Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 13. Configuring functions
13.1. Accessing secrets and config maps from functions using CLI
After you deploy functions to the cluster, they can access data in secrets and config maps. Mount this data as volumes or assign it to environment variables. Configure this access by using the Knative CLI or by editing the function configuration YAML file.
13.1.1. Modifying function access to secrets and config maps interactively
You can use the kn func config interactive utility to manage the secrets and config maps that your function accesses. You can list, add, and remove values stored as environment variables, and list, add, and remove volumes. Control which cluster data your function can access.
To access secrets and config maps, deploy the function on the cluster. A function running locally cannot access them.
If the function cannot access a secret or config map value, the deployment fails and reports the inaccessible values.
Prerequisites
- You have installed the OpenShift Serverless Operator and Knative Serving on the cluster.
-
You have installed the Knative (
kn) CLI. - You have created a function.
Procedure
Run the following command in the function project directory:
$ kn func configYou can also specify the function project directory by using the
--pathor-poption.Use the interactive interface to perform the necessary operation. For example, using the utility to list configured volumes produces an output similar to this:
$ kn func config ? What do you want to configure? Volumes ? What operation do you want to perform? List Configured Volumes mounts: - Secret "mysecret" mounted at path: "/workspace/secret" - Secret "mysecret2" mounted at path: "/workspace/secret2"This scheme shows all operations available in the interactive utility and how to go to them:
kn func config ├─> Environment variables │ ├─> Add │ │ ├─> ConfigMap: Add all key-value pairs from a config map │ │ ├─> ConfigMap: Add value from a key in a config map │ │ ├─> Secret: Add all key-value pairs from a secret │ │ └─> Secret: Add value from a key in a secret │ ├─> List: List all configured environment variables │ └─> Remove: Remove a configured environment variable └─> Volumes ├─> Add │ ├─> ConfigMap: Mount a config map as a volume │ └─> Secret: Mount a secret as a volume ├─> List: List all configured volumes └─> Remove: Remove a configured volumeOptional: Deploy the function to make the changes take effect:
$ kn func deploy -p test
13.1.2. Modifying function access to secrets and config maps interactively by using specialized commands
Every time you run the kn func config utility, you need to go to the entire dialogue to select the operation you need, as shown in the earlier section. To save steps, you can directly run a specific operation by running a more specific form of the kn func config command:
To list configured environment variables:
$ kn func config envs [-p <function_project_path>]To add environment variables to the function configuration:
$ kn func config envs add [-p <function_project_path>]To remove environment variables from the function configuration:
$ kn func config envs remove [-p <function_project_path>]To list configured volumes:
$ kn func config volumes [-p <function_project_path>]To add a volume to the function configuration:
$ kn func config volumes add [-p <function_project_path>]To remove a volume from the function configuration:
$ kn func config volumes remove [-p <function_project_path>]
13.2. Configuring your function project using the func.yaml file
The func.yaml file has the configuration for your function project. The kn func command uses the values in func.yaml. For example, when you run kn func build, the command uses the value in the build field. You can override these values with command-line flags or environment variables.
13.2.1. Referencing local environment variables from func.yaml fields
If you want to avoid storing sensitive information such as an API key in the function configuration, you can add a reference to an environment variable available in the local environment. You can do this by modifying the envs field in the func.yaml file.
Prerequisites
- You need to have the function project created.
- The local environment needs to contain the variable that you want to reference.
Procedure
To refer to a local environment variable, use the following syntax:
{{ env:ENV_VAR }}Substitute
ENV_VARwith the name of the variable in the local environment that you want to use.For example, you might have the
API_KEYvariable available in the local environment. You can assign its value to theMY_API_KEYvariable, which you can then directly use within your function:You get an output similar to the following example:
name: test namespace: "" runtime: go ... envs: - name: MY_API_KEY value: '{{ env:API_KEY }}' ...
13.2.2. Adding annotations to functions
You can add Kubernetes annotations to a deployed Serverless function. Use annotations to attach arbitrary metadata to a function, for example, a note about the function’s purpose. Add annotations to the annotations section of the func.yaml configuration file.
The function annotation feature has the following limitations:
-
After an annotation propagates to the corresponding Knative service on the cluster, you cannot remove it from the service by deleting it from the
func.yamlfile. Remove the annotation by modifying the Knative service YAML directly or by using the OpenShift Container Platform web console. -
You cannot set annotations that
Knativesets, for example, the autoscaling annotations.
13.2.3. Adding annotations to a function
You can add annotations to a function. Similar to labels, annotations use a key-value map. Annotations are useful, for example, for providing metadata about a function, such as the function’s author.
Prerequisites
- You have installed the OpenShift Serverless Operator and Knative Serving on the cluster.
-
You have installed the Knative (
kn) CLI. - You have created a function.
Procedure
-
Open the
func.yamlfile for your function. For every annotation that you want to add, add the following YAML to the
annotationssection:name: test namespace: "" runtime: go ... annotations: <annotation_name>: "<annotation_value>"1 - 1
- Substitute
<annotation_name>: "<annotation_value>"with your annotation.
For example, to indicate that Alice authored the function, include the following annotation:
name: test namespace: "" runtime: go ... annotations: author: "alice@example.com"- Save the configuration.
The next time you deploy the function to the cluster, the system adds the annotations to the corresponding Knative service.
13.3. Adding function access to secrets and config maps manually
You can manually add configuration for accessing secrets and config maps to your function. This might be preferable to using the kn func config interactive utility and commands, for example when you have an existing configuration snippet.
13.3.1. Mounting a secret as a volume
You can mount a secret as a volume. After you mount it, access it from the function as a regular file. Store data on the cluster that the function needs, for example, a list of URIs that the function accesses.
Prerequisites
- You have installed the OpenShift Serverless Operator and Knative Serving on the cluster.
-
You have installed the Knative (
kn) CLI. - You have created a function.
Procedure
-
Open the
func.yamlfile for your function. For each secret you want to mount as a volume, add the following YAML to the
volumessection:name: test namespace: "" runtime: go ... volumes: - secret: mysecret path: /workspace/secret-
Substitute
mysecretwith the name of the target secret. Substitute
/workspace/secretwith the path where you want to mount the secret.For example, to mount the
addressessecret, use the following YAML:name: test namespace: "" runtime: go ... volumes: - configMap: addresses path: /workspace/secret-addresses
-
Substitute
- Save the configuration.
13.3.2. Mounting a config map as a volume
You can mount a config map as a volume. After you mount it, access it from the function as a regular file. Store data on the cluster that the function needs, for example, a list of URIs that the function accesses.
Prerequisites
- You have installed the OpenShift Serverless Operator and Knative Serving on the cluster.
-
You have installed the Knative (
kn) CLI. - You have created a function.
Procedure
-
Open the
func.yamlfile for your function. For each config map you want to mount as a volume, add the following YAML to the
volumessection:name: test namespace: "" runtime: go ... volumes: - configMap: myconfigmap path: /workspace/configmap-
Substitute
myconfigmapwith the name of the target config map. Substitute
/workspace/configmapwith the path where you want to mount the config map.For example, to mount the
addressesconfig map, use the following YAML:name: test namespace: "" runtime: go ... volumes: - configMap: addresses path: /workspace/configmap-addresses
-
Substitute
- Save the configuration.
13.3.3. Setting environment variable from a key value defined in a secret
You can set an environment variable from a key value defined as a secret. A value previously stored in a secret can then be accessed as an environment variable by the function at runtime. This can be useful for getting access to a value stored in a secret, such as the ID of a user.
Prerequisites
- You have installed the OpenShift Serverless Operator and Knative Serving on the cluster.
-
You have installed the Knative (
kn) CLI. - You have created a function.
Procedure
-
Open the
func.yamlfile for your function. For each value from a secret key-value pair that you want to assign to an environment variable, add the following YAML to the
envssection:name: test namespace: "" runtime: go ... envs: - name: EXAMPLE value: '{{ secret:mysecret:key }}'-
Substitute
EXAMPLEwith the name of the environment variable. -
Substitute
mysecretwith the name of the target secret. Substitute
keywith the key mapped to the target value.For example, to access the user ID that is stored in
userdetailssecret, use the following YAML:name: test namespace: "" runtime: go ... envs: - value: '{{ configMap:userdetailssecret:userid }}'
-
Substitute
- Save the configuration.
13.3.4. Setting environment variable from a key value defined in a config map
You can set an environment variable from a key value defined as a config map. A value previously stored in a config map can then be accessed as an environment variable by the function at runtime. This can be useful for getting access to a value stored in a config map, such as the ID of a user.
Prerequisites
- You have installed the OpenShift Serverless Operator and Knative Serving on the cluster.
-
You have installed the Knative (
kn) CLI. - You have created a function.
Procedure
-
Open the
func.yamlfile for your function. For each value from a config map key-value pair that you want to assign to an environment variable, add the following YAML to the
envssection:name: test namespace: "" runtime: go ... envs: - name: EXAMPLE value: '{{ configMap:myconfigmap:key }}'-
Substitute
EXAMPLEwith the name of the environment variable. -
Substitute
myconfigmapwith the name of the target config map. Substitute
keywith the key mapped to the target value.For example, to access the user ID that is stored in
userdetailsmap, use the following YAML:name: test namespace: "" runtime: go ... envs: - value: '{{ configMap:userdetailsmap:userid }}'
-
Substitute
- Save the configuration.
13.3.5. Setting environment variables from all values defined in a secret
You can set an environment variable from all values defined in a secret. Values previously stored in a secret can then be accessed as environment variables by the function at runtime. This can be useful for simultaneously getting access to a collection of values stored in a secret, for example, a set of data pertaining to a user.
Prerequisites
- You have installed the OpenShift Serverless Operator and Knative Serving on the cluster.
-
You have installed the Knative (
kn) CLI. - You have created a function.
Procedure
-
Open the
func.yamlfile for your function. For every secret for which you want to import all key-value pairs as environment variables, add the following YAML to the
envssection:name: test namespace: "" runtime: go ... envs: - value: '{{ secret:mysecret }}'1 - 1
- Substitute
mysecretwith the name of the target secret.
For example, to access all user data that is stored in
userdetailssecret, use the following YAML:name: test namespace: "" runtime: go ... envs: - value: '{{ configMap:userdetailssecret }}'- Save the configuration.
13.3.6. Setting environment variables from all values defined in a config map
You can set an environment variable from all values defined in a config map. Values previously stored in a config map can then be accessed as environment variables by the function at runtime. This can be useful for simultaneously getting access to a collection of values stored in a config map, for example, a set of data pertaining to a user.
Prerequisites
- You have installed the OpenShift Serverless Operator and Knative Serving on the cluster.
-
You have installed the Knative (
kn) CLI. - You have created a function.
Procedure
-
Open the
func.yamlfile for your function. For every config map for which you want to import all key-value pairs as environment variables, add the following YAML to the
envssection:name: test namespace: "" runtime: go ... envs: - value: '{{ configMap:myconfigmap }}'Substitute
myconfigmapwith the name of the target config map.For example, to access all user data that is stored in
userdetailsmap, use the following YAML:name: test namespace: "" runtime: go ... envs: - value: '{{ configMap:userdetailsmap }}'- Save the file.
13.4. Configurable fields in func.yaml
You can configure some of the func.yaml fields.
13.4.1. Configurable fields in func.yaml
Many of the fields in func.yaml are generated automatically when you create, build, and deploy your function. However, there are also fields that you change manually to change things, such as the function name or the image name.
13.4.1.1. buildEnvs
You can use the buildEnvs field to set environment variables for the build environment. Variables that you set by using buildEnvs are not available during function runtime, unlike variables set by using envs.
You can set a buildEnv variable directly from a value. In the following example, the buildEnv variable named EXAMPLE1 is directly assigned the one value:
buildEnvs:
- name: EXAMPLE1
value: one
You can also set a buildEnv variable from a local environment variable. In the following example, the buildEnv variable named EXAMPLE2 is assigned the value of the LOCAL_ENV_VAR local environment variable:
buildEnvs:
- name: EXAMPLE1
value: '{{ env:LOCAL_ENV_VAR }}'13.4.1.2. envs
The envs field enables you to set environment variables to be available to your function at runtime. You can set an environment variable in several different ways:
- Directly from a value.
- From a value assigned to a local environment variable. See the section "Referencing local environment variables from func.yaml fields" for more information.
- From a key-value pair stored in a secret or config map.
- You can also import all key-value pairs stored in a secret or config map, with keys used as names of the created environment variables.
The following examples demonstrates the different ways to set an environment variable:
name: test
namespace: ""
runtime: go
...
envs:
- name: EXAMPLE1
value: value
- name: EXAMPLE2
value: '{{ env:LOCAL_ENV_VALUE }}'
- name: EXAMPLE3
value: '{{ secret:mysecret:key }}'
- name: EXAMPLE4
value: '{{ configMap:myconfigmap:key }}'
- value: '{{ secret:mysecret2 }}'
- value: '{{ configMap:myconfigmap2 }}'-
name: EXAMPLE1: An environment variable set directly from a value. -
name: EXAMPLE2: An environment variable set from a value assigned to a local environment variable. -
name: EXAMPLE3: An environment variable assigned from a key-value pair stored in a secret. -
name: EXAMPLE4: An environment variable assigned from a key-value pair stored in a config map. -
secret:mysecret2: A set of environment variables imported from key-value pairs of a secret. -
configMap:myconfigmap2: A set of environment variables imported from key-value pairs of a config map.
13.4.1.3. builder
The builder field specifies the strategy used by the function to build the image. It accepts values of pack or s2i.
13.4.1.4. build
The build field indicates how the function should be built. The value local indicates that the function is built locally on your machine. The value git indicates that the function is built on a cluster by using the values specified in the git field.
13.4.1.5. volumes
You can use the volumes field to mount secrets and config maps as volumes that the function can access at the specified path, as shown in the following example:
name: test
namespace: ""
runtime: go
...
volumes:
- secret: mysecret
path: /workspace/secret
- configMap: myconfigmap
path: /workspace/configmap-
secret: mysecret: The system mounts themysecretsecret as a volume at/workspace/secret. -
configMap: myconfigmap: The system mounts themyconfigmapconfig map as a volume at/workspace/configmap.
13.4.1.6. options
You can use the options field to change Knative Service properties for the deployed function, such as autoscaling. If you do not set these options, the system uses default values.
These options are available:
scale-
min: The minimum number of replicas. Must be a non-negative integer. The default is 0. -
max: The maximum number of replicas. Must be a non-negative integer. The default is 0, which means no limit. -
metric: Defines which metric type is watched by the Autoscaler. It can be set toconcurrency, which is the default, orrps. -
target: Recommendation for when to scale up based on the number of concurrently incoming requests. Thetargetoption can be a float value greater than 0.01. The default is 100, unless theoptions.resources.limits.concurrencyis set, in which casetargetdefaults to its value. -
utilization: Percentage of concurrent requests usage allowed before scaling up. It can be a float value between 1 and 100. The default is 70.
-
resourcesrequests-
cpu: A CPU resource request for the container with deployed function. -
memory: A memory resource request for the container with deployed function.
-
limits-
cpu: A CPU resource limit for the container with deployed function. -
memory: A memory resource limit for the container with deployed function. -
concurrency: Hard Limit of concurrent requests to be processed by a single replica. It can be integer value greater than or equal to 0, default is 0 - meaning no limit.
-
This is an example configuration of the scale options:
name: test
namespace: ""
runtime: go
...
options:
scale:
min: 0
max: 10
metric: concurrency
target: 75
utilization: 75
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m
memory: 256Mi
concurrency: 10013.4.1.7. image
The image field sets the image name for your function after it has been built. You can change this field. If you do, the next time you run kn func build or kn func deploy, the function image will be created with the new name.
13.4.1.8. imageDigest
The imageDigest field contains the SHA256 hash of the image manifest when the function is deployed. Do not change this value.
13.4.1.9. labels
The labels field enables you to set labels on a deployed function.
You can set a label directly from a value. In the following example, the label with the role key is directly assigned the value of backend:
labels:
- key: role
value: backend
You can also set a label from a local environment variable. In the following example, the label with the author key is assigned the value of the USER local environment variable:
labels:
- key: author
value: '{{ env:USER }}'13.4.1.10. name
The name field defines the name of your function. This value is used as the name of your Knative service when it is deployed. You can change this field to rename the function on next deployments.
13.4.1.11. namespace
The namespace field specifies the namespace in which your function is deployed.
13.4.1.12. runtime
The runtime field specifies the language runtime for your function, for example, python.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}