diff --git a/chart/openfaas/README.md b/chart/openfaas/README.md index a962802d9c..52c0076702 100644 --- a/chart/openfaas/README.md +++ b/chart/openfaas/README.md @@ -77,7 +77,7 @@ Now decide how you want to expose the services and edit the `helm upgrade` comma #### Deploy OpenFaaS Community Edition (CE) > OpenFaaS Community Edition is meant exploration and development. -> +> > OpenFaaS Pro has been tuned for production use including flexible auto-scaling, high-available deployments, durability, add-on features, and more. Deploy CE from the helm chart repo directly: @@ -310,7 +310,7 @@ Use the following guide to setup TLS for the [Gateway and Dashboard](https://doc If you are using Ingress locally, for testing, then you can access the gateway by adding: ```yaml -ingress: +ingress: enabled: true ``` @@ -446,7 +446,7 @@ Then delete the CRDs: kubectl delete crd -l app.kubernetes.io/name=openfaas ``` -If you have created additional namespaces for functions, delete those too, with `kubectl delete namespace `. +If you have created additional namespaces for functions, delete those too, with `kubectl delete namespace `. ## Kubernetes versioning @@ -495,7 +495,6 @@ See [values.yaml](./values.yaml) for detailed configuration. | `openfaasImagePullPolicy` | Image pull policy for openfaas components, can change to `IfNotPresent` in offline env | `Always` | | `openfaasPro` | Deploy OpenFaaS Pro | `false` | | `psp` | Enable [Pod Security Policy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for OpenFaaS accounts | `false` | -| `queueMode` | Set to `jetstream` to run the async system backed by NATS JetStream. By default the async system uses NATS Streaming| | `rbac` | Enable RBAC | `true` | | `registryPrefix` | Adds a prefix or replaces the server prefix for all images in chart i.e. `nats:2.11.6` becomes `registryPrefix/nats:2.11.6` | `""` | | `securityContext` | Give a `securityContext` template to be applied to each of the various containers in this chart, set to `{}` to disable, if required for Istio side-car injection. | See values.yaml | @@ -575,9 +574,11 @@ See [values.yaml](./values.yaml) for detailed configuration. | Parameter | Description | Default | | ----------------------- | ---------------------------------- | ---------------------------------------------------------- | -| `jetstreamQueueWorker.durableName` | Durable name used by JetStream consumers | `faas-workers` | +| `jetstreamQueueWorker.mode` | Queue operation mode: `static` or `function` | `static` | +| `jetstreamQueueWorker.durableName` | Deprecated: Durable name used by JetStream consumers | `faas-workers` | | `jetstreamQueueWorker.image` | Container image used for the queue-worker when the `queueMode` is `jetstream` | See [values.yaml](./values.yaml) | -| `jetstreamQueueWorker.maxWaiting` | Configure the max waiting pulls for the queue-worker JetStream consumer. The value should be at least max_inflight * queue_worker.replicas. Note that this value can not be updated once the consumer is created. | `512` | +| `jetstreamQueueWorker.consumer.inactiveThreshold` | If a function is inactive (has no invocations) for longer than this threshold its consumer will be removed to save resources | `30s` | +| `jetstreamQueueWorker.consumer.pullMaxMessages` | PullMaxMessages limits the number of messages to be buffered per consumer. Leave empty to use optimized default for the selected queue mode | `` | | `jetstreamQueueWorker.logs.debug` | Log debug messages | `false` | | `jetstreamQueueWorker.logs.format` | Set the log format, supports `console` or `json` | `console` | | `nats.channel` | The name of the NATS Streaming channel or NATS JetStream stream to use for asynchronous function invocations | `faas-request` | @@ -596,7 +597,6 @@ See [values.yaml](./values.yaml) for detailed configuration. | `queueWorker.queueGroup` | The name of the queue group used to process asynchronous function invocations | `faas` | | `queueWorkerPro.backoff` | The backoff algorithm used for retries. Must be one off `exponential`, `full` or `equal`| `exponential` | | `queueWorkerPro.httpRetryCodes` | Comma-separated list of HTTP status codes the queue-worker should retry | `408,429,500,502,503,504` | -| `queueWorkerPro.image` | Container image used for the Pro version of the queue-worker | See [values.yaml](./values.yaml) | | `queueWorkerPro.initialRetryWait` | Time to wait for the first retry | `10s` | | `queueWorkerPro.insecureTLS` | Enable insecure TLS for callback invocations | `false` | | `queueWorkerPro.maxRetryAttempts` | Amount of times to try sending a message to a function before discarding it | `10` | @@ -616,7 +616,7 @@ See [values.yaml](./values.yaml) for detailed configuration. | `iam.dashboardIssuer.clientSecret` | Name of the Kubernetes secret that contains the OAuth client secret for the dashboard | `""` | | `iam.dashboardIssuer.scopes` | OpenID Connect (OIDC) scopes for the dashboard | `[openid, email, profile]` | | `iam.kubernetesIssuer.create` | Create a JwtIssuer object for the kubernetes service account issuer | `true` | -| `iam.kubernetesIssuer.tokenExpiry` | Expiry time of OpenFaaS access tokens exchanged for tokens issued by the Kubernetes issuer. | `2h` | +| `iam.kubernetesIssuer.tokenExpiry` | Expiry time of OpenFaaS access tokens exchanged for tokens issued by the Kubernetes issuer. | `2h` | | `iam.kubernetesIssuer.url` | URL for the Kubernetes service account issuer. | `https://kubernetes.default.svc.cluster.local` | ### Dashboard (OpenFaaS Pro) diff --git a/chart/openfaas/templates/NOTES.txt b/chart/openfaas/templates/NOTES.txt index b7b33efca4..77aec67d12 100644 --- a/chart/openfaas/templates/NOTES.txt +++ b/chart/openfaas/templates/NOTES.txt @@ -17,13 +17,6 @@ These should only be used for development. See: https://docs.openfaas.com/openfa {{- end}} -{{- if and .Values.openfaasPro (ne .Values.queueMode "jetstream") }} - -Warning: Invalid queueMode when openfaasPro is set to true. -Set queueMode to "jetstream", see values-pro.yaml for recommended settings. - -{{- end }} - {{- if and .Values.openfaasPro (not .Values.async) }} Warning: It is not recommended to disable async for OpenFaaS Standard/Enterprise. diff --git a/chart/openfaas/templates/gateway-dep.yaml b/chart/openfaas/templates/gateway-dep.yaml index 18b19e99d9..8c0fcbb729 100644 --- a/chart/openfaas/templates/gateway-dep.yaml +++ b/chart/openfaas/templates/gateway-dep.yaml @@ -178,10 +178,6 @@ spec: value: "{{ .Values.nats.channel }}" {{- end }} {{- end }} - {{- if eq .Values.queueMode "jetstream" }} - - name: nats_jetstream - value: "true" - {{- end }} {{- if .Values.basic_auth }} - name: basic_auth value: "true" diff --git a/chart/openfaas/templates/jetstream-queueworker-dep.yaml b/chart/openfaas/templates/jetstream-queueworker-dep.yaml deleted file mode 100644 index 4aaefe292f..0000000000 --- a/chart/openfaas/templates/jetstream-queueworker-dep.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{- if and .Values.async (eq .Values.queueMode "jetstream") }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: {{ template "openfaas.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - component: queue-worker - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: queue-worker - namespace: {{ .Release.Namespace | quote }} -spec: - replicas: {{ .Values.queueWorker.replicas }} - selector: - matchLabels: - app: queue-worker - template: - metadata: - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8081" - labels: - app: queue-worker - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if and .Values.jetstreamQueueWorker.topologySpreadConstraints .Values.openfaasPro }} - topologySpreadConstraints: - {{- toYaml .Values.jetstreamQueueWorker.topologySpreadConstraints | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.openfaasPro }} - - name: license - secret: - secretName: openfaas-license - {{- end }} - containers: - - name: queue-worker - resources: - {{- .Values.queueWorker.resources | toYaml | nindent 12 }} - image: {{ include "openfaas.image" (dict "image" .Values.jetstreamQueueWorker.image "registryPrefix" .Values.registryPrefix) }} - imagePullPolicy: {{ .Values.openfaasImagePullPolicy }} - {{- if .Values.jetstreamQueueWorker.pprof }} - ports: - - name: pprof - containerPort: 6060 - protocol: TCP - {{- end }} - command: - - "jetstream-queue-worker" - {{- if .Values.openfaasPro }} - - "-license-file=/var/secrets/license/license" - {{- end }} - {{- if .Values.jetstreamQueueWorker.pprof }} - - "-pprof=true" - {{- end }} - env: - {{- if .Values.nats.external.enabled }} - - name: nats_host - value: "{{ .Values.nats.external.host }}" - - name: nats_port - value: "{{ .Values.nats.external.port }}" - {{- else }} - - name: nats_host - value: "nats.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesDNSDomain }}" - {{- end}} - - name: nats_stream - value: "{{ .Values.nats.channel }}" - - name: nats_durable - value: "{{ .Values.jetstreamQueueWorker.durableName }}" - - name: nats_stream_replicas - value: "{{ .Values.nats.streamReplication }}" - - name: gateway_url - value: "http://gateway.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesDNSDomain }}:8080" - - name: ack_wait - value: "{{ .Values.queueWorker.ackWait }}" - - name: max_inflight - value: "{{ .Values.queueWorkerPro.maxInflight }}" - - name: max_waiting - value: "{{ .Values.jetstreamQueueWorker.maxWaiting }}" - - name: "debug" - value: "{{ .Values.jetstreamQueueWorker.logs.debug }}" - - name: "log_encoding" - value: "{{ .Values.jetstreamQueueWorker.logs.format }}" - - name: upstream_timeout - value: "{{ .Values.gateway.upstreamTimeout }}" - - name: backoff - value: "{{ .Values.queueWorkerPro.backoff }}" - - # OpenFaaS PRO license required - - name: "max_retry_attempts" - value: "{{ .Values.queueWorkerPro.maxRetryAttempts }}" - - name: "max_retry_wait" - value: "{{ .Values.queueWorkerPro.maxRetryWait }}" - - name: "initial_retry_wait" - value: "{{ .Values.queueWorkerPro.initialRetryWait }}" - - name: "retry_http_codes" - value: "{{ .Values.queueWorkerPro.httpRetryCodes }}" - - name: print_request_body - value: "{{ .Values.queueWorkerPro.printRequestBody }}" - - name: print_response_body - value: "{{ .Values.queueWorkerPro.printResponseBody }}" - {{- if .Values.openfaasPro }} - - name: "tls_insecure" - value: "{{ .Values.queueWorkerPro.insecureTLS }}" - {{- end }} - - {{- if .Values.securityContext }} - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - {{- end }} - - volumeMounts: - {{- if .Values.openfaasPro }} - - name: license - readOnly: true - mountPath: "/var/secrets/license" - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/chart/openfaas/templates/nats-dep.yaml b/chart/openfaas/templates/nats-dep.yaml index 4d4a8c5dbf..357f00a9dd 100644 --- a/chart/openfaas/templates/nats-dep.yaml +++ b/chart/openfaas/templates/nats-dep.yaml @@ -30,7 +30,7 @@ spec: - name: nats resources: {{- .Values.nats.resources | toYaml | nindent 12 }} - {{- if eq .Values.queueMode "jetstream" }} + {{- if .Values.openfaasPro }} image: {{ include "openfaas.image" (dict "image" .Values.nats.image "registryPrefix" .Values.registryPrefix) }} {{- else }} image: {{ include "openfaas.image" (dict "image" .Values.stan.image "registryPrefix" .Values.registryPrefix) }} @@ -39,11 +39,11 @@ spec: ports: - containerPort: 4222 protocol: TCP - {{- if not (eq .Values.queueMode "jetstream") }} + {{- if not .Values.openfaasPro }} command: ["/nats-streaming-server"] {{- end }} args: - {{- if eq .Values.queueMode "jetstream" }} + {{- if .Values.openfaasPro }} - --js {{- else}} - --store diff --git a/chart/openfaas/templates/prometheus-pro-cfg.yaml b/chart/openfaas/templates/prometheus-pro-cfg.yaml index bc5466cec8..139e24837c 100644 --- a/chart/openfaas/templates/prometheus-pro-cfg.yaml +++ b/chart/openfaas/templates/prometheus-pro-cfg.yaml @@ -142,7 +142,7 @@ data: regex: '(.*);(.*)' replacement: '${1}.${2}' target_label: "function_name" - + - job_name: 'openfaas-function-pods' scrape_interval: 15s kubernetes_sd_configs: @@ -181,7 +181,7 @@ data: regex: '^([0-9a-zA-Z-]+)+(-[0-9a-zA-Z]+-[0-9a-zA-Z]+)$' replacement: '$1' target_label: deployment_name - + metric_relabel_configs: - source_labels: [deployment_name, kubernetes_namespace] separator: ";" @@ -207,7 +207,12 @@ data: expr: ceil(sum(irate ( pod_cpu_usage_seconds_total{}[1m])*1000) by (function_name) * on (function_name) avg by (function_name) (gateway_service_target_load{scaling_type="cpu"} > bool 1 )) labels: scaling_type: cpu - + + - record: job:function_current_load:sum + expr: avg(queue_worker_pending_messages{}) by (function_name) and on (function_name) avg by (function_name) (gateway_service_target_load{scaling_type="queue"}) > bool 1 + labels: + scaling_type: queue + {{- with .Values.prometheus.recordingRules }} {{ toYaml . | nindent 6 }} {{- end }} diff --git a/chart/openfaas/templates/queueworker-ce-dep.yaml b/chart/openfaas/templates/queueworker-ce-dep.yaml new file mode 100644 index 0000000000..1d3cd86e2d --- /dev/null +++ b/chart/openfaas/templates/queueworker-ce-dep.yaml @@ -0,0 +1,90 @@ +{{- if and .Values.async (not .Values.openfaasPro) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ template "openfaas.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: queue-worker + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: queue-worker + namespace: {{ .Release.Namespace | quote }} +spec: + replicas: {{ .Values.queueWorker.replicas }} + selector: + matchLabels: + app: queue-worker + template: + metadata: + annotations: + prometheus.io/scrape: "false" + labels: + app: queue-worker + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.basic_auth }} + - name: auth + secret: + secretName: basic-auth + {{- end }} + containers: + - name: queue-worker + resources: + {{- .Values.queueWorker.resources | toYaml | nindent 12 }} + image: {{ include "openfaas.image" (dict "image" .Values.queueWorker.image "registryPrefix" .Values.registryPrefix) }} + imagePullPolicy: {{ .Values.openfaasImagePullPolicy }} + env: + {{- if .Values.nats.external.enabled }} + - name: faas_nats_address + value: "{{ .Values.nats.external.host }}" + - name: faas_nats_port + value: "{{ .Values.nats.external.port }}" + - name: faas_nats_cluster_name + value: "{{ .Values.nats.external.clusterName }}" + {{- else }} + - name: faas_nats_address + value: "nats.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesDNSDomain }}" + {{- end}} + - name: faas_nats_channel + value: "{{ .Values.nats.channel }}" + - name: faas_nats_queue_group + value: "{{ .Values.queueWorker.queueGroup }}" + - name: faas_gateway_address + value: "gateway.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesDNSDomain }}" + {{- if .Values.functionNamespace }} + - name: faas_function_suffix + value: ".{{ .Values.functionNamespace }}.svc.{{ .Values.kubernetesDNSDomain }}" + {{- end }} + - name: ack_wait + value: "{{ .Values.queueWorker.ackWait }}" + - name: max_inflight + value: "{{ or (.Values.queueWorker.maxInflight ) ("1") }}" + + {{- if .Values.basic_auth }} + - name: secret_mount_path + value: "/var/secrets/gateway" + - name: basic_auth + value: "{{ .Values.basic_auth }}" + volumeMounts: + - name: auth + readOnly: true + mountPath: "/var/secrets/gateway" + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/chart/openfaas/templates/queueworker-dep.yaml b/chart/openfaas/templates/queueworker-dep.yaml index 4ee9e97608..de73247182 100644 --- a/chart/openfaas/templates/queueworker-dep.yaml +++ b/chart/openfaas/templates/queueworker-dep.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.async (not (eq .Values.queueMode "jetstream")) }} +{{- if and .Values.async .Values.openfaasPro }} apiVersion: apps/v1 kind: Deployment metadata: @@ -18,7 +18,8 @@ spec: template: metadata: annotations: - prometheus.io/scrape: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "8081" labels: app: queue-worker spec: @@ -26,61 +27,78 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - volumes: - {{- if .Values.basic_auth }} - - name: auth - secret: - secretName: basic-auth + {{- if .Values.jetstreamQueueWorker.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml .Values.jetstreamQueueWorker.topologySpreadConstraints | nindent 8 }} {{- end }} - - {{- if .Values.openfaasPro }} + volumes: - name: license secret: secretName: openfaas-license - {{- end }} containers: - - name: queue-worker + - name: queue-worker resources: {{- .Values.queueWorker.resources | toYaml | nindent 12 }} - {{- if .Values.openfaasPro }} - image: {{ include "openfaas.image" (dict "image" .Values.queueWorkerPro.image "registryPrefix" .Values.registryPrefix) }} - {{- else }} - image: {{ include "openfaas.image" (dict "image" .Values.queueWorker.image "registryPrefix" .Values.registryPrefix) }} - {{- end }} + image: {{ include "openfaas.image" (dict "image" .Values.jetstreamQueueWorker.image "registryPrefix" .Values.registryPrefix) }} imagePullPolicy: {{ .Values.openfaasImagePullPolicy }} - {{- if .Values.openfaasPro }} + {{- if .Values.jetstreamQueueWorker.pprof }} + ports: + - name: pprof + containerPort: 6060 + protocol: TCP + {{- end }} command: - - "/worker" + - "jetstream-queue-worker" - "-license-file=/var/secrets/license/license" - {{- end }} + {{- if .Values.jetstreamQueueWorker.pprof }} + - "-pprof=true" + {{- end }} env: {{- if .Values.nats.external.enabled }} - - name: faas_nats_address + - name: nats_host value: "{{ .Values.nats.external.host }}" - - name: faas_nats_port + - name: nats_port value: "{{ .Values.nats.external.port }}" - - name: faas_nats_cluster_name - value: "{{ .Values.nats.external.clusterName }}" {{- else }} - - name: faas_nats_address + - name: nats_host value: "nats.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesDNSDomain }}" {{- end}} - - name: faas_nats_channel + + # Only required for stream migration when upgrading queue-worker from version < 0.3.47 + # Not used once stream has been migrated. + - name: nats_stream value: "{{ .Values.nats.channel }}" - - name: faas_nats_queue_group - value: "{{ .Values.queueWorker.queueGroup }}" - - name: faas_gateway_address - value: "gateway.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesDNSDomain }}" - {{- if .Values.functionNamespace }} - - name: faas_function_suffix - value: ".{{ .Values.functionNamespace }}.svc.{{ .Values.kubernetesDNSDomain }}" + - name: nats_durable + value: "{{ .Values.jetstreamQueueWorker.durableName }}" + - name: default_function_name + value: "{{ .Values.functionNamespace }}" + + - name: max_inflight + value: "{{ .Values.queueWorkerPro.maxInflight }}" + - name: "scaling_mode" + value: "{{ .Values.jetstreamQueueWorker.mode }}" + - name: "inactive_threshold" + value: "{{ .Values.jetstreamQueueWorker.consumer.inactiveThreshold }}" + {{- if .Values.jetstreamQueueWorker.consumer.pullMaxMessages }} + - name: "consumer_pull_max_messages" + value: "{{ .Values.jetstreamQueueWorker.consumer.pullMaxMessages }}" {{- end }} + - name: gateway_url + value: "http://gateway.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesDNSDomain }}:8080" + - name: "tls_insecure" + value: "{{ .Values.queueWorkerPro.insecureTLS }}" + - name: "debug" + value: "{{ .Values.jetstreamQueueWorker.logs.debug }}" + - name: "log_encoding" + value: "{{ .Values.jetstreamQueueWorker.logs.format }}" + + - name: nats_stream_replicas + value: "{{ .Values.nats.streamReplication }}" - name: ack_wait value: "{{ .Values.queueWorker.ackWait }}" - - name: max_inflight - value: "{{ or (.Values.queueWorkerPro.maxInflight) (.Values.queueWorker.maxInflight ) ("1") }}" - # OpenFaaS PRO license required + - name: upstream_timeout + value: "{{ .Values.gateway.upstreamTimeout }}" - name: "max_retry_attempts" value: "{{ .Values.queueWorkerPro.maxRetryAttempts }}" - name: "max_retry_wait" @@ -89,31 +107,18 @@ spec: value: "{{ .Values.queueWorkerPro.initialRetryWait }}" - name: "retry_http_codes" value: "{{ .Values.queueWorkerPro.httpRetryCodes }}" - - name: print_request_body - value: "{{ .Values.queueWorkerPro.printRequestBody }}" - - name: print_response_body - value: "{{ .Values.queueWorkerPro.printResponseBody }}" - {{- if .Values.openfaasPro }} - - name: tls_insecure - value: "{{ .Values.queueWorkerPro.insecureTLS }}" - {{- end }} + - name: backoff + value: "{{ .Values.queueWorkerPro.backoff }}" - {{- if .Values.basic_auth }} - - name: secret_mount_path - value: "/var/secrets/gateway" - - name: basic_auth - value: "{{ .Values.basic_auth }}" + {{- if .Values.securityContext }} + securityContext: + {{- toYaml .Values.securityContext | nindent 10 }} + {{- end }} volumeMounts: - {{- if .Values.openfaasPro }} - name: license readOnly: true mountPath: "/var/secrets/license" - {{- end }} - - name: auth - readOnly: true - mountPath: "/var/secrets/gateway" - {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/chart/openfaas/templates/jetstream-queue-worker-pprof-svc.yaml b/chart/openfaas/templates/queueworker-pprof-svc.yaml similarity index 100% rename from chart/openfaas/templates/jetstream-queue-worker-pprof-svc.yaml rename to chart/openfaas/templates/queueworker-pprof-svc.yaml diff --git a/chart/openfaas/values-pro.yaml b/chart/openfaas/values-pro.yaml index 4f62dd127a..d5888d5ef1 100644 --- a/chart/openfaas/values-pro.yaml +++ b/chart/openfaas/values-pro.yaml @@ -70,10 +70,6 @@ queueWorker: queueWorkerPro: maxInflight: 50 -# Enable JetStream for OpenFaaS, learn more at: -# https://www.openfaas.com/blog/jetstream-for-openfaas/ -queueMode: jetstream - # Set stream replication factor. # For production a value of at least 3 is recommended for NATS JetStream to be resilient. # See https://github.com/openfaas/openfaas-pro/blob/master/jetstream.md diff --git a/chart/openfaas/values.yaml b/chart/openfaas/values.yaml index 6f1e6389c5..03e5032028 100644 --- a/chart/openfaas/values.yaml +++ b/chart/openfaas/values.yaml @@ -31,9 +31,7 @@ securityContext: {} exposeServices: true serviceType: NodePort # serviceType for OpenFaaS gateway -async: true # No known reason to disable this, kept for legacy reasons - -queueMode: "" # Set to `jetstream` to run the async system backed by NATS JetStream. By default the async system uses NATS Streaming +async: true # No known reason to disable this, kept for legacy reasons # create pod security policies for OpenFaaS control plane # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ @@ -42,7 +40,7 @@ psp: false # image pull policy for openfaas components, can change to `IfNotPresent` for an air-gapped environment openfaasImagePullPolicy: "IfNotPresent" -# Optionally, give the name of a secret containing a CA bundle to be added to the +# Optionally, give the name of a secret containing a CA bundle to be added to the # OIDC plugin and OpenFaaS Dashboard components when a self-signed certificate is used # # kubectl create secret generic -n openfaas ca-bundle --from-file=ca.crt=./ca.crt @@ -123,7 +121,7 @@ eventSubscription: endpoint: "" endpointSecret: "" - # Do not validate the TLS certificate of the endpoint, use when + # Do not validate the TLS certificate of the endpoint, use when # testing with self-signed certificates insecureTLS: false @@ -184,7 +182,7 @@ operator: reconcileQPS: 100 reconcileBurst: 250 - # When set to true, pprof will be enabled, and the + # When set to true, pprof will be enabled, and the # service "faas-provider" will gain an extra port to # expose the pprof endpoint, this cannot be used in production # since it may bypass authentication, and should only be used @@ -219,15 +217,17 @@ faasnetes: # The values for jetstreamQueueWorker are merged with those under # the "queueWorkerPro" and "queueWorker" section -# -# Enable automatically when nats.queueMode is set to "jetstream" +# +# The Jetstream queue-worker is the default queue-worker for OpenFaaS Pro. jetstreamQueueWorker: image: ghcr.io/openfaasltd/jetstream-queue-worker:0.3.47 + mode: "static" + consumer: + inactiveThreshold: "30s" + + # Deprecated: Only required for stream migration when + # upgrading from queue-worker version 0.3.46 or older durableName: "faas-workers" - # Configure the max waiting pulls for the queue-worker JetStream consumer. - # The value should be at least max_inflight * replicas. - # Note that this value can not be updated once the consumer is created. - maxWaiting: 512 logs: debug: false format: "console" @@ -253,7 +253,6 @@ jetstreamQueueWorker: # # Enabled automatically when openfaasPro is set to true queueWorkerPro: - image: ghcr.io/openfaasltd/queue-worker:0.4.0 maxRetryAttempts: "10" maxRetryWait: "120s" initialRetryWait: "10s" @@ -310,19 +309,19 @@ autoscaler: limits: memory: "256Mi" - # Set to "true" to learn how the autoscaler works, both for horizonal Pod scaling + # Set to "true" to learn how the autoscaler works, both for horizonal Pod scaling # and for scaling to zero. - # The Grafana dashboards can be used in combination to see the effect of the - # autoscaler: https://docs.openfaas.com/openfaas-pro/grafana-dashboards/ + # The Grafana dashboards can be used in combination to see the effect of the + # autoscaler: https://docs.openfaas.com/openfaas-pro/grafana-dashboards/ verbose: false - # When disableHorizontalScaling is set to true, then the autoscaler will + # When disableHorizontalScaling is set to true, then the autoscaler will # only scale to zero, without scaling replicas between the defined Min and Max # count for the function disableHorizontalScaling: false # OpenFaaS Pro -## To use with port-forwarding, set publicURL to +## To use with port-forwarding, set publicURL to ## http://127.0.0.1 dashboard: image: ghcr.io/openfaasltd/openfaas-dashboard:0.5.35 @@ -399,7 +398,7 @@ prometheus: # Simplified security context configuration for Prometheus # set fsGroup to 65534 (nobody) for persistent volume access # fsGroup: 65534 - + # Applied only at container level, ignoring global chart security context # securityContext: # runAsUser: 65534 diff --git a/chart/queue-worker/README.md b/chart/queue-worker/README.md index 06c25d030d..ca075699e1 100644 --- a/chart/queue-worker/README.md +++ b/chart/queue-worker/README.md @@ -29,27 +29,38 @@ helm upgrade slow-queue chart/queue-worker \ ``` ## Configuration + | Parameter | Description | Default | |-----------|-------------|---------| -| `image` | The jetstream-queue-worker image that should be deployed | See values.yaml | +| `image` | The queue-worker image that should be deployed | See values.yaml | | `replicas` | Number of queue-worker replicas to create | `1` | +| `queueName` | Name of the queue | `faas-request` | +| `mode` | Queue operation mode: `static` or `function` | `static` | | `maxInflight` | Control the concurrent invocations | `1` | -| `maxWaiting` | Configure the max waiting pulls for the queue-worker JetStream consumer. The value should be at least max_inflight * queue_worker.replicas. Note that this value can not be updated once the consumer is created. | `512` | +| `queuePartitions` | Number of queue partitions | `1` | +| `partition` | Queue partition number this queue should subscribe to | `0` | +| `consumer.inactiveThreshold` | If a function is inactive (has no invocations) for longer than this threshold its consumer will be removed to save resources | `30s` | +| `consumer.pullMaxMessages` | PullMaxMessages limits the number of messages to be buffered per consumer. Leave empty to use optimized default for the selected queue mode | `` | | `upstreamTimeout` | Maximum duration of upstream function call | `1m` | -| `maxRetryAttempts` | The amount of times to try sending a message to a function before discarding it |`10` | +| `maxRetryAttempts` | The amount of times to try sending a message to a function before discarding it | `10` | | `maxRetryWait` | The maximum amount of time to wait between retries | `120s` | | `initialRetryWait` | The amount of time to wait for the first retry | `10s` | | `httpRetryCodes` | A comma-separated list of HTTP status codes which the queue worker will retry when received from a function | `408,429,500,502,503,504` | | `backoff` | The backoff algorithm used for retries. Must be one off `exponential`, `full` or `equal`| `exponential` | | `gateway.host` | The host at which the OpenFaaS gateway can be reached | `http://gateway.openfaas` | -| `insecureTLS` | Enable insecure tls for callbacks | `false` | | `gateway.port` | The port at which the OpenFaaS gateway can be reached | `8080` | -| `nats.host` | The host at which the NATS JetStream serber can be reached | `nats.openfaas` | -| `nats.port` | The part at which the NATS JetStream server can be reached | `4222` | -| `nats.reconnect.attempt` | Max NATS reconnection attempts | `120` | -| `nats.reconnect.delay` | Time to wait between NATS reconnection attempts | `2s` | +| `insecureTLS` | Enable insecure tls for callbacks | `false` | +| `nats.host` | The host at which the NATS JetStream server can be reached | `nats.openfaas` | +| `nats.port` | The port at which the NATS JetStream server can be reached | `4222` | | `nats.stream.name` | Name of the NATS JetStream stream to use | `faas-request` | | `nats.stream.replicas` | Number of JetStream stream replicas to create | `1` | | `nats.consumer.durableName` | The name of the NATS JetStream consumer to use | `faas-workers` | +| `nats.consumer.ackWait` | AckWait configures how long the NATS waits for an acknowledgement before redelivering the message| `30s` | | `logs.debug` | Print debug logs | `false` | -| `logs.format` | The log encoding format. Supported values: `json` or `console` | `console` | \ No newline at end of file +| `logs.format` | The log encoding format. Supported values: `json` or `console` | `console` | +| `resources.requests.memory` | Memory resource request | `120Mi` | +| `resources.requests.cpu` | CPU resource request | `50m` | +| `imagePullPolicy` | Image pull policy | `IfNotPresent` | +| `nodeSelector` | [NodeSelector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) for deployment | `{}` | +| `tolerations` | [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for deployment | `[]` | +| `affinity` | [Aaffinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) rules for deployment | `{}` | diff --git a/chart/queue-worker/templates/deployment.yaml b/chart/queue-worker/templates/deployment.yaml index 86237e4863..21d19fe0f5 100644 --- a/chart/queue-worker/templates/deployment.yaml +++ b/chart/queue-worker/templates/deployment.yaml @@ -43,27 +43,44 @@ spec: value: "{{ .Values.nats.host }}" - name: "nats_port" value: "{{ .Values.nats.port }}" + - name: "nats_stream" value: "{{ .Values.nats.stream.name }}" - name: "nats_durable" value: "{{ .Values.nats.consumer.durableName }}" - - name: "nats_stream_replicas" - value: "{{ .Values.nats.stream.replicas }}" - - name: "max_reconnect" - value: "{{ .Values.nats.reconnect.attempts }}" - - name: "reconnect_delay" - value: "{{ .Values.nats.reconnect.delay }}" - - name: "gateway_url" - value: "{{ .Values.gateway.host }}:{{ .Values.gateway.port }}" + + - name: "queue_name" + value: "{{ .Values.queueName }}" + - name: "queue_partitions" + value: "{{ .Values.queuePartitions }}" + - name: "filter_partition" + value: "{{ .Values.partition }}" - name: "max_inflight" value: "{{ .Values.maxInflight }}" - - name: max_waiting - value: "{{ .Values.maxWaiting }}" - - name: "upstream_timeout" - value: "{{ .Values.upstreamTimeout }}" + - name: "scaling_mode" + value: "{{ .Values.mode }}" + - name: "consumer_inactive_threshold" + value: "{{ .Values.consumer.inactiveThreshold }}" + {{- if .Values.consumer.pullMaxMessages }} + - name: "consumer_pull_max_messages" + value: "{{ .Values.consumer.pullMaxMessages }}" + {{- end }} + - name: "gateway_url" + value: "{{ .Values.gateway.host }}:{{ .Values.gateway.port }}" - name: "tls_insecure" value: "{{ .Values.insecureTLS }}" + - name: "debug" + value: "{{ .Values.logs.debug }}" + - name: "log_encoding" + value: "{{ .Values.logs.format }}" + + - name: "nats_stream_replicas" + value: "{{ .Values.nats.stream.replicas }}" + - name: "ack_wait" + value: "{{ .Values.nats.consumer.ackWait }}" + - name: "upstream_timeout" + value: "{{ .Values.upstreamTimeout }}" - name: "max_retry_attempts" value: "{{ .Values.maxRetryAttempts }}" - name: "max_retry_wait" @@ -74,12 +91,6 @@ spec: value: "{{ .Values.httpRetryCodes }}" - name: "backoff" value: "{{ .Values.backoff }}" - - - name: "debug" - value: "{{ .Values.logs.debug }}" - - name: "log_encoding" - value: "{{ .Values.logs.format }}" - volumeMounts: - name: license readOnly: true @@ -95,4 +106,4 @@ spec: {{- with .Values.tolerations }} tolerations: {{ toYaml . | indent 8 }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/chart/queue-worker/values.yaml b/chart/queue-worker/values.yaml index a4cfa33350..d34f1de3ad 100644 --- a/chart/queue-worker/values.yaml +++ b/chart/queue-worker/values.yaml @@ -8,12 +8,17 @@ image: ghcr.io/openfaasltd/jetstream-queue-worker:0.3.47 replicas: 1 +# Change this to your queue name. +# Allowed characters (a - z), (0 - 9), - and _ +queueName: "custom-request" +mode: static maxInflight: 1 -# Configure the max waiting pulls for the queue-worker JetStream consumer. -# The value should be at least max_inflight * replicas. -# Note that this value can not be updated once the consumer is created. -maxWaiting: 512 +queuePartitions: 1 +partition: 0 + +consumer: + inactiveThreshold: "30s" upstreamTimeout: "1m" @@ -37,14 +42,12 @@ gateway: nats: host: "nats.openfaas" port: "4222" - reconnect: - attempts: 120 - delay: "2s" stream: name: "faas-request" replicas: 1 consumer: durableName: "faas-workers" + ackWait: "30s" logs: debug: false