Operator for OpenFaaS Functions on Kubernetes
Clone or download
alexellis Add test for get handler with empty list
- empty list returned the text "null" which is not valid JSON
so the test and change makes it return an empty list. Tested with
introducing a breaking unit test.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
Latest commit 10f0095 Jan 11, 2019



Go Report Card Build Status GoDoc License: MIT OpenFaaS

OpenFaaS Operator for Kubernetes 1.9 or newer


Deploy OpenFaaS Operator with Helm:

# create OpenFaaS namespaces
kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml

# add OpenFaaS Helm repo
helm repo add openfaas https://openfaas.github.io/faas-netes/

# get latest chart version and install
helm repo update && helm upgrade openfaas --install openfaas/openfaas \
    --namespace openfaas  \
    --set functionNamespace=openfaas-fn \
    --set operator.create=true

If you are upgrading from faas-netes you need to remove all functions and redeploy them after installing the operator.

Deploy a function with kubectl:

kubectl -n openfaas-fn apply -f ./artifacts/nodeinfo.yaml

On armhf use:

kubectl -n openfaas-fn apply -f ./artifacts/figlet-armhf.yaml

List functions, services, deployments and pods:

kubectl -n openfaas-fn get functions
kubectl -n openfaas-fn get all

Deploy a function with secrets:

kubectl -n openfaas-fn create secret generic faas-token --from-literal=faas-token=token
kubectl -n openfaas-fn create secret generic faas-key --from-literal=faas-key=key
kubectl -n openfaas-fn apply -f ./artifacts/gofast.yaml

Test that secrets are available inside the gofast pod:

kubectl -n openfaas-fn exec -it gofast-84fd464784-sd5ml -- sh

~ $ cat /var/openfaas/faas-key 

~ $ cat /var/openfaas/faas-token 

Test that node selectors work on GKE by adding the following to gofast.yaml:

    - "cloud.google.com/gke-nodepool=default-pool"

Apply the function and check the deployment specs with:

kubectl -n openfaas-fn describe deployment gofast

Development build

The OpenFaaS Operator runs as a sidecar in the gateway pod. For end to end testing you need to update the sidecar to use your development image.

  1. Build,tag and push your image to your own public docker repository: i.e. make build && docker tag openfaas/openfaas-operator:latest {user}/openfaas-operator:latest-dev

  2. Update your helm deployment

helm upgrade openfaas --install openfaas/openfaas \
    --namespace openfaas  \
    --set functionNamespace=openfaas-fn \
    --set operator.create=true \
--set operator.image={user}/openfaas-operator:latest-dev

Local run

Create OpenFaaS CRD:

$ kubectl apply -f artifacts/operator-crd.yaml

Start OpenFaaS controller (assumes you have a working kubeconfig on the machine):

$ go build \
  && ./openfaas-operator -kubeconfig=$HOME/.kube/config -v=4

With go run

$ go run *.go -kubeconfig=$HOME/.kube/config

To use an alternative port set the port environmental variable to another value.

Create a function:

$ kubectl apply -f artifacts/nodeinfo.yaml

Check if nodeinfo deployment and service were created through the CRD:

$ kubectl get deployment nodeinfo
$ kubectl get service nodeinfo

Test if nodeinfo service can access the pods:

$ kubectl run -it --rm --restart=Never curl --image=byrnedo/alpine-curl --command -- sh
/ # curl -d 'verbose' http://nodeinfo.default:8080

Delete nodeinfo function:

kubectl delete -f artifacts/nodeinfo.yaml 

Check if nodeinfo pods, rc, deployment and service were removed:

kubectl get all


Functions management

Create or update a function:

curl -d '{"service":"nodeinfo","image":"functions/nodeinfo:burner","envProcess":"node main.js","labels":{"com.openfaas.scale.min":"2","com.openfaas.scale.max":"15"},"environment":{"output":"verbose","debug":"true"}}' -X POST  http://localhost:8081/system/functions

List functions:

curl -s http://localhost:8081/system/functions | jq .

Scale PODs up/down:

curl -d '{"serviceName":"nodeinfo", "replicas": 3}' -X POST http://localhost:8081/system/scale-function/nodeinfo

Get available replicas:

curl -s http://localhost:8081/system/function/nodeinfo | jq .availableReplicas

Remove function:

curl -d '{"functionName":"nodeinfo"}' -X DELETE http://localhost:8081/system/functions

Secrets management

Create secret:

curl -d '{"name":"test","value":"test"}' -X POST http://localhost:8081/system/secrets

List secrets:

curl -X GET http://localhost:8081/system/secrets

Update secret:

curl -d '{"name":"test","value":"test update"}' -X PUT http://localhost:8081/system/secrets

Delete secret:

curl -d '{"name":"test"}' -X DELETE http://localhost:8081/system/secrets


Verbosity levels:

  • -v=0 CRUD actions via API and Controller including errors
  • -v=2 function call duration (Proxy API)
  • -v=4 Kubernetes informers events (highly verbose)


Prometheus route:

curl http://localhost:8081/metrics

Profiling is disabled by default, to enable it set pprof environment variable to true.

Pprof web UI can be access at http://localhost:8081/debug/pprof/. The goroutine, heap and threadcreate profilers are enabled along with the full goroutine stack dump.

Run the heap profiler:

go tool pprof goprofex http://localhost:8081/debug/pprof/heap

Run the goroutine profiler:

go tool pprof goprofex http://localhost:8081/debug/pprof/goroutine