Documentation ¶
Index ¶
- Constants
- func AsFunctionStatus(item appsv1.Deployment) *types.FunctionStatus
- func GetLogs(ctx context.Context, client kubernetes.Interface, ...) (<-chan Log, error)
- func IsNotFound(err error) bool
- func ReadFunctionSecretsSpec(item appsv1.Deployment) []string
- type DeploymentConfig
- type FunctionFactory
- func (f *FunctionFactory) ConfigureContainerUserID(deployment *appsv1.Deployment)
- func (f *FunctionFactory) ConfigureReadOnlyRootFilesystem(request sharepod.SharepodDeployment, deployment *appsv1.Deployment)
- func (f *FunctionFactory) ConfigureSecrets(request types.FunctionDeployment, deployment *appsv1.Deployment, ...) error
- func (f *FunctionFactory) MakeProbes(r sharepod.SharepodDeployment) (*SharepodProbes, error)
- type FunctionLookup
- type Log
- type LogRequestor
- type ProbeConfig
- type SecretInterfacer
- type SecretsClient
- type SharepodProbes
Constants ¶
const EnvProcessName = "fprocess"
EnvProcessName is the name of the env variable containing the function process
const (
// LogBufferSize number of log messages that may be buffered
LogBufferSize = 500 * 2
)
const SecurityContextUserID = int64(12000)
nonRootFunctionuserID is the user id that is set when DeployHandlerConfig.SetNonRootUser is true. value >10000 per the suggestion from https://kubesec.io/basics/containers-securitycontext-runasuser/
Variables ¶
This section is empty.
Functions ¶
func AsFunctionStatus ¶
func AsFunctionStatus(item appsv1.Deployment) *types.FunctionStatus
AsFunctionStatus reads a Deployment object into an OpenFaaS FunctionStatus, parsing the Deployment and Container spec into a simplified summary of the Function
func GetLogs ¶
func GetLogs(ctx context.Context, client kubernetes.Interface, functionName, namespace string, tail int64, since *time.Time, follow bool) (<-chan Log, error)
GetLogs returns a channel of logs for the given function
func IsNotFound ¶
isNotFound tests if the error is a kubernetes API error that indicates that the object was not found or does not exist
func ReadFunctionSecretsSpec ¶
func ReadFunctionSecretsSpec(item appsv1.Deployment) []string
ReadFunctionSecretsSpec parses the name of the required function secrets. This is the inverse of ConfigureSecrets.
Types ¶
type DeploymentConfig ¶
type DeploymentConfig struct { RuntimeHTTPPort int32 HTTPProbe bool ReadinessProbe *ProbeConfig LivenessProbe *ProbeConfig ImagePullPolicy string // SetNonRootUser will override the function image user to ensure that it is not root. When // true, the user will set to 12000 for all functions. SetNonRootUser bool // ProfilesNamespace defines which namespace is used to look up available Profiles. ProfilesNamespace string }
DeploymentConfig holds the global deployment options
type FunctionFactory ¶
type FunctionFactory struct { Client kubernetes.Interface Config DeploymentConfig }
NamespacedProfiler is a subset of the v1.ProfileLister that is needed for the function factory to support Profiles
type NamespacedProfiler interface { Profiles(namespace string) v1.ProfileNamespaceLister }
FunctionFactory is handling Kubernetes operations to materialise functions into deployments and services
func NewFunctionFactory ¶
func NewFunctionFactory(clientset kubernetes.Interface, config DeploymentConfig) FunctionFactory
func (*FunctionFactory) ConfigureContainerUserID ¶
func (f *FunctionFactory) ConfigureContainerUserID(deployment *appsv1.Deployment)
ConfigureContainerUserID sets the UID to 12000 for the function Container. Defaults to user specified in image metadata if `SetNonRootUser` is `false`. Root == 0.
func (*FunctionFactory) ConfigureReadOnlyRootFilesystem ¶
func (f *FunctionFactory) ConfigureReadOnlyRootFilesystem(request sharepod.SharepodDeployment, deployment *appsv1.Deployment)
ConfigureReadOnlyRootFilesystem will create or update the required settings and mounts to ensure that the ReadOnlyRootFilesystem setting works as expected, meaning:
- when ReadOnlyRootFilesystem is true, the security context of the container will have ReadOnlyRootFilesystem also marked as true and a new `/tmp` folder mount will be added to the deployment spec
- when ReadOnlyRootFilesystem is false, the security context of the container will also have ReadOnlyRootFilesystem set to false and there will be no mount for the `/tmp` folder
This method is safe for both create and update operations.
func (*FunctionFactory) ConfigureSecrets ¶
func (f *FunctionFactory) ConfigureSecrets(request types.FunctionDeployment, deployment *appsv1.Deployment, existingSecrets map[string]*apiv1.Secret) error
ConfigureSecrets will update the Deployment spec to include secrets that have been deployed in the kubernetes cluster. For each requested secret, we inspect the type and add it to the deployment spec as appropriate: secrets with type `SecretTypeDockercfg/SecretTypeDockerjson` are added as ImagePullSecrets all other secrets are mounted as files in the deployments containers.
func (*FunctionFactory) MakeProbes ¶
func (f *FunctionFactory) MakeProbes(r sharepod.SharepodDeployment) (*SharepodProbes, error)
MakeProbes returns the liveness and readiness probes by default the health check runs `cat /tmp/.lock` every ten seconds
type FunctionLookup ¶
type FunctionLookup struct { DefaultNamespace string EndpointLister corelister.EndpointsLister Listers map[string]corelister.EndpointsNamespaceLister // contains filtered or unexported fields }
func NewFunctionLookup ¶
func NewFunctionLookup(ns string, lister corelister.EndpointsLister) *FunctionLookup
func (*FunctionLookup) GetLister ¶
func (f *FunctionLookup) GetLister(ns string) corelister.EndpointsNamespaceLister
func (*FunctionLookup) SetLister ¶
func (f *FunctionLookup) SetLister(ns string, lister corelister.EndpointsNamespaceLister)
type Log ¶
type Log struct { // Text is the log message itself Text string `json:"text"` // Namespace of the pod Namespace string `json:"namespace"` // PodName of the instance PodName string `json:"podName"` // FunctionName of the pod FunctionName string `json:"FunctionName"` // Timestamp of the message Timestamp time.Time `json:"timestamp"` }
Log is the object which will be used together with the template to generate the output.
type LogRequestor ¶
type LogRequestor struct {
// contains filtered or unexported fields
}
LogRequestor implements the Requestor interface for k8s
func NewLogRequestor ¶
func NewLogRequestor(client kubernetes.Interface, functionNamespace string) *LogRequestor
NewLogRequestor returns a new logs.Requestor that uses kail to select and follow pod logs
type ProbeConfig ¶
ProbeConfig holds the deployment liveness and readiness options
type SecretInterfacer ¶
type SecretInterfacer interface { // Secrets returns a SecretInterface scoped to the specified namespace Secrets(namespace string) typedV1.SecretInterface }
SecretInterfacer exposes the SecretInterface getter for the k8s client. This is implemented by the CoreV1Interface() interface in the Kubernetes client. The SecretsClient only needs this one interface, but needs to be able to set the namespaces when the interface is instantiated, meaning, we need the Getter and not the SecretInterface itself.
type SecretsClient ¶
type SecretsClient interface { // List returns a list of available function secrets. Only the names are returned // to ensure we do not accidentally read or print the sensitive values during // read operations. List(namespace string) (names []string, err error) // Create adds a new secret, with the appropriate labels and structure to be // used as a function secret. Create(secret types.Secret) error // Replace updates the value of a function secret Replace(secret types.Secret) error // Delete removes a function secret Delete(name string, namespace string) error // GetSecrets queries Kubernetes for a list of secrets by name in the given k8s namespace. // This should only be used if you need access to the actual secret structure/value. Specifically, // inside the FunctionFactory. GetSecrets(namespace string, secretNames []string) (map[string]*apiv1.Secret, error) }
SecretsClient exposes the standardized CRUD behaviors for Kubernetes secrets. These methods will ensure that the secrets are structured and labelled correctly for use by the OpenFaaS system.
func NewSecretsClient ¶
func NewSecretsClient(kube kubernetes.Interface) SecretsClient
NewSecretsClient constructs a new SecretsClient using the provided Kubernetes client.
type SharepodProbes ¶
type SharepodProbes struct {}