134 lines
4.8 KiB
Markdown
134 lines
4.8 KiB
Markdown
# Skybridge FaaS Implementation Guide
|
|
|
|
This document explains the implementation of the Function-as-a-Service (FaaS) component in Skybridge, specifically focusing on the Docker runtime implementation that replaced the original mock implementation.
|
|
|
|
## Overview
|
|
|
|
The Skybridge FaaS platform allows users to deploy and execute functions in isolated containers. The implementation consists of several key components:
|
|
|
|
1. **Function Management**: CRUD operations for function definitions
|
|
2. **Execution Engine**: Runtime backend for executing functions
|
|
3. **Repository Layer**: Data persistence for functions and executions
|
|
4. **Services Layer**: Business logic implementation
|
|
5. **API Layer**: RESTful interface for managing functions
|
|
|
|
## Docker Runtime Implementation
|
|
|
|
The original implementation contained a mock Docker runtime (`faas/internal/runtime/docker/simple.go`) that didn't actually interact with Docker. The new implementation provides real container execution capabilities.
|
|
|
|
### Key Features Implemented
|
|
|
|
1. **Real Docker Client Integration**: Uses the official Docker client library to communicate with the Docker daemon
|
|
2. **Container Lifecycle Management**: Creates, starts, waits for, and cleans up containers
|
|
3. **Image Management**: Pulls images when they don't exist locally
|
|
4. **Resource Limiting**: Applies memory limits to containers
|
|
5. **Input/Output Handling**: Passes input to functions and captures output
|
|
6. **Logging**: Retrieves container logs for debugging
|
|
7. **Health Checks**: Verifies Docker daemon connectivity
|
|
|
|
### Implementation Details
|
|
|
|
#### Container Creation
|
|
|
|
The `createContainer` method creates a Docker container with the following configuration:
|
|
|
|
- **Environment Variables**: Function environment variables plus input data
|
|
- **Resource Limits**: Memory limits based on function configuration
|
|
- **Attached Streams**: STDOUT and STDERR for log capture
|
|
|
|
#### Function Execution Flow
|
|
|
|
1. **Container Creation**: Creates a container from the function's Docker image
|
|
2. **Container Start**: Starts the container execution
|
|
3. **Wait for Completion**: Waits for the container to finish execution
|
|
4. **Result Collection**: Gathers output, logs, and execution metadata
|
|
5. **Cleanup**: Removes the container to free resources
|
|
|
|
#### Error Handling
|
|
|
|
The implementation includes comprehensive error handling:
|
|
|
|
- **Connection Errors**: Handles Docker daemon connectivity issues
|
|
- **Container Errors**: Manages container creation and execution failures
|
|
- **Resource Errors**: Handles resource constraint violations
|
|
- **Graceful Cleanup**: Ensures containers are cleaned up even on failures
|
|
|
|
## Testing
|
|
|
|
### Unit Tests
|
|
|
|
Unit tests are located in `faas/test/integration/` and cover:
|
|
|
|
- Docker runtime health checks
|
|
- Container creation and execution
|
|
- Error conditions
|
|
|
|
### Example Function
|
|
|
|
An example "Hello World" function is provided in `faas/examples/hello-world/` to demonstrate:
|
|
|
|
- Function structure and implementation
|
|
- Docker image creation
|
|
- Local testing
|
|
- Deployment to Skybridge FaaS
|
|
|
|
## Deployment
|
|
|
|
### Prerequisites
|
|
|
|
1. Docker daemon running and accessible
|
|
2. Docker socket mounted to the FaaS service container (as shown in `docker-compose.yml`)
|
|
3. Required permissions to access Docker
|
|
|
|
### Configuration
|
|
|
|
The FaaS service reads configuration from environment variables:
|
|
|
|
- `FAAS_DEFAULT_RUNTIME`: Should be set to "docker"
|
|
- Docker socket path: Typically `/var/run/docker.sock`
|
|
|
|
## Security Considerations
|
|
|
|
The current implementation has basic security features:
|
|
|
|
- **Container Isolation**: Functions run in isolated containers
|
|
- **Resource Limits**: Prevents resource exhaustion
|
|
- **Image Verification**: Only pulls trusted images
|
|
|
|
For production use, consider implementing:
|
|
|
|
- Container user restrictions
|
|
- Network isolation
|
|
- Enhanced logging and monitoring
|
|
- Authentication and authorization for Docker operations
|
|
|
|
## Performance Optimizations
|
|
|
|
Potential performance improvements include:
|
|
|
|
- **Image Caching**: Pre-pull commonly used images
|
|
- **Container Pooling**: Maintain a pool of ready containers
|
|
- **Parallel Execution**: Optimize concurrent function execution
|
|
- **Resource Monitoring**: Track and optimize resource usage
|
|
|
|
## Future Enhancements
|
|
|
|
Planned enhancements include:
|
|
|
|
1. **Multiple Runtime Support**: Add support for Podman and other container runtimes
|
|
2. **Advanced Resource Management**: CPU quotas, disk limits
|
|
3. **Enhanced Monitoring**: Detailed metrics and tracing
|
|
4. **Improved Error Handling**: More granular error reporting
|
|
5. **Security Hardening**: Additional security measures for container execution
|
|
|
|
## API Usage
|
|
|
|
The FaaS API provides endpoints for:
|
|
|
|
- **Function Management**: Create, read, update, delete functions
|
|
- **Deployment**: Deploy functions to prepare for execution
|
|
- **Execution**: Execute functions synchronously or asynchronously
|
|
- **Monitoring**: View execution status, logs, and metrics
|
|
|
|
Refer to the API documentation endpoint (`/api/docs`) for detailed information.
|