openfaas-operator
OpenFaaS Operator for Kubernetes 1.9 or newer
Deploy
Deploy OpenFaaS Operator with Helm:
# create OpenFaaS namespaces
kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml
# add OpenFaaS Helm repo
helm repo add openfaas https://openfaas.github.io/faas-netes/
# get latest chart version and install
helm repo update && helm upgrade openfaas --install openfaas/openfaas \
--namespace openfaas \
--set functionNamespace=openfaas-fn \
--set operator.create=true
If you are upgrading from faas-netes you need to remove all functions and redeploy them after installing the operator.
Deploy a function with kubectl:
kubectl -n openfaas-fn apply -f ./artifacts/nodeinfo.yaml
On armhf use:
kubectl -n openfaas-fn apply -f ./artifacts/figlet-armhf.yaml
List functions, services, deployments and pods:
kubectl -n openfaas-fn get functions
kubectl -n openfaas-fn get all
Deploy a function with secrets:
kubectl -n openfaas-fn create secret generic faas-token --from-literal=faas-token=token
kubectl -n openfaas-fn create secret generic faas-key --from-literal=faas-key=key
kubectl -n openfaas-fn apply -f ./artifacts/gofast.yaml
Test that secrets are available inside the gofast
pod:
kubectl -n openfaas-fn exec -it gofast-84fd464784-sd5ml -- sh
~ $ cat /var/openfaas/faas-key
key
~ $ cat /var/openfaas/faas-token
token
Test that node selectors work on GKE by adding the following to gofast.yaml
:
constraints:
- "cloud.google.com/gke-nodepool=default-pool"
Apply the function and check the deployment specs with:
kubectl -n openfaas-fn describe deployment gofast
Development build
The OpenFaaS Operator runs as a sidecar in the gateway pod. For end to end testing you need to update the sidecar to use your development image.
-
Build,tag and push your image to your own public docker repository: i.e.
make build && docker tag openfaas/openfaas-operator:latest {user}/openfaas-operator:latest-dev
-
Update your helm deployment
helm upgrade openfaas --install openfaas/openfaas \
--namespace openfaas \
--set functionNamespace=openfaas-fn \
--set operator.create=true \
--set operator.image={user}/openfaas-operator:latest-dev
Local run
Create OpenFaaS CRD:
$ kubectl apply -f artifacts/operator-crd.yaml
Start OpenFaaS controller (assumes you have a working kubeconfig on the machine):
$ go build \
&& ./openfaas-operator -kubeconfig=$HOME/.kube/config -v=4
With go run
$ go run *.go -kubeconfig=$HOME/.kube/config
To use an alternative port set the port
environmental variable to another value.
Create a function:
$ kubectl apply -f artifacts/nodeinfo.yaml
Check if nodeinfo deployment and service were created through the CRD:
$ kubectl get deployment nodeinfo
$ kubectl get service nodeinfo
Test if nodeinfo service can access the pods:
$ kubectl run -it --rm --restart=Never curl --image=byrnedo/alpine-curl --command -- sh
/ # curl -d 'verbose' http://nodeinfo.default:8080
Delete nodeinfo function:
kubectl delete -f artifacts/nodeinfo.yaml
Check if nodeinfo pods, rc, deployment and service were removed:
kubectl get all
Web API
Functions management
Create or update a function:
curl -d '{"service":"nodeinfo","image":"functions/nodeinfo:burner","envProcess":"node main.js","labels":{"com.openfaas.scale.min":"2","com.openfaas.scale.max":"15"},"environment":{"output":"verbose","debug":"true"}}' -X POST http://localhost:8081/system/functions
List functions:
curl -s http://localhost:8081/system/functions | jq .
Scale PODs up/down:
curl -d '{"serviceName":"nodeinfo", "replicas": 3}' -X POST http://localhost:8081/system/scale-function/nodeinfo
Get available replicas:
curl -s http://localhost:8081/system/function/nodeinfo | jq .availableReplicas
Remove function:
curl -d '{"functionName":"nodeinfo"}' -X DELETE http://localhost:8081/system/functions
Secrets management
Create secret:
curl -d '{"name":"test","value":"test"}' -X POST http://localhost:8081/system/secrets
List secrets:
curl -X GET http://localhost:8081/system/secrets
Update secret:
curl -d '{"name":"test","value":"test update"}' -X PUT http://localhost:8081/system/secrets
Delete secret:
curl -d '{"name":"test"}' -X DELETE http://localhost:8081/system/secrets
Configure the service account for your function
Example service account:
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-robot
namespace: openfaas-fn
Set the following in your function spec:
annotations:
com.openfaas.serviceaccount: "build-robot"
Logging
Verbosity levels:
-v=0
CRUD actions via API and Controller including errors-v=2
function call duration (Proxy API)-v=4
Kubernetes informers events (highly verbose)
Instrumentation
Prometheus route:
curl http://localhost:8081/metrics
Profiling is disabled by default, to enable it set pprof
environment variable to true
.
Pprof web UI can be access at http://localhost:8081/debug/pprof/
. The goroutine, heap and threadcreate
profilers are enabled along with the full goroutine stack dump.
Run the heap profiler:
go tool pprof goprofex http://localhost:8081/debug/pprof/heap
Run the goroutine profiler:
go tool pprof goprofex http://localhost:8081/debug/pprof/goroutine