTTP or that could talk to a message queue (Redis, MQTT, etc.)
Design and run complex flows / State machines from FaaS functions.
The idea is similar to amazon step functions and states language.
See https://aws.amazon.com/fr/blogs/aws/new-aws-step-functions-build-distributed-applications-using-visual-workflows/
We could use a visual editor to chain functions.
I'm willing to explore the node-red road : the blocks are highly configurable, do have properties, and the resulting flow can be saved as a Json file.
The node red editor is stable and used in several projects.
Functions are blocks, We'll need some structure control as well (parallelism, conditions, retries)
I'd like to reduce friction when adopting FaaS, and allow non dev to build complex data flows.
Those are just some thoughts right now, but I'll try to demo something.
I'm simply suggesting to add this function. I use it to store passwords (while ensuring they are never plain-text) in our local documents. I used the container Alpine and installed openssh.
Just replace the master password 'FancyPasswordHere' with yours.
1) fct_crypt
#### ENCRYPT
#Generate a 32 characters password
STEP1=$(docker run --rm alpine sh -c \
"cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1")
#Show the password
echo "$STEP1" && echo
#Encrypt the pass
STEP2=$(echo "$STEP1" | openssl enc -aes-256-cbc -a -k "FancyPasswordHere")
STEP1="null"
#Create a variable so it will be quick to copy-paste it later
STEP3="THIS_VAR='$STEP2'"
#Show the final string to copy in your files
echo "$STEP3" && echo
# Copy it in the clipboard (mac)
echo $STEP3 | pbcopy
echo "Just paste your encrypted password into your files."
2) fct_decrypt
Copy-paste back the output of the previous command. ie:
THIS_VAR='U2FsdGVkX19YVGj32Z0lb1YlJbD2S3/wa9GQAliwOwPWgvSXHQ1gLnkgNovzMdtd pk7atELI8iWVAql65rmMQQ=='
, then run
#### DECRYPT
echo "Copy-paste back the output of the previous command. Then run:"
echo "$THIS_VAR" | openssl enc -aes-256-cbc -d -a -k "FancyPasswordHere"
The name of the FaaS project will transition to OpenFaaS. This issue is going to track the progress and list areas needing to change.
Areas to cover:
Anything else?
Asynchronous processing should be possible for long-running functions.
Must have:
/async/function/<function_name>
Or via Header:
X-etc: async
Work is accepted immediately and a 202 Accepted is returned. This should be handed off to a queue.
One or more (scaleable) asynchronous workers read from a queue and call functions
Should dequeue item atomically
Upon failure another worker should pick up the item
For initial version - HTTP should be used by worker to call function just like the gateway does. Timeout will depend on the configuration of the function.
Prometheus metrics to be logged for work queued/processed/outstanding
Could have:
Nice to have:
docker service logs
Notes:
Have looked into Kafka - design looks overly complex for task at hand.
NATS queuing is not resilient - but NATS Streaming may be suitable.
To resolve #94 or provide temporary work-around.
The API Gateway has hard-coded 8-second timeout, this should be configurable. Most people will want this to be shorter - some longer.
8-seconds is the max duration
Introduce environmental configuration to match that of the watchdog's configuration options.
https://github.com/alexellis/faas/blob/master/watchdog/readconfig.go
See #94 or set fprocess
to sleep 10
.
cc/ @stealthybox
It isn't clear to me how to set the Content-Type on an individual function, particularly run via the fwatchdog.
I should be able to write HTTP headers as part of the output of the program (like cgi-bin):
Content-Type: text/plain
hello world
Or specify it in the docker-compose:
hello:
image: functions/alpine:latest
labels:
function: "true"
depends_on:
- gateway
networks:
- functions
environment:
fprocess: "echo hello world"
content_type: "text/plain"
no_proxy: "gateway"
https_proxy: $https_proxy
Content-Type appears to be unset when using fwatchdog
.
Happy to build something for PR if there is a desired direction.
When using our own private docker registry, we need the swarm cluster to be able to pull images (functions) from it.
When a new function service is created in Swarm, images from a private registry should be correctly pulled provided the registry credentials are available somewhere.
Images cannot be pulled by Swarm workers.
We can rely on the mechanism provided by the --with-registry-auth
flag in the docker stack
command, which forwards the registry credentials to all swarm nodes.
When creating a service using the golang Docker sdk, we can pass the appropriate encoded registry auth (base64 encoding of the json string representation).
I have a proposal there, based on environment variables configuration: sebgl@e7d2deb
If you think that makes sense I can open a pull request.
We would like to use FaaS with private Docker registries (not only hub.docker.com but any registry).
The gateway could be a bottleneck in very high workloads. It should be able to scale.
Prometheus scraping would break
Add to prometheus.yml config:
- job_name: "gateway"
scrape_interval: 5s
dns_sd_configs:
- names: ['tasks.gateway']
port: 8080
type: A
refresh_interval: 5s
Attempt to port gateway and/or function watchdog over to Windows containers.
Easiest way to try this may be to start by porting the watchdog component over to Windows containers and then attaching it to the existing Linux API Gateway.
Serverless Inc framework provides a CLI / abstraction to public cloud, but they do not appear to have any Docker or Swarm backed providers.
Related: #58
Run a spike / PoC to integrate with serverless project:
Repo & skeleton created:
Goals:
Bind mounting config files for Prometheus and AlertManager means it's hard to remotely deploy with docker-machine etc. From: @timhaak
Build new images with config added already under functions repo on the Hub. Ideally via auto-build.
I have attempted to manually start and run the stack without using the playground with a few issues when accessing the web ui.
I built and started the stack with the shell scripts, then I attempted to load http://localhost:8080
and got forever-loading empty request.
./build.sh
./deploy_stack.sh
Deploying stack
Creating network func_functions
Creating service func_gateway
Creating service func_alertmanager
Creating service func_nodeinfo
Creating service func_markdown
Creating service func_decodebase64
Creating service func_wordcount
Creating service func_hubstats
Creating service func_prometheus
Creating service func_echoit
Creating service func_base64
Creating service func_webhookstash
curl localhost:8080/function/func_markdown/ -d "## Testing"
curl: (56) Recv failure: Connection reset by peer
I inspected the docker network and got the ip for the gateway container, and accessed it via http://<containerid>:8080
. I got a white page with just this text: Select a function.
.
I also manually ran docker-compose build
docker-compose up
docker-compose down
to see if raw compose was a possible solution. I checked but didn't see a particular version of docker that is required.
Am I doing something entirely wrong, or is there a step for setting up the network that I need to do first?
I read all the md files in the repo, your blog post referencing faas, and some of the linked gists without finding a particular solution.
Docker version version 17.06.0-ce, build 02c1d87
Operating System and version (e.g. Linux, Windows, MacOS):
Debian Linux 4.9.0-3-amd64
when to execute
docker stack deploy -c docker-compose.yml func
pass
ERROR: yaml.scanner.ScannerError: while scanning for the next token
found character '\t' that cannot start any token
in "./docker-compose.yml", line 106, column 22
Auto-scaling without any drop in performance
Lack of health check (only in arm examples) means that the performance drops and could cause oscillation between replica counts.
HEALTCHECK CMD
as per 64-bit examples.Run performance tests with VIP resolution vs IPVS.
conntrack
under high connection load > 10k requestsIt would be great to get this working on ARMv8.
The goal would be to provide a Dockerfile that enables FaaS on ARMv8 machines, specifically getting the watchdog process running.
The biggest challenge I've identified is finding a compact base container that provides a current version of Go to build and run the worker. The aarch64/ubuntu-golang container is more than a year old, for example. aarch64/ubuntu-golang#4
Work upstream to get a good aarch64/golang base image, and this becomes nearly trivial.
Looking to port this environment to the Packet 2A 96-core ARM servers.
I did a number of Moby Mingles at DockerCon on the topic of Serverless. During those mingles, I showed people FaaS. The following are some of the questions that came up during discussions (they're not necessarily FaaS-specific).
I'm able to stash (via func_webhookstash) a small text file, but when attempting a larger file (1.8M) the command simply hangs.
I expect no behavior difference, regardless of file size/type.
Or I expect a meaningful error.
The larger upload hangs indefinitely.
I do see the gateway forwarding to webhookstash:
docker logs -f func_gateway.1.mazbcz33vjo5lhkviyj2y5kb3
Resolving: 'func_webhookstash'
[1490657353] Forwarding request [application/x-www-form-urlencoded] to: http://10.0.0.20:8080/
However, I see no further logging information.
dev % ls -al hello.txt IMG_0733.JPG
-rw-r--r-- 1 nick nick 12 Mar 27 16:22 hello.txt
-rw-r--r-- 1 nick nick 1815980 Mar 27 13:44 IMG_0733.JPG
dev % cat hello.txt | curl -X POST http://localhost:8080/function/func_webhookstash --data-binary @-
Stashing request
dev % cat IMG_0733.JPG | curl -X POST http://localhost:8080/function/func_webhookstash --data-binary @-
hangs indefinitely
The response should be a JSON-formatted version of the 'text' body.
The response is currently null
or '' for all entries.
Convert the textual response to JSON.
func_nodeinfo
JSON
response.null
response, test again with Text
and observe non-null
response.Can be reproduced with any of the functions that give an output.
Just found it playing around with the default FaaS
(tagging @developius)
Hi,
I just want to confirm Docker file for https://hub.docker.com/r/functions/alpine/.
Can you git-add this file into repo too?
Thank you for exciting project!!
This may be via the Azure API or through the ACI Kubernetes Connector.
ACI:
https://azure.microsoft.com/en-us/blog/announcing-azure-container-instances/
Kubernetes connector:
https://github.com/Azure/aci-connector-k8s
Container instances have granular billing, public or private IPs and can be deployed to multiple regions easily. No backing VM is necessary either.
Watchdog should timeout after 5 seconds (default) or the configured amount of seconds.
Resulting timeout values are very large.
It's not possible to configure small values.
This also affects the default.
Remove the extra arithmetic in main.go
.
This doesn't look intentional.
I'm not sure what the repercussions are.
I discovered this when copying the timeout configurations over to the Gateway httpServer.
Expected faas-cli to successfully build the function with:
faas-cli -action build -f ./urlping.yaml
.
.
.
cp - ./template/python/requirements.txt ./build/url_ping/requirements.txt
cp - ./template/python/function/handler.py ./build/url_ping/function/handler.py
2017/07/10 10:51:14 readdirent: invalid argument
Trying the sample code to get FAAS working in my environment
docker version
(e.g. Docker 17.0.05 ):docker version
Client:
Version: 17.06.0-ce
API version: 1.30
Go version: go1.8.3
Git commit: 02c1d87
Built: Fri Jun 23 21:31:53 2017
OS/Arch: darwin/amd64
Server:
Version: 17.06.0-ce
API version: 1.30 (minimum version 1.12)
Go version: go1.8.3
Git commit: 02c1d87
Built: Fri Jun 23 21:51:55 2017
OS/Arch: linux/amd64
Experimental: true
Operating System and version (e.g. Linux, Windows, MacOS):
MacOS
Link to your project:
N/A
Deploying a function on a mixed-OS cluster should be possible - where a Windows container is scheduled correctly.
The task will be scheduled randomly - possibly on a Linux host.
Add a default constraint to Linux and allow this to be overridden in the deploy function endpoint. A change to the CLI may also make sense later down the line.
Checkpoints:
Schema https://github.com/alexellis/faas/blob/master/gateway/requests/requests.go#L7
Includes an update to the swagger API
Covers both Kubernetes and Swarm
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.