From f91690f086a50a4130aab06ad58a09b6f7292e61 Mon Sep 17 00:00:00 2001 From: Francesco Timperi Tiberi Date: Sun, 12 Feb 2023 16:38:53 +0000 Subject: [PATCH] feature: added a lean mode demo for the controller --- demos/demo-leanmode/Taskfile.yaml | 71 +++++ demos/demo-leanmode/couchdb/couchdb-auth.yaml | 30 ++ demos/demo-leanmode/couchdb/couchdb-init.yaml | 83 ++++++ demos/demo-leanmode/couchdb/couchdb-set.yaml | 55 ++++ demos/demo-leanmode/couchdb/couchdb-svc.yaml | 31 ++ demos/demo-leanmode/init/nuvolaris-ns.yaml | 22 ++ .../init/nuvolaris-operator-sa.yaml | 37 +++ .../demo-leanmode/init/openwhisk-core-sa.yaml | 56 ++++ .../init/openwhisk-invoker-sa.yaml | 61 ++++ .../openwhisk/controller-np.yaml | 58 ++++ .../openwhisk/controller-sts.yaml | 272 ++++++++++++++++++ demos/demo-leanmode/tests/hello.js | 22 ++ 12 files changed, 798 insertions(+) create mode 100644 demos/demo-leanmode/Taskfile.yaml create mode 100644 demos/demo-leanmode/couchdb/couchdb-auth.yaml create mode 100644 demos/demo-leanmode/couchdb/couchdb-init.yaml create mode 100644 demos/demo-leanmode/couchdb/couchdb-set.yaml create mode 100644 demos/demo-leanmode/couchdb/couchdb-svc.yaml create mode 100644 demos/demo-leanmode/init/nuvolaris-ns.yaml create mode 100644 demos/demo-leanmode/init/nuvolaris-operator-sa.yaml create mode 100644 demos/demo-leanmode/init/openwhisk-core-sa.yaml create mode 100644 demos/demo-leanmode/init/openwhisk-invoker-sa.yaml create mode 100644 demos/demo-leanmode/openwhisk/controller-np.yaml create mode 100644 demos/demo-leanmode/openwhisk/controller-sts.yaml create mode 100644 demos/demo-leanmode/tests/hello.js diff --git a/demos/demo-leanmode/Taskfile.yaml b/demos/demo-leanmode/Taskfile.yaml new file mode 100644 index 0000000..24d9bb4 --- /dev/null +++ b/demos/demo-leanmode/Taskfile.yaml @@ -0,0 +1,71 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +version: '3' + +vars: + CMD: apply + +tasks: + + init: + - kubectl apply -f init + - kubectl config set-context --current --namespace nuvolaris + + couchdb: + - kubectl {{.CMD}} -f couchdb + + couchdb:delete: task couchdb CMD=delete + + couchdb:test: + - kubectl -n nuvolaris apply -f common/kcat.yaml + - kubectl -n nuvolaris wait po kcat --for=condition=Ready + - > + kubectl -n nuvolaris exec -i kcat -- /bin/sh -c + 'wget -qO- http://whisk_admin:some_passw0rd@$COUCHDB_SERVICE_HOST:$COUCHDB_SERVICE_PORT/_all_dbs/' + - kubectl -n nuvolaris delete -f common/kcat.yaml --grace-period=0 + + wsk:test: + - wsk action update hello tests/hello.js + - wsk action invoke hello + + +# kafkacat -L -b localhost:9092 +# echo test | kafkacat -P -b localhost:9092 -t test +# kafkacat -C -b localhost:9092 -t test + + watch: watch kubectl -n nuvolaris get deploy,pod,service,job + + clean: + cmds: + - task couchdb + - task init + vars: + CMD: delete + + export: + cmds: + - | + if test -z "{{.F}}" + then ls "{{.TPL}}/templates" ; echo select with "F=" no .yaml + else helm template openwhisk {{.TPL}} \ + -n nuvolaris -f openwhisk-deploy-kube/deploy/kind/mycluster.yaml \ + -s templates/{{.F}}.yaml | tee ../demo-enterprise/export/{{.F}}.yaml + fi + vars: + TPL: openwhisk-deploy-kube/helm/openwhisk + dir: ../openwhisk-kube \ No newline at end of file diff --git a/demos/demo-leanmode/couchdb/couchdb-auth.yaml b/demos/demo-leanmode/couchdb/couchdb-auth.yaml new file mode 100644 index 0000000..9a07279 --- /dev/null +++ b/demos/demo-leanmode/couchdb/couchdb-auth.yaml @@ -0,0 +1,30 @@ +--- +# Source: openwhisk/templates/ow-db-secret.yaml +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: v1 +kind: Secret +metadata: + name: couchdb-auth + namespace: nuvolaris +type: Opaque +data: + # whisk_admin + db_username: d2hpc2tfYWRtaW4= + # some_passw0rd + db_password: c29tZV9wYXNzdzByZA== diff --git a/demos/demo-leanmode/couchdb/couchdb-init.yaml b/demos/demo-leanmode/couchdb/couchdb-init.yaml new file mode 100644 index 0000000..a3a8763 --- /dev/null +++ b/demos/demo-leanmode/couchdb/couchdb-init.yaml @@ -0,0 +1,83 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: couchdb-init + namespace: nuvolaris +spec: + backoffLimit: 3 + template: + metadata: + name: couchdb-init + namespace: nuvolaris + spec: + serviceAccount: nuvolaris-operator + restartPolicy: Never + containers: + - name: init-couchdb + image: "ghcr.io/francescotimperi/nuvolaris-operator:0.3.0-morpheus.23021019" + imagePullPolicy: "IfNotPresent" + command: ["./dbinit.sh"] + env: + - name: "NUVOLARIS_CONFIG" + value: | + { + "components.couchdb": true, + "components.invoker": false, + "components.kafka": false, + "components.mongodb": false, + "components.openwhisk": true, + "components.redis": true, + "components.s3bucket": false, + "couchdb.admin.password": "some_passw0rd", + "couchdb.admin.user": "whisk_admin", + "couchdb.invoker.password": "s0meP@ass1", + "couchdb.invoker.user": "invoker_admin", + "couchdb.host": "couchdb", + "couchdb.controller.password": "s0meP@ass2", + "couchdb.controller.user": "controller_admin", + "couchdb.port": 5984, + "couchdb.volume-size": 10, + "kafka.host": "kafka", + "kafka.volume-size": 10, + "mongodb.admin.password": "0therPa55", + "mongodb.admin.user": "admin", + "mongodb.host": "mongodb", + "mongodb.volume-size": 10, + "openwhisk.limits.actions.invokes-concurrent": 250, + "openwhisk.limits.actions.invokes-perMinute": 999, + "openwhisk.limits.actions.sequence-maxLength": 50, + "openwhisk.limits.triggers.fires-perMinute": 999, + "openwhisk.namespaces.whisk-system": "789c46b1-71f6-4ed5-8c54-816aa4f8c502:abczO3xZCLrMN6v2Bx1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP", + "openwhisk.namespaces.nuvolaris": "cbd68075-dac2-475e-8c07-d62a30c7e683:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP", + "s3.id": "AKIAIOSFODNN7EXAMPLE", + "s3.key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "s3.region": "eu-central-1", + "s3.volume-size": 10, + "nuvolaris.storageClass": "standard", + "nuvolaris.provisioner": "rancher.io/local-path", + "nuvolaris.apihost": "localhost", + "nuvolaris.apiport": "3233", + "nuvolaris.kube": "kind", + "nuvolaris.protocol": "http", + "operator.image": "ghcr.io/francescotimperi/nuvolaris-operator", + "operator.tag": "0.3.0-morpheus.23021019", + "controller.image": "ghcr.io/nuvolaris/openwhisk-controller", + "controller.tag": "0.3.0-morpheus.22122609" + } diff --git a/demos/demo-leanmode/couchdb/couchdb-set.yaml b/demos/demo-leanmode/couchdb/couchdb-set.yaml new file mode 100644 index 0000000..74e4bd4 --- /dev/null +++ b/demos/demo-leanmode/couchdb/couchdb-set.yaml @@ -0,0 +1,55 @@ +--- +# Source: openwhisk/templates/couchdb-pod.yaml +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: couchdb + namespace: nuvolaris +spec: + replicas: 1 + selector: + matchLabels: + name: couchdb + serviceName: "couchdb" + template: + metadata: + labels: + name: couchdb + spec: + restartPolicy: Always + containers: + - name: couchdb + image: "apache/couchdb:2.3" + imagePullPolicy: "IfNotPresent" + ports: + - name: couchdb + containerPort: 5984 + env: + - name: "COUCHDB_USER" + valueFrom: + secretKeyRef: + name: couchdb-auth + key: db_username + - name: "COUCHDB_PASSWORD" + valueFrom: + secretKeyRef: + name: couchdb-auth + key: db_password + - name: "NODENAME" + value: "couchdb0" diff --git a/demos/demo-leanmode/couchdb/couchdb-svc.yaml b/demos/demo-leanmode/couchdb/couchdb-svc.yaml new file mode 100644 index 0000000..465b841 --- /dev/null +++ b/demos/demo-leanmode/couchdb/couchdb-svc.yaml @@ -0,0 +1,31 @@ +--- +# Source: openwhisk/templates/couchdb-svc.yaml +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: Service +metadata: + name: couchdb + namespace: nuvolaris +spec: + type: NodePort + selector: + name: couchdb + ports: + - port: 5984 + targetPort: 5984 + nodePort: 30984 \ No newline at end of file diff --git a/demos/demo-leanmode/init/nuvolaris-ns.yaml b/demos/demo-leanmode/init/nuvolaris-ns.yaml new file mode 100644 index 0000000..beddc7a --- /dev/null +++ b/demos/demo-leanmode/init/nuvolaris-ns.yaml @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +--- +apiVersion: v1 +kind: Namespace +metadata: + name: nuvolaris diff --git a/demos/demo-leanmode/init/nuvolaris-operator-sa.yaml b/demos/demo-leanmode/init/nuvolaris-operator-sa.yaml new file mode 100644 index 0000000..74152c5 --- /dev/null +++ b/demos/demo-leanmode/init/nuvolaris-operator-sa.yaml @@ -0,0 +1,37 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nuvolaris-operator + namespace: nuvolaris +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: nuvolaris-operator-demo-crb + namespace: nuvolaris +subjects: +- kind: ServiceAccount + namespace: nuvolaris + name: nuvolaris-operator +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/demos/demo-leanmode/init/openwhisk-core-sa.yaml b/demos/demo-leanmode/init/openwhisk-core-sa.yaml new file mode 100644 index 0000000..9357070 --- /dev/null +++ b/demos/demo-leanmode/init/openwhisk-core-sa.yaml @@ -0,0 +1,56 @@ +--- +# Source: openwhisk/templates/core-rolebind.yaml +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: openwhisk-core + namespace: nuvolaris +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: openwhisk-core + namespace: nuvolaris +rules: +- apiGroups: ["extensions", "apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["events"] + verbs: ["get", "list"] +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: openwhisk-core + namespace: nuvolaris +roleRef: + kind: Role + name: openwhisk-core + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: openwhisk-core + namespace: nuvolaris diff --git a/demos/demo-leanmode/init/openwhisk-invoker-sa.yaml b/demos/demo-leanmode/init/openwhisk-invoker-sa.yaml new file mode 100644 index 0000000..9807a51 --- /dev/null +++ b/demos/demo-leanmode/init/openwhisk-invoker-sa.yaml @@ -0,0 +1,61 @@ +--- +# Source: openwhisk/templates/invoker-role.yaml +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# When using KubernetesContainerFactory, invoker pods need extensive +# permissions to manage pods and deployments. The ability to create +# pods can enable privilege escalation attacks, so restrict it to a +# ServiceAccount that is only used for the invokers and only defined +# when using KubernetesContainerFactory. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: openwhisk-invoker + namespace: nuvolaris +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: openwhisk-invoker + namespace: nuvolaris +rules: +- apiGroups: ["extensions", "apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["events"] + verbs: ["get", "list"] +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get", "list"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: openwhisk-invoker + namespace: nuvolaris +subjects: +- kind: ServiceAccount + namespace: "nuvolaris" + name: openwhisk-invoker +roleRef: + kind: Role + name: openwhisk-invoker + apiGroup: rbac.authorization.k8s.io diff --git a/demos/demo-leanmode/openwhisk/controller-np.yaml b/demos/demo-leanmode/openwhisk/controller-np.yaml new file mode 100644 index 0000000..3953236 --- /dev/null +++ b/demos/demo-leanmode/openwhisk/controller-np.yaml @@ -0,0 +1,58 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +apiVersion: v1 +kind: Service +metadata: + namespace: nuvolaris + name: openwhisk-controller-np +spec: + type: NodePort + selector: + app: openwhisk-controller + ports: + - port: 3233 + targetPort: 8080 + nodePort: 30233 +#--- +#apiVersion: v1 +#kind: Service +#metadata: +# namespace: nuvolaris +# name: playground +#spec: +# type: NodePort +# selector: +# app: controller +# ports: +# - port: 3232 +# targetPort: 3232 +# nodePort: 30232 +--- +apiVersion: v1 +kind: Service +metadata: + namespace: nuvolaris + name: debugger +spec: + type: NodePort + selector: + app: controller + ports: + - port: 7896 + targetPort: 7896 + nodePort: 30896 diff --git a/demos/demo-leanmode/openwhisk/controller-sts.yaml b/demos/demo-leanmode/openwhisk/controller-sts.yaml new file mode 100644 index 0000000..b10bb05 --- /dev/null +++ b/demos/demo-leanmode/openwhisk/controller-sts.yaml @@ -0,0 +1,272 @@ +--- +# Source: openwhisk/templates/controller-pod.yaml +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: openwhisk-controller + labels: + name: openwhisk-controller + app: openwhisk-controller +spec: + serviceName: openwhisk-controller-np + podManagementPolicy: "Parallel" + replicas: 1 + selector: + matchLabels: + name: openwhisk-controller + template: + metadata: + labels: + name: openwhisk-controller + app: openwhisk-controller + + spec: + serviceAccountName: openwhisk-core + restartPolicy: Always + + #initContainers: + # The controller must wait for kafka and/or couchdb to be ready before it starts + #- name: "wait-for-kafka" + # image: "openwhisk/ow-utils:ef725a6" + # imagePullPolicy: "IfNotPresent" + # command: ["sh", "-c", 'cacert="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"; token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"; while true; do rc=$(curl -sS --cacert $cacert --header "Authorization: Bearer $token" https://kubernetes.default.svc/api/v1/namespaces/nuvolaris/endpoints/openwhisk-kafka | jq -r ".subsets[].addresses | length"); echo "num ready kafka endpoints is $rc"; if [ $rc -gt 0 ]; then echo "Success: ready kafka endpoint!"; break; fi; echo "kafka not ready yet; sleeping for 3 seconds"; sleep 3; done;'] + #- name: "wait-for-couchdb" + # image: "busybox:latest" + # imagePullPolicy: "IfNotPresent" + # env: + # - name: "READINESS_URL" + # value: http://openwhisk-couchdb.nuvolaris.svc.cluster.local:5984/ow_kube_couchdb_initialized_marker + # command: ["sh", "-c", "while true; do echo 'checking CouchDB readiness'; wget -T 5 --spider $READINESS_URL --header=\"Authorization: Basic d2hpc2tfYWRtaW46c29tZV9wYXNzdzByZA==\"; result=$?; if [ $result -eq 0 ]; then echo 'Success: CouchDB is ready!'; break; fi; echo '...not ready yet; sleeping 3 seconds before retry'; sleep 3; done;"] + # The lean controller requires invoker volumes mounts + + + containers: + - name: controller + imagePullPolicy: "IfNotPresent" + image: "ghcr.io/nuvolaris/openwhisk-controller:0.3.0-morpheus.22122609" + command: ["/bin/bash", "-c", "/init.sh `hostname | awk -F '-' '{print $NF}'`"] + ports: + - name: controller + containerPort: 8080 + - name: axa-remoting + containerPort: 25520 + - name: axa-mgmt-http + containerPort: 19999 + livenessProbe: + httpGet: + path: "/ping" + port: 8080 + scheme: "HTTP" + initialDelaySeconds: 40 + periodSeconds: 10 + timeoutSeconds: 2 + readinessProbe: + httpGet: + path: "/ping" + port: 8080 + scheme: "HTTP" + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 10 + env: + + - name: "PORT" + value: "8080" + + - name: "TZ" + value: "UTC" + + - name: "POD_IP" + valueFrom: + fieldRef: + fieldPath: status.podIP + + #- name: "CONFIG_whisk_info_date" + # valueFrom: + # configMapKeyRef: + # name: openwhisk-whisk.config + # key: whisk_info_date + #- name: "CONFIG_whisk_info_buildNo" + # valueFrom: + # configMapKeyRef: + # name: openwhisk-whisk.config + # key: whisk_info_buildNo + + # Java options + - name: "JAVA_OPTS" + value: "-Xmx1024M " + + # specific controller arguments + - name: "CONTROLLER_OPTS" + value: " " + + # action runtimes + - name: "RUNTIMES_MANIFEST" + value: "{\n \"runtimes\": {\n \"nodejs\": [\n {\n \"kind\": \"nodejs:14\",\n \"default\": true,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-nodejs-v14\",\n \"tag\": \"1.20.0\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n },\n \"stemCells\": [\n {\n \"initialCount\": 2,\n \"memory\": \"256 MB\",\n \"reactive\": {\n \"minCount\": 1,\n \"maxCount\": 4,\n \"ttl\": \"2 minutes\",\n \"threshold\": 1,\n \"increment\": 1\n }\n }\n ]\n },\n {\n \"kind\": \"nodejs:16\",\n \"default\": false,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-nodejs-v16\",\n \"tag\": \"1.20.0\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n }\n ],\n \"python\": [\n {\n \"kind\": \"python:3\",\n \"default\": true,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-python-v3.7\",\n \"tag\": \"1.17.0\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n }\n ],\n \"swift\": [\n {\n \"kind\": \"swift:4.2\",\n \"default\": true,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-swift-v4.2\",\n \"tag\": \"1.17.0\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n },\n {\n \"kind\": \"swift:5.1\",\n \"default\": false,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-swift-v5.1\",\n \"tag\": \"1.17.0\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n },\n {\n \"kind\": \"swift:5.3\",\n \"default\": false,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-swift-v5.3\",\n \"tag\": \"1.17.0\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n },\n {\n \"kind\": \"swift:5.4\",\n \"default\": false,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-swift-v5.4\",\n \"tag\": \"1.17.0\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n }\n ],\n \"java\": [\n {\n \"kind\": \"java:8\",\n \"default\": true,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"java8action\",\n \"tag\": \"1.17.0\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"jarfile\",\n \"attachmentType\": \"application/java-archive\"\n },\n \"requireMain\": true\n }\n ],\n \"php\": [\n {\n \"kind\": \"php:7.3\",\n \"default\": false,\n \"deprecated\": false,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-php-v7.3\",\n \"tag\": \"1.17.0\"\n },\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n },\n {\n \"kind\": \"php:7.4\",\n \"default\": true,\n \"deprecated\": false,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-php-v7.4\",\n \"tag\": \"1.17.0\"\n },\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n },\n {\n \"kind\": \"php:8.0\",\n \"default\": false,\n \"deprecated\": false,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-php-v7.4\",\n \"tag\": \"1.17.0\"\n },\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n }\n ],\n \"ruby\": [\n {\n \"kind\": \"ruby:2.5\",\n \"default\": true,\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n },\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-ruby-v2.5\",\n \"tag\": \"1.17.0\"\n }\n }\n ],\n \"go\": [\n {\n \"kind\": \"go:1.17\",\n \"default\": true,\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n },\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-golang-v1.17\",\n \"tag\": \"1.20.0\"\n }\n }\n ],\n \"rust\": [\n {\n \"kind\": \"rust:1.34\",\n \"default\": true,\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n },\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-rust-v1.34\",\n \"tag\": \"1.3.0\"\n }\n }\n ],\n \"dotnet\": [\n {\n \"kind\": \"dotnet:2.2\",\n \"default\": true,\n \"deprecated\": false,\n \"requireMain\": true,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-dotnet-v2.2\",\n \"tag\": \"1.16.0\"\n },\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n },\n {\n \"kind\": \"dotnet:3.1\",\n \"default\": false,\n \"deprecated\": false,\n \"requireMain\": true,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-dotnet-v3.1\",\n \"tag\": \"1.16.0\"\n },\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n }\n ],\n \"ballerina\": [\n {\n \"kind\": \"ballerina:0.990\",\n \"default\": true,\n \"image\": {\n \"prefix\": \"openwhisk\",\n \"name\": \"action-ballerina-v0.990.2\",\n \"tag\": \"nightly\"\n },\n \"deprecated\": false,\n \"attached\": {\n \"attachmentName\": \"codefile\",\n \"attachmentType\": \"text/plain\"\n }\n }\n ]\n },\n \"blackboxes\": [\n {\n \"prefix\": \"openwhisk\",\n \"name\": \"dockerskeleton\",\n \"tag\": \"1.14.0\"\n }\n ]\n}\n" + + # Action limits + + - name: "CONFIG_whisk_info_date" + value: "01-01-2023" + + - name: "CONFIG_whisk_info_buildNo" + value: "development-unknown" + + # Required properties from Entitlement Provider used by the controller + - name: "LIMITS_ACTIONS_INVOKES_PERMINUTE" + value: "60" + - name: "LIMITS_ACTIONS_INVOKES_CONCURRENT" + value: "30" + - name: "LIMITS_TRIGGERS_FIRES_PERMINUTE" + value: "60" + - name: "LIMITS_ACTIONS_SEQUENCE_MAXLENGTH" + value: "50" + - name: "CONTROLLER_INSTANCES" + value: "1" + + - name: "CONFIG_whisk_timeLimit_min" + value: "100ms" + - name: "CONFIG_whisk_timeLimit_max" + value: "5m" + - name: "CONFIG_whisk_timeLimit_std" + value: "1m" + - name: "CONFIG_whisk_memory_min" + value: "128m" + - name: "CONFIG_whisk_memory_max" + value: "512m" + - name: "CONFIG_whisk_memory_std" + value: "256m" + - name: "CONFIG_whisk_concurrencyLimit_min" + value: "1" + - name: "CONFIG_whisk_concurrencyLimit_max" + value: "1" + - name: "CONFIG_whisk_concurrencyLimit_std" + value: "1" + - name: "CONFIG_whisk_logLimit_min" + value: "0m" + - name: "CONFIG_whisk_logLimit_max" + value: "10m" + - name: "CONFIG_whisk_logLimit_std" + value: "10m" + - name: "CONFIG_whisk_activation_payload_max" + value: "1048576" + + - name: "CONFIG_whisk_loadbalancer_blackboxFraction" + value: "10%" + + - name: "CONFIG_whisk_loadbalancer_timeoutFactor" + value: "2" + + # Kafka properties + #- name: "KAFKA_HOSTS" + # value: "kafka:9092" + # etcd properties + + # properties for DB connection + - name: "CONFIG_whisk_couchdb_username" + valueFrom: + secretKeyRef: + name: couchdb-auth + key: db_username + - name: "CONFIG_whisk_couchdb_password" + valueFrom: + secretKeyRef: + name: couchdb-auth + key: db_password + + - name: "CONFIG_whisk_couchdb_port" + value: "5984" + - name: "CONFIG_whisk_couchdb_protocol" + value: "http" + - name: "CONFIG_whisk_couchdb_host" + value: "couchdb" + - name: "CONFIG_whisk_couchdb_provider" + value: "CouchDB" + - name: "CONFIG_whisk_couchdb_databases_WhiskActivation" + value: "nuvolaris_activations" + - name: "CONFIG_whisk_couchdb_databases_WhiskEntity" + value: "nuvolaris_whisks" + - name: "CONFIG_whisk_couchdb_databases_WhiskAuth" + value: "nuvolaris_subjects" + + - name: "CONFIG_whisk_couchdb_controller_username" + value: "controller_admin" + - name: "CONFIG_whisk_couchdb_controller_password" + value: "s0meP@ass2" + + - name: "CONFIG_axa_cluster_seedNodes_0" + value: "axa://controller-actor-system@$(POD_IP):25520" + - name: "CONFIG_logback_log_level" + value: "INFO" + + # lean mode + - name: "CONFIG_whisk_spi_MessagingProvider" + value: "org.apache.openwhisk.connector.lean.LeanMessagingProvider" + + - name: "CONFIG_whisk_spi_LoadBalancerProvider" + value: "org.apache.openwhisk.core.loadBalancer.LeanBalancer" + + - name: "CONFIG_whisk_spi_ArtifactStoreProvider" + value: "org.apache.openwhisk.core.database.CouchDbStoreProvider" + + - name: "CONFIG_whisk_spi_ContainerFactoryProvider" + value: "org.apache.openwhisk.core.containerpool.kubernetes.KubernetesContainerFactoryProvider" + + - name: "CONFIG_whisk_spi_LogStoreProvider" + value: "org.apache.openwhisk.core.containerpool.logging.DockerToActivationLogStoreProvider" + + - name: "CONFIG_whisk_controller_protocol" + value: "http" + + - name: "CONFIG_whisk_controller_interface" + value: "0.0.0.0" + + - name: "CONFIG_whisk_kubernetes_timeouts_run" + value: "10 minute" + + - name: "CONFIG_whisk_kubernetes_timeouts_logs" + value: "1 minute" + + - name: "CONFIG_whisk_kubernetes_userPodNodeAffinity_enabled" + value: "false" + + - name: "CONFIG_whisk_kubernetes_portForwardingEnabled" + value: "false" + + - name: "CONFIG_whisk_kubernetes_actionNamespace" + value: "nuvolaris" + + - name: "CONFIG_whisk_helm_release" + value: "release" + + - name: "CONFIG_kamon_modules_statsdReporter_enabled" + value: "false" + + # Properties required by the LeanBalancer provider + - name: "WHISK_API_HOST_PROTO" + value: "http" + + - name: "WHISK_API_HOST_PORT" + value: "8080" + + - name: "WHISK_API_HOST_NAME" + value: "localhost" + + diff --git a/demos/demo-leanmode/tests/hello.js b/demos/demo-leanmode/tests/hello.js new file mode 100644 index 0000000..7ca6932 --- /dev/null +++ b/demos/demo-leanmode/tests/hello.js @@ -0,0 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +function main(args) { + return { "body": "hello" } +}