Update faas-provider to 0.13.1

**What**
- Update faas-provider to 0.13.1
- Udate the types configuration reading to use the standardized env
  parsing from faas-provider. Additionally replace BootstrapConfig with
  a SwarmConfig.  This embeds the standardized FaaSConfig so that it can
  be used in the function proxy.
- Remove unused config code and tests
- Add new dev.sh contrib file and new `start-dev` and `stop-dev` make
  commands to help standardized testing commands for local development
  and testing.  Prometheus configuration from `faas` project are also
  copied to enable to basic local development

This can be tested locally using

```
make build start-dev
echo -n localdev | faas-cli login --username=admin --password-stdin
faas-cli deploy  --fprocess=cat -e write_debug=true --image=functions/alpine --name echo-me
echo "test message" | faas-cli invoke echo-me
faas-cli log echo-me
```

Signed-off-by: Lucas Roesler <[email protected]>

Gopkg.toml

@@ -8,7 +8,7 @@
 
 [[constraint]]
   name = "github.com/openfaas/faas-provider"
-  version = "0.10.1"
+  version = "0.13.1"
 
 [[constraint]]
   name = "github.com/docker/go-units"

Makefile

@@ -7,6 +7,15 @@ build:
 test-unit:
 	go test -v $(go list ./... | grep -v /vendor/) -cover
 
+
+.PHONY: start-dev
+start-dev:
+	cd contrib && ./dev.sh
+
+.PHONY: stop-dev
+stop-dev:
+	docker stack rm func
+
 .PHONY: build-armhf
 build-armhf:
 	docker build --build-arg http_proxy="${http_proxy}" --build-arg https_proxy="${https_proxy}" -t openfaas/faas-swarm:$(TAG)-armhf . -f Dockerfile.armhf

contrib/dev.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+export BASIC_AUTH="true"
+export AUTH_URL="http://basic-auth-plugin:8080/validate"
+
+# Secrets should be created even if basic-auth is disabled.
+echo "Attempting to create credentials for gateway.."
+echo "admin" | docker secret create basic-auth-user -
+echo "localdev" | docker secret create basic-auth-password -
+
+
+docker stack deploy func --compose-file docker-compose.yml
+
+
+printf '%-15s:\t %s\n' 'Username' 'admin'
+printf '%-15s:\t %s\n' 'Password' 'localdev'
+printf '%-15s:\t %s\n' 'CLI Auth' 'echo -n localdev | faas-cli login --username=admin --password-stdin'

contrib/docker-compose.yml

@@ -0,0 +1,232 @@
+version: "3.3"
+services:
+    gateway:
+        ports:
+            - 8080:8080
+        image: openfaas/gateway:0.17.3
+        networks:
+            - functions
+        environment:
+            functions_provider_url: "http://faas-swarm:8080/"
+            read_timeout: "5m5s" # Maximum time to read HTTP request
+            write_timeout: "5m5s" # Maximum time to write HTTP response
+            upstream_timeout: "5m" # Maximum duration of upstream function call - should be more than read_timeout and write_timeout
+            dnsrr: "true" # Temporarily use dnsrr in place of VIP while issue persists on PWD
+            faas_nats_address: "nats"
+            faas_nats_port: 4222
+            direct_functions: "true" # Functions are invoked directly over the overlay network
+            direct_functions_suffix: ""
+            basic_auth: "${BASIC_AUTH:-true}"
+            secret_mount_path: "/run/secrets/"
+            scale_from_zero: "true" # Enable if you want functions to scale from 0/0 to min replica count upon invoke
+            max_idle_conns: 1024
+            max_idle_conns_per_host: 1024
+            auth_proxy_url: "${AUTH_URL:-}"
+            auth_proxy_pass_body: "false"
+        deploy:
+            resources:
+                # limits:   # Enable if you want to limit memory usage
+                #     memory: 200M
+                reservations:
+                    memory: 100M
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 20
+                window: 380s
+            placement:
+                constraints:
+                    - "node.platform.os == linux"
+        secrets:
+            - basic-auth-user
+            - basic-auth-password
+
+    # auth service provide basic-auth plugin for system APIs
+    basic-auth-plugin:
+        image: openfaas/basic-auth-plugin:0.17.0
+        networks:
+            - functions
+        environment:
+            secret_mount_path: "/run/secrets/"
+            user_filename: "basic-auth-user"
+            pass_filename: "basic-auth-password"
+        deploy:
+            placement:
+                constraints:
+                    - "node.role == manager"
+                    - "node.platform.os == linux"
+            resources:
+                # limits:   # Enable if you want to limit memory usage
+                #     memory: 100M
+                reservations:
+                    memory: 50M
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 20
+                window: 380s
+        secrets:
+            - basic-auth-user
+            - basic-auth-password
+
+    # Docker Swarm provider
+    faas-swarm:
+        volumes:
+            - "/var/run/docker.sock:/var/run/docker.sock"
+        image: openfaas/faas-swarm:latest-dev
+        networks:
+            - functions
+        environment:
+            read_timeout: "5m5s" # set both here, and on your functions
+            write_timeout: "5m5s" # set both here, and on your functions
+            DOCKER_API_VERSION: "1.30"
+            basic_auth: "${BASIC_AUTH:-true}"
+            secret_mount_path: "/run/secrets/"
+        deploy:
+            placement:
+                constraints:
+                    - "node.role == manager"
+                    - "node.platform.os == linux"
+            resources:
+                # limits:   # Enable if you want to limit memory usage
+                #     memory: 100M
+                reservations:
+                    memory: 100M
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 20
+                window: 380s
+        secrets:
+            - basic-auth-user
+            - basic-auth-password
+
+    nats:
+        image: nats-streaming:0.11.2
+        # Uncomment the following port mappings if you wish to expose the
+        # NATS client and/or management ports you must also add `-m 8222` to the command
+        # ports:
+        #     - 4222:4222
+        #     - 8222:8222
+        command: "--store memory --cluster_id faas-cluster"
+        networks:
+            - functions
+        deploy:
+            resources:
+                limits:
+                    memory: 125M
+                reservations:
+                    memory: 50M
+            placement:
+                constraints:
+                    - "node.platform.os == linux"
+
+    queue-worker:
+        image: openfaas/queue-worker:0.8.0
+        networks:
+            - functions
+        environment:
+            max_inflight: "1"
+            ack_wait: "5m5s" # Max duration of any async task / request
+            basic_auth: "${BASIC_AUTH:-true}"
+            secret_mount_path: "/run/secrets/"
+            gateway_invoke: "true"
+            faas_gateway_address: "gateway"
+        deploy:
+            resources:
+                limits:
+                    memory: 50M
+                reservations:
+                    memory: 20M
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 20
+                window: 380s
+            placement:
+                constraints:
+                    - "node.platform.os == linux"
+        secrets:
+            - basic-auth-user
+            - basic-auth-password
+
+    # End services
+
+    # Start monitoring
+
+    prometheus:
+        image: prom/prometheus:v2.11.0
+        environment:
+            no_proxy: "gateway"
+        configs:
+            - source: prometheus_config
+              target: /etc/prometheus/prometheus.yml
+            - source: prometheus_rules
+              target: /etc/prometheus/alert.rules.yml
+        command:
+            - "--config.file=/etc/prometheus/prometheus.yml"
+        #   - '-storage.local.path=/prometheus'
+        ports:
+            - 9090:9090
+        networks:
+            - functions
+        deploy:
+            placement:
+                constraints:
+                    - "node.role == manager"
+                    - "node.platform.os == linux"
+            resources:
+                limits:
+                    memory: 500M
+                reservations:
+                    memory: 200M
+
+    alertmanager:
+        image: prom/alertmanager:v0.18.0
+        environment:
+            no_proxy: "gateway"
+        command:
+            - "--config.file=/alertmanager.yml"
+            - "--storage.path=/alertmanager"
+        networks:
+            - functions
+        # Uncomment the following port mapping if you wish to expose the Prometheus
+        # Alertmanager UI.
+        # ports:
+        #     - 9093:9093
+        deploy:
+            resources:
+                limits:
+                    memory: 50M
+                reservations:
+                    memory: 20M
+            placement:
+                constraints:
+                    - "node.role == manager"
+                    - "node.platform.os == linux"
+        configs:
+            - source: alertmanager_config
+              target: /alertmanager.yml
+        secrets:
+            - basic-auth-password
+
+configs:
+    prometheus_config:
+        file: ./prometheus/prometheus.yml
+    prometheus_rules:
+        file: ./prometheus/alert.rules.yml
+    alertmanager_config:
+        file: ./prometheus/alertmanager.yml
+
+networks:
+    functions:
+        driver: overlay
+        attachable: true
+        labels:
+            - "openfaas=true"
+
+secrets:
+    basic-auth-user:
+        external: true
+    basic-auth-password:
+        external: true

contrib/prometheus/alert.rules.yml

@@ -0,0 +1,14 @@
+groups:
+- name: prometheus/alert.rules
+  rules:
+  - alert: service_down
+    expr: up == 0
+  - alert: APIHighInvocationRate
+    expr: sum(rate(gateway_function_invocation_total{code="200"}[10s])) BY (function_name) > 5
+    for: 5s
+    labels:
+      service: gateway
+      severity: major
+    annotations:
+      description: High invocation total on {{ $labels.function_name }}
+      summary: High invocation total on {{ $labels.function_name }}

contrib/prometheus/alertmanager.yml

@@ -0,0 +1,26 @@
+route:
+  group_by: ['alertname', 'cluster', 'service']
+  group_wait: 5s
+  group_interval: 10s
+  repeat_interval: 30s
+  receiver: scale-up
+  routes:
+  - match:
+      service: gateway
+      receiver: scale-up
+      severity: major
+inhibit_rules:
+- source_match:
+    severity: 'critical'
+  target_match:
+    severity: 'warning'
+  equal: ['alertname', 'cluster', 'service']
+receivers:
+- name: 'scale-up'
+  webhook_configs:
+    - url: http://gateway:8080/system/alert
+      send_resolved: true
+      http_config:
+            basic_auth:
+              username: admin
+              password_file: /run/secrets/basic-auth-password

contrib/prometheus/prometheus.yml

@@ -0,0 +1,43 @@
+# my global config
+global:
+  scrape_interval:     15s # By default, scrape targets every 15 seconds.
+  evaluation_interval: 15s # By default, scrape targets every 15 seconds.
+  # scrape_timeout is set to the global default (10s).
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  external_labels:
+      monitor: 'faas-monitor'
+
+# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
+rule_files:
+    - 'alert.rules.yml'
+
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: 'prometheus'
+
+    # Override the global default and scrape targets from this job every 5 seconds.
+    scrape_interval: 5s
+
+    # metrics_path defaults to '/metrics'
+    # scheme defaults to 'http'.
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: "gateway"
+    scrape_interval: 5s
+    dns_sd_configs:
+      - names: ['tasks.gateway']
+        port: 8082
+        type: A
+        refresh_interval: 5s
+
+alerting:
+  alertmanagers:
+  - static_configs:
+    - targets:
+      - alertmanager:9093