diff --git a/Makefile b/Makefile index fa57e4171..1eed1e5d2 100644 --- a/Makefile +++ b/Makefile @@ -87,6 +87,7 @@ verify-charts: arkade chart verify --verbose=$(VERBOSE) -f ./chart/queue-worker/values.yaml && \ arkade chart verify --verbose=$(VERBOSE) -f ./chart/sns-connector/values.yaml && \ arkade chart verify --verbose=$(VERBOSE) -f ./chart/rabbitmq-connector/values.yaml && \ + arkade chart verify --verbose=$(VERBOSE) -f ./chart/gcp-pubsub-connector/values.yaml && \ arkade chart verify --verbose=$(VERBOSE) -f ./chart/headroom-controller/values.yaml verify-chart: @@ -111,6 +112,7 @@ upgrade-charts: arkade chart upgrade --verbose=$(VERBOSE) -w -f ./chart/queue-worker/values.yaml && \ arkade chart upgrade --verbose=$(VERBOSE) -w -f ./chart/sns-connector/values.yaml && \ arkade chart upgrade --verbose=$(VERBOSE) -w -f ./chart/rabbitmq-connector/values.yaml && \ + arkade chart upgrade --verbose=$(VERBOSE) -w -f ./chart/gcp-pubsub-connector/values.yaml && \ arkade chart upgrade --verbose=$(VERBOSE) -w -f ./chart/headroom-controller/values.yaml bump-charts: @@ -125,6 +127,7 @@ bump-charts: arkade chart bump --file ./chart/queue-worker/Chart.yaml -w && \ arkade chart bump --file ./chart/sns-connector/Chart.yaml -w && \ arkade chart bump --file ./chart/rabbitmq-connector/Chart.yaml -w && \ + arkade chart bump --file ./chart/gcp-pubsub-connector/Chart.yaml -w && \ arkade chart bump --file ./chart/headroom-controller/Chart.yaml -w charts-only: @@ -140,7 +143,9 @@ charts-only: helm package queue-worker/ && \ helm package sns-connector/ && \ helm package rabbitmq-connector/ && \ + helm package gcp-pubsub-connector/ && \ helm package headroom-controller/ + mv chart/*.tgz docs/ helm repo index docs --url https://openfaas.github.io/faas-netes/ --merge ./docs/index.yaml diff --git a/chart/gcp-pubsub-connector/.helmignore b/chart/gcp-pubsub-connector/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/chart/gcp-pubsub-connector/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/gcp-pubsub-connector/Chart.yaml b/chart/gcp-pubsub-connector/Chart.yaml new file mode 100644 index 000000000..0fb891821 --- /dev/null +++ b/chart/gcp-pubsub-connector/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +description: Invoke OpenFaaS functions from Google Cloud Pub/Sub messages. +name: gcp-pubsub-connector +version: 0.0.1 +sources: +- https://github.com/openfaas/faas-netes +home: https://www.openfaas.com +icon: https://raw.githubusercontent.com/openfaas/media/master/OpenFaaS_logo_stacked_opaque.png +keywords: +- openfaas +- faas +- serverless +- pubsub +- gcp +- events +maintainers: +- name: alexellis + email: alex@openfaas.com +- name: welteki + email: han@openfaas.com diff --git a/chart/gcp-pubsub-connector/README.md b/chart/gcp-pubsub-connector/README.md new file mode 100644 index 000000000..c8570c808 --- /dev/null +++ b/chart/gcp-pubsub-connector/README.md @@ -0,0 +1,107 @@ +# OpenFaaS Pro Google Cloud Pub/Sub Connector + +Trigger OpenFaaS functions from Google Cloud Pub/Sub messages. + +## Prerequisites + +- Purchase a license + + You will need an OpenFaaS License + + Contact us to find out more [openfaas.com/pricing](https://www.openfaas.com/pricing) + +- Install OpenFaaS + + You must have a working OpenFaaS installed. + +## Configure secrets + +- Create the required secret with your OpenFaaS Pro license code: + +```bash +$ kubectl create secret generic \ + -n openfaas \ + openfaas-license \ + --from-file license=$HOME/.openfaas/LICENSE +``` + +- Create a secret for the Google Cloud Application Default Credentials (ADC). + +```bash +$ kubectl create secret generic -n openfaas \ + gcp-pubsub-credentials --from-file gcp-pubsub-credentials=$HOME/gcp-pubsub-credentials.json +``` + +Ensure you application has the correct [IAM permission to consume messages from Pub/Sub subscriptions](https://cloud.google.com/pubsub/docs/access-control). + +## Configure values.yaml + +```yaml +# Google cloud project ID +projectID: "openfaas" + +# List if Pub/Sub subscriptions the connector should subscribe to. +subscriptions: + - sub1 + - sub2 +``` + +Use the `subscriptions` parameter to configure a list of Pub/Sub subscriptions to which the connector should subscribe. When the subscriber receives a message, the connector will attempt to invoke any function that has the subscription name listed in its `topic` annotation. + +## Install the chart + +- Add the OpenFaaS chart repo and deploy the `gcp-pubsub-connector` chart. We recommend installing it in the same namespace as the rest of OpenFaaS + +```sh +$ helm repo add openfaas https://openfaas.github.io/faas-netes/ +$ helm repo update && \ + helm upgrade gcp-pubsub-connector openfaas/gcp-pubsub-connector \ + --install \ + --namespace openfaas \ + -f values.yaml +``` + +> The above command will also update your helm repo to pull in any new releases. + +## Configuration + +Additional gcp-pubsub-connector options in `values.yaml`. + +| Parameter | Description | Default | +| ---------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------ | +| `replicas` | The number of replicas of this connector. Pub/Sub messages will be load balanced between the connector replicas. | `1` | +| `projectID` | Google Cloud project Id | `""` | +| `subscriptions` | List if Pub/Sub subscriptions the connector should subscribe to. | `[]` | +| `gcpCredentialsSecret` | Kubernetes secret for the Google Cloud Application Default Credentials (ADC) | `gcp-pubsub-credentials` | +| `asyncInvocation` | For long running or slow functions, offload to asychronous function invocations and carry on processing the stream | `false` | +| `upstreamTimeout` | Maximum timeout for upstream function call, must be a Go formatted duration string. | `2m` | +| `rebuildInterval` | Interval for rebuilding function to topic map, must be a Go formatted duration string. | `30s` | +| `gatewayURL` | The URL for the OpenFaaS gateway. | `http://gateway.openfaas:8080` | +| `printResponse` | Output the response of calling a function in the logs. | `true` | +| `printResponseBody` | Output to the logs the response body when calling a function. | `false` | +| `printRequestBody` | Output to the logs the request body when calling a function. | `false` | +| `fullnameOverride` | Override the name value used for the Connector Deployment object. | `""` | +| `contentType` | Set a HTTP Content Type during function invocation. | `text/plain` | +| `logs.debug` | Print debug logs | `false` | +| `logs.format` | The log encoding format. Supported values: `json` or `console` | `console` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. See `values.yaml` for the default configuration. + +## Install a development version of the chart + +When developing on the chart locally, just specify the path to the chart where you've cloned it: + +```sh +$ helm upgrade gcp-pubsub-connector ./chart/gcp-pubsub-connector \ + --install \ + --namespace openfaas \ + -f values.yaml +``` + +## Removing the gcp-pubsub-connector + +All control plane components can be cleaned up with helm: + +```sh +$ helm uninstall -n openfaas gcp-pubsub-connector +``` diff --git a/chart/gcp-pubsub-connector/templates/_helpers.tpl b/chart/gcp-pubsub-connector/templates/_helpers.tpl new file mode 100644 index 000000000..f0df50a57 --- /dev/null +++ b/chart/gcp-pubsub-connector/templates/_helpers.tpl @@ -0,0 +1,33 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "connector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "connector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "connector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + diff --git a/chart/gcp-pubsub-connector/templates/deployment.yml b/chart/gcp-pubsub-connector/templates/deployment.yml new file mode 100644 index 000000000..c477a63d2 --- /dev/null +++ b/chart/gcp-pubsub-connector/templates/deployment.yml @@ -0,0 +1,126 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ template "connector.name" . }} + component: gcp-pubsub-connector + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "connector.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.Version }} + app.kubernetes.io/component: gcp-pubsub-connector + app.kubernetes.io/part-of: openfaas + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "connector.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "connector.name" . }} + component: gcp-pubsub-connector + + template: + metadata: + annotations: + prometheus.io/scrape: "false" + labels: + app: {{ template "connector.name" . }} + component: gcp-pubsub-connector + spec: + volumes: + - name: openfaas-license + secret: + secretName: openfaas-license + {{- if .Values.basic_auth }} + - name: auth + secret: + secretName: basic-auth + {{- end }} + {{- if .Values.gcpCredentialsSecret }} + - name: gcp-pubsub-credentials + secret: + secretName: {{ .Values.gcpCredentialsSecret }} + {{- end }} + containers: + - name: connector + image: {{ .Values.image }} + command: + - "/usr/bin/connector" + - "-license-file=/var/secrets/license/license" + env: + - name: gateway_url + value: {{ .Values.gatewayURL | quote }} + - name: print_response + value: {{ .Values.printResponse | quote }} + - name: print_response_body + value: {{ .Values.printResponseBody | quote }} + - name: print_request_body + value: {{ .Values.printRequestBody | quote }} + - name: asynchronous_invocation + value: {{ .Values.asyncInvocation | quote }} + - name: project_id + value: {{ .Values.projectID | quote }} + - name: subscriptions + value: {{ .Values.subscriptions | toJson | quote }} + {{- if .Values.basic_auth }} + - name: basic_auth + value: "true" + - name: secret_mount_path + value: "/var/secrets" + {{- end }} + {{- if .Values.upstreamTimeout }} + - name: upstream_timeout + value: {{ .Values.upstreamTimeout | quote }} + {{- end }} + {{- if .Values.rebuildInterval }} + - name: rebuild_interval + value: {{ .Values.rebuildInterval | quote }} + {{- end }} + - name: content_type + value: {{ .Values.contentType | quote }} + - name: "debug" + value: "{{ .Values.logs.debug }}" + - name: "log_encoding" + value: "{{ .Values.logs.format }}" + {{- if .Values.gcpCredentialsSecret }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/secrets/gcp-pubsub-credentials/gcp-pubsub-credentials + {{- end}} + resources: + {{- .Values.resources | toYaml | nindent 12 }} + + {{- if .Values.securityContext }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + volumeMounts: + - name: openfaas-license + readOnly: true + mountPath: "/var/secrets/license" + {{- if .Values.basic_auth }} + - name: auth + readOnly: true + mountPath: "/var/secrets" + {{- end }} + {{- if .Values.gcpCredentialsSecret }} + - name: gcp-pubsub-credentials + readOnly: true + mountPath: "/var/secrets/gcp-pubsub-credentials" + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/chart/gcp-pubsub-connector/values.yaml b/chart/gcp-pubsub-connector/values.yaml new file mode 100644 index 000000000..9140dee83 --- /dev/null +++ b/chart/gcp-pubsub-connector/values.yaml @@ -0,0 +1,68 @@ +# This component is licensed for OpenFaaS Standard/Enterprise customers only. +# Purchase or obtain a trial license at https://openfaas.com/pricing/ + +# You will need to create a license named "openfaas-license" - see the +# chart README for detailed instructions. + +# Google cloud project ID +projectID: "" + +# List if Pub/Sub subscriptions the connector should subscribe to. +subscriptions: [] + +# Kubernetes secret for the Google Cloud Application Default Credentials (ADC) +# to connect to Pub/Sub +gcpCredentialsSecret: gcp-pubsub-credentials + +image: ghcr.io/openfaasltd/gcp-pubsub-connector:0.0.1 + +# The number of replicas of the connector. +replicas: 1 + +logs: + # Log debug messages + debug: false + # Set the log format, supports console or json + format: "console" + +# Max timeout for a function +upstreamTimeout: 2m + +# interval for rebuilding the map of functions and topics +rebuildInterval: 30s + +# Use with slow consumers or long running functions. +asyncInvocation: false + +# HTTP content-type for invoking functions +contentType: text/plain + +# Print the data read from the Kafka topic before invoking functions +printRequestBody: false + +# Print the HTTP status of invoked functions +printResponse: true + +# Print the data received from invoked functions +printResponseBody: false + +# Gateway URL to access API and for invocations +gatewayURL: http://gateway.openfaas:8080 + +# Basic auth for the gateway +basic_auth: true + +resources: + requests: + memory: "64Mi" + cpu: "100m" + # limits: + # memory: "256Mi" + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +securityContext: {} \ No newline at end of file