OpenFaaS CE and with minkube（Custom Functions）

hoyii commented 1 month ago

Steps to Reproduce (for bugs)

Deploy minikube and openfaas. References:

Create any custom OpenFaaS function with image "my_username"/my-function-1:latest and run:

faas-cli up -f OpenFaas.yml

Expected Behaviour

Successful deployment

Current Behaviour

Unexpected status: 400, message: the Community Edition license agreement only supports public images

Why is this needed?

local development

Who is this for?

OpenFaaS Community

Your Environment

Ubuntu 18.04 (WSL2)
Docker version:27.2.0
kubernetes version: v1.31.0
Operating System and version:WIN11

(base) hoyi@hoyi:~/projects/openfaas/mailme$ faas version
  ___                   _____           ____
 / _ \ _ __   ___ _ __ |  ___|_ _  __ _/ ___|
| | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \
| |_| | |_) |  __/ | | |  _| (_| | (_| |___) |
 \___/| .__/ \___|_| |_|_|  \__,_|\__,_|____/
      |_|

CLI:
 commit:  f509dd3f73131d77e8bf885fb299580172cd37d5
 version: 0.16.34
Handling connection for 8080

Gateway
 uri:     http://127.0.0.1:8080
 version: 0.27.9
 sha:     4e80b96d19a2b23855c2ed55afb2632179f3d2e7

Provider
 name:          faas-netes-ce
 orchestration: kubernetes
 version:       0.18.9 
 sha:           294f3bc1f74dcbe4a47008d95b96de0f05627b79

add

I uploaded and published my image to DockerHub, so it shouldn’t be a non-public image.

alexellis commented 1 month ago

Hi @hoyii

We've tested this extensively, and it works as described.

Public images work fine with OpenFaaS CE for personal use and for commercial evaluation purposes only.

Check your image is reachable and public:

arkade get crane

# Ensure you don't have a credential cached:
docker logout
docker logout docker.io

crane manifest docker.io/user/image:tag

If that crane command returns an error it means your image is private. You can of course check on the Docker Hub.

Are you also sure you've pushed the image remotely with faas-cli push or faas-cli up? That's a very common mistake for beginners.

Alex

hoyii commented 1 month ago

Thanks for your response.alex

1. This is the command I executed as you requested, you can see that the image is public:

(base) hoyi@hoyi:~$ docker logout
Removing login credentials for https://index.docker.io/v1/
(base) hoyi@hoyi:~$ docker logout docker.io
Not logged in to docker.io
(base) hoyi@hoyi:~$ arkade get crane
Downloading: crane
2024/09/19 15:57:51 Looking up version for crane
2024/09/19 15:57:52 Found: v0.20.2
Downloading: https://github.com/google/go-containerregistry/releases/download/v0.20.2/go-containerregistry_Linux_x86_64.tar.gz
13.26 MiB / 13.26 MiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00%/tmp/arkade-1007796888/go-containerregistry_Linux_x86_64.tar.gz written.
2024/09/19 15:57:55 Extracted: /tmp/arkade-1007796888/crane
2024/09/19 15:57:55 Copying /tmp/arkade-1007796888/crane to /home/hoyi/.arkade/bin/crane

Wrote: /home/hoyi/.arkade/bin/crane (10.08MB)

# Add arkade binary directory to your PATH variable
export PATH=$PATH:$HOME/.arkade/bin/

# Test the binary:
/home/hoyi/.arkade/bin/crane

# Or install with:
sudo mv /home/hoyi/.arkade/bin/crane /usr/local/bin/

� Say thanks for arkade and sponsor Alex via GitHub: https://github.com/sponsors/alexellis
(base) hoyi@hoyi:~$ crane manifest docker.io/hoyi999/mailme:latest
crane: command not found
(base) hoyi@hoyi:~$ export PATH=$PATH:$HOME/.arkade/bin/
(base) hoyi@hoyi:~$ crane manifest docker.io/hoyi999/mailme:latest
2024/09/19 15:58:42 retrying read tcp 172.24.12.162:39210->54.196.99.49:443: read: connection reset by peer
2024/09/19 15:58:42 retrying read tcp 172.24.12.162:51730->3.219.239.5:443: read: connection reset by peer
2024/09/19 15:58:43 retrying read tcp 172.24.12.162:51746->3.219.239.5:443: read: connection reset by peer
Error: fetching manifest docker.io/hoyi999/mailme:latest: Get "https://index.docker.io/v2/": read tcp 172.24.12.162:51746->3.219.239.5:443: read: connection reset by peer
(base) hoyi@hoyi:~$ source ~/proxy.sh
(base) hoyi@hoyi:~$ crane manifest docker.io/hoyi999/mailme:latest
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 11242,
      "digest": "sha256:16af0afe537e485b2f2198e57075af96b40fb0f9942018a2cf7c504e0367b91d"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3623807,
         "digest": "sha256:43c4264eed91be63b206e17d93e75256a6097070ce643c5e8f0379998b44f170"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 455109,
         "digest": "sha256:4d1b2996acac58169c18ba719d42998aa4b442df13bb152adcf283a7b04cbc47"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 13183529,
         "digest": "sha256:b3125c671f196ee15f66b7dc1aae1648c66a83dd4ec5cb7fd63298281fedfb79"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 247,
         "digest": "sha256:c72d76b06fd354eb4d77bfb99f001c9197bb10bfae5727de92864e536e3f9907"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3403462,
         "digest": "sha256:a497419480c7610342e63be297e5132b84af93ab0e092f5e278c8ae3576c5e1d"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3403462,
         "digest": "sha256:a497419480c7610342e63be297e5132b84af93ab0e092f5e278c8ae3576c5e1d"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 31041,
         "digest": "sha256:d2b9a63a1abdcab894a5024ef08a405f117ed9224ba1c76f6358b142e99b1975"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 958,
         "digest": "sha256:41db395fd0e491f555d94125cc1bdccece2b547228b50473b499eda5659f98fe"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 469,
         "digest": "sha256:502b91d175a4ff40ed248d7c8348cbeeb9f9ddbe4ed57665df15a3a67428180b"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 166,
         "digest": "sha256:e14aad11a5e1c4a5555604b90eaa53848183f98cce33d41035f407515b877738"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 523,
         "digest": "sha256:ec5d170b5e8aacbc0a380587628cdf30cd1e1598077f25916053bc3b4dc17a3f"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 36108,
         "digest": "sha256:1b199378b0196738af51083a3b77e942eb7899a8bc0cb07b70ee3762ae29420f"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 146,
         "digest": "sha256:3116734f7f9fc11599a3cda3e6bbaa27a2a793eb4da12ed8471ba8e170e93e3f"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 181,
         "digest": "sha256:6419c0b5cdc8e916721f5fc6b8099895fb94d512e857547613f293b941f93743"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 191,
         "digest": "sha256:cf11bab142dce76c3057b2ccee9157bcf463be9ec6897553679a1690ef5bf8ef"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 92,
         "digest": "sha256:4ebe51044e0b4ef09eaf95a6b36b35275c1268b5fdf08d0f1b50324dd918a536"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 311,
         "digest": "sha256:b3436ef878f56534070a18685a4136fa6bdffbfa65ce123fba659c2b3a631c48"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 36712,
         "digest": "sha256:a1cffc8ff827cd84d8650f0523ec6f672dfc43c6681bcde63314ac6a7f7611b3"
      }
   ]
}

2. I made sure I pushed the image using faas-cli up . This is the command execution process:

(base) hoyi@hoyi:~/projects/openfaas/mailme$ faas up -f mailme.yml
[0] > Building mailme.
Building: hoyi999/mailme:latest with python3 template. Please wait..
2024/09/19 16:06:45 Build flags: [build --tag hoyi999/mailme:latest .]
Sending build context to Docker daemon  9.216kB
Step 1/32 : ARG PYTHON_VERSION=3
Step 2/32 : FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 AS watchdog
 ---> 13f4a510436c
Step 3/32 : FROM --platform=${TARGETPLATFORM:-linux/amd64} python:${PYTHON_VERSION}-alpine
 ---> 6b6778b6dd42
Step 4/32 : ARG TARGETPLATFORM
 ---> Using cache
 ---> beeecf97da24
Step 5/32 : ARG BUILDPLATFORM
 ---> Using cache
 ---> 6407a2d6a1de
Step 6/32 : ARG ADDITIONAL_PACKAGE
 ---> Using cache
 ---> 4b9f37f5eec8
Step 7/32 : COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
 ---> Using cache
 ---> b9cf46ab4660
Step 8/32 : RUN chmod +x /usr/bin/fwatchdog
 ---> Using cache
 ---> df09a341090f
Step 9/32 : RUN apk --no-cache add ca-certificates ${ADDITIONAL_PACKAGE}
 ---> Using cache
 ---> 7ecceac6a2fc
Step 10/32 : RUN addgroup -S app && adduser app -S -G app
 ---> Using cache
 ---> 74276eb02ac0
Step 11/32 : WORKDIR /home/app/
 ---> Using cache
 ---> 23cb1700bf2d
Step 12/32 : COPY index.py           .
 ---> Using cache
 ---> e35600b4cb36
Step 13/32 : COPY requirements.txt   .
 ---> Using cache
 ---> fafa144c241d
Step 14/32 : RUN chown -R app /home/app &&   mkdir -p /home/app/python && chown -R app /home/app
 ---> Using cache
 ---> 5dcc3ada2b9e
Step 15/32 : USER app
 ---> Using cache
 ---> 437ffdbaf88d
Step 16/32 : ENV PATH=$PATH:/home/app/.local/bin:/home/app/python/bin/
 ---> Using cache
 ---> 2adcdc4aafd9
Step 17/32 : ENV PYTHONPATH=$PYTHONPATH:/home/app/python
 ---> Using cache
 ---> 3786be54f6b0
Step 18/32 : RUN pip install -r requirements.txt --target=/home/app/python
 ---> Using cache
 ---> 45667ff73118
Step 19/32 : RUN mkdir -p function
 ---> Using cache
 ---> 5ca190dc0c3a
Step 20/32 : RUN touch ./function/__init__.py
 ---> Using cache
 ---> f745c3f00f5a
Step 21/32 : WORKDIR /home/app/function/
 ---> Using cache
 ---> c710b37871fd
Step 22/32 : COPY function/requirements.txt     .
 ---> Using cache
 ---> 604b74617072
Step 23/32 : RUN pip install -r requirements.txt --target=/home/app/python
 ---> Using cache
 ---> e2941bd315c0
Step 24/32 : WORKDIR /home/app/
 ---> Using cache
 ---> dc1f2e080573
Step 25/32 : USER root
 ---> Using cache
 ---> 2dcb7f6e9533
Step 26/32 : COPY function           function
 ---> Using cache
 ---> 87ee3069a46d
Step 27/32 : RUN chown -R app:app ./ &&   chmod -R 777 /home/app/python
 ---> Using cache
 ---> 297f0eed9c01
Step 28/32 : USER app
 ---> Using cache
 ---> df65ddce572c
Step 29/32 : ENV fprocess="python3 index.py"
 ---> Using cache
 ---> 5cc8fb550a88
Step 30/32 : EXPOSE 8080
 ---> Using cache
 ---> aca37d83ad28
Step 31/32 : HEALTHCHECK --interval=3s CMD [ -e /tmp/.lock ] || exit 1
 ---> Using cache
 ---> 26c99e805d3d
Step 32/32 : CMD ["fwatchdog"]
 ---> Using cache
 ---> 16af0afe537e
Successfully built 16af0afe537e
Successfully tagged hoyi999/mailme:latest
Image: hoyi999/mailme:latest built.
[0] < Building mailme done in 0.11s.
[0] Worker done.

Total build time: 0.11s
[0] > Pushing mailme [hoyi999/mailme:latest]
The push refers to repository [docker.io/hoyi999/mailme]
aebbd4d22b28: Preparing 
69032e0ff202: Layer already exists 
3f2d2b3389cd: Layer already exists 
4d170c2e20d3: Layer already exists 
5e9fc97a4c8d: Layer already exists 
b968c76c4d03: Layer already exists 
4442f90b4fd8: Layer already exists 
a3ad7aacfd39: Layer already exists 
a03e08e61fd1: Layer already exists 
7f8c3e5da961: Layer already exists 
b613df9f05d2: Layer already exists 
ec1152e116c2: Layer already exists 
bc8d07fb0744: Layer already exists 
7a80f359947c: Layer already exists 
52545e7d15bc: Layer already exists 
5d5e58983163: Layer already exists 
63ca1fbb43ae: Layer already exists 
latest: digest: sha256:ef73dde4a6ed59d9cf1c98eb1c8042a2040f217380c0b48466a459c983ae6c35 size: 4069
[0] < Pushing mailme [hoyi999/mailme:latest] done.
[0] Worker done.
Deploying: mailme.

Unexpected status: 400, message: the Community Edition license agreement only supports public images

Function 'mailme' failed to deploy with status code: 400

3. This is my yml:

version: 1.0
provider:
  name: openfaas
  gateway: http://127.0.0.1:8080
functions:
  mailme:
    lang: python3
    handler: ./mailme
    image: hoyi999/mailme:latest

hoyii commented 1 month ago

@alexellis

hoyii commented 1 month ago

What confuses me is that I don't know where to look in the error logs, because the error message returned is so simple... Here are the logs I checked in the gateway:

(base) hoyi@hoyi:~/projects/openfaas/mailme$ faas deploy -f mailme.yml 
Deploying: mailme.

Unexpected status: 400, message: the Community Edition license agreement only supports public images

Function 'mailme' failed to deploy with status code: 400
(base) hoyi@hoyi:~/projects/openfaas/mailme$ kubectl logs gateway-67c89cf5b-dcfb8 -n openfaas
2024/09/19 08:16:06 Forwarded [GET] to /healthz - [200] - 0.0006s
2024/09/19 08:16:06 Forwarded [GET] to /healthz - [200] - 0.0006s
2024/09/19 08:16:11 Forwarded [GET] to /healthz - [200] - 0.0006s
2024/09/19 08:16:11 Forwarded [GET] to /healthz - [200] - 0.0008s
2024/09/19 08:16:13 Forwarded [PUT] to /system/functions - [404] - 0.0042s
2024/09/19 08:16:14 Forwarded [POST] to /system/functions - [400] - 0.9253s
2024/09/19 08:16:16 Forwarded [GET] to /healthz - [200] - 0.0005s
2024/09/19 08:16:16 Forwarded [GET] to /healthz - [200] - 0.0005s
2024/09/19 08:16:21 Forwarded [GET] to /healthz - [200] - 0.0005s
2024/09/19 08:16:21 Forwarded [GET] to /healthz - [200] - 0.0006s

rgee0 commented 1 month ago

Image is public so I would be checking the networking / routing next

Notable that the crane command couldn't reach DockerHub until proxy.sh was sourced.

hoyii commented 1 month ago

Thanks for your response.You are right.I guess it may be network problem.Can you tell me some idea for setting proxy? I don't know if it's a problem with k8s or openfaas. @rgee0

alexellis commented 1 month ago

It looks like you do have a networking problem:

2024/09/19 15:58:42 retrying read tcp 172.24.12.162:39210->54.196.99.49:443: read: connection reset by peer
2024/09/19 15:58:42 retrying read tcp 172.24.12.162:51730->3.219.239.5:443: read: connection reset by peer
2024/09/19 15:58:43 retrying read tcp 172.24.12.162:51746->3.219.239.5:443: read: connection reset by peer

Could you try out ttl.sh as an alternative registry, or one that's run by an ISP within your own country?

One other thing you could do is to explore faasd, or fasad pro, which gives you access to private images and repositories.

https://github.com/openfaas/faasd?tab=readme-ov-file#deploy-faasd-pro

openfaas / faas-netes