search

openfaas / faas

OpenFaaS - Serverless Functions Made Simple
https://www.openfaas.com
MIT License
25.03k stars 1.93k forks source link

Support: NIC management on running server ? #920

Closed MineMS49 closed 5 years ago

MineMS49 commented 5 years ago

Is it posible to manage all network interfaces and ports used by OpenFaas while running on a server ? By default OpenFaas register itself on each network interfaces using ports, like the :8080 for the UI or :9090 for Prometheus. For NIC management purposal it could be a great enhancement to add on the UI a new tab. Also a read me more detailed on technical aspect will really help in building infrastructure using OpenFaas.

Expected Behaviour

Another tab on the OpenFaas UI, or at least a configuration file to setup on which interface OpenFaas should be visible. The possibility to reload the configuration while the server is running.

Current Behaviour

At the moment OpenFaas is visible from every interfaces available. A solution proposed is to copy all files of OpenFaas and configure in differents configuration files to set the network then deploy this new version and delete the previous one, which is quite an heavy work to do.

Possible Solution

Add a configuration file based on the Docker functions as Kong is using. Use specific arguments when installing OpenFaas to specify which network interface to use.

Context

Trying to implement a FaaS infrastructure using OpenFaas and Docker for a scool project. The goal is to create a library of function available for students. A new UI will be add to manage users and permissions. Right now the server is running on a virtual machine with a bridge link, access on the school network. Only one interface should be accessed by OpenFaas and not every interfaces available. OpenFaas is called as backend function like in API structure. The project will certainly move from Docker Swarm to Docker Kubernetes when the team get more skilled on OpenFaas and Docker technologies.

Your Environment

ivanayov commented 5 years ago

Derek add label: proposal

alexellis commented 5 years ago

Hi @MineMS49 I'm not really sure what you're trying to do. If you want to run multiple OpenFaaS instances you can just change the port in the docker-compose.yml file and use a different stack name.

Ideally if you're hosting a multi-user environment you should look at something like OpenFaaS Cloud which is designed for your use-case (multi-user, single OpenFaaS)

Applications deployed on Kubernetes or Swarm have no control over how you configure your network interfaces, so you really need to come up with something that suits your own use-case here. You should be able to set which adapters/interfaces Docker binds to or at least Swarm is going to use too - this is a question for Docker, not for OpenFaaS.

I'm going to close the issue, but please do keep commenting.

Alex

MineMS49 commented 5 years ago

Hi, @alexellis thank you for this quick answer. What I'm trying to do is to plug 2 physicals network interfaces on one computer. The first will be reserved for users, here it's students, and the other one is reserved for backend and administration pruposal.

Only the security layer has to be accessed by users but OpenFaas right now re-write firewall rules using Docker commands to get access to every network. And it provides an access to functions ignoring firewall rules of the security layer.

My point is to get a file where we can manage network interfaces used by OpenFaas or the log of where the link between the function and the interface is created so that we can edit it. What would be perfect is another tab on the OpenFaas UI http://127.0.0.1:8080/ui which directly edit the files for us.