| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| # common logging configuration see common scala |
| include "logging" |
| include "akka-http-version" |
| |
| whisk { |
| blacklist { |
| poll-interval: 5 minutes |
| } |
| |
| docker.client { |
| # Docker < 1.13.1 has a known problem: if more than 10 containers are created (docker run) |
| # concurrently, there is a good chance that some of them will fail. |
| # See https://github.com/moby/moby/issues/29369 |
| # Use a semaphore to make sure that at most 10 `docker run` commands are active |
| # the same time. |
| # 0 means that there are infinite parallel runs. |
| parallel-runs: 10 |
| |
| # hide args passed into docker run command when logging docker run command |
| mask-docker-run-args: false |
| |
| # Timeouts for docker commands. Set to "Inf" to disable timeout. |
| timeouts { |
| run: 1 minute |
| rm: 1 minute |
| pull: 10 minutes |
| ps: 1 minute |
| inspect: 1 minute |
| pause: 10 seconds |
| unpause: 10 seconds |
| version: 10 seconds |
| } |
| } |
| |
| docker.container-factory { |
| # Use runc for pause/resume functionality in DockerContainerFactory |
| use-runc: true |
| } |
| |
| docker.standalone.container-factory { |
| #If enabled then pull would also be attempted for standard OpenWhisk images under`openwhisk` prefix |
| pull-standard-images: false |
| } |
| |
| container-pool { |
| user-memory: 1024 m |
| concurrent-peek-factor: 0.5 #factor used to limit message peeking: 0 < factor <= 1.0 - larger number improves concurrent processing, but increases risk of message loss during invoker crash |
| akka-client: false # if true, use PoolingContainerClient for HTTP from invoker to action container (otherwise use ApacheBlockingContainerClient) |
| prewarm-expiration-check-init-delay: 10 minute # the init delay time for the first check |
| prewarm-expiration-check-interval: 10 minute # period to check for prewarm expiration |
| prewarm-expiration-check-interval-variance: 10 seconds # varies expiration across invokers to avoid many concurrent expirations |
| prewarm-expiration-limit: 100 # number of prewarms to expire in one expiration cycle (remaining expired will be considered for expiration in next cycle) |
| prewarm-max-retry-limit: 5 # max subsequent retry limit to create prewarm containers |
| prewarm-promotion: false # if true, action can take prewarm container which has bigger memory |
| memory-sync-interval: 1 second # period to sync memory info to etcd |
| batch-deletion-size: 10 # batch size for removing containers when disable invoker, too big value may cause docker/k8s overload |
| # optional setting to specify the total allocatable cpus for all action containers, each container will get a fraction of this proportional to its allocated memory to limit the cpu |
| # user-cpus: 1 |
| } |
| |
| kubernetes { |
| # Timeouts for k8s commands. Set to "Inf" to disable timeout. |
| timeouts { |
| run: 1 minute |
| logs: 1 minute |
| } |
| user-pod-node-affinity { |
| enabled: true |
| key: "openwhisk-role" |
| value: "invoker" |
| } |
| # Enables forwarding to remote port via a local random port. This mode is mostly useful |
| # for development via Standalone mode |
| port-forwarding-enabled = false |
| |
| # Pod template used as base for Action Pods created. It can be either |
| # 1. Reference to file `file:/path/to/template.yml` |
| # 2. OR yaml formatted multi line string. See multi line config support https://github.com/lightbend/config/blob/master/HOCON.md#multi-line-strings |
| # |
| #pod-template = |
| |
| # Set this optional string to be the namespace that the invoker should target for adding pods. This allows the invoker to run in a namesapce it doesn't have API access to but add pods to another namespace. See also https://github.com/apache/openwhisk/issues/4711 |
| # When not set the underlying client may pickup the namesapce from the kubeconfig or via system property setting. |
| # See https://github.com/fabric8io/kubernetes-client#configuring-the-client for more information. |
| # action-namespace = "ns-actions" |
| |
| #scale milliCPU config per segment of memory: 100 milliCPU == .1 vcpu per https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/ |
| #code will append the "m" after calculating the number of milliCPU |
| #if missing, the pod will be created without cpu request/limit (and use the default for that namespace/cluster) |
| #if specified, the pod will be created with cpu request+limit set as (action memory limit / cpu-scaling.memory) * cpu-scaling.millicpus; with max of cpu-scaling.max-millicpus and min of cpu-scaling.millicpus |
| #cpu-scaling { |
| # millicpus = 100 |
| # memory = 256 m |
| # max-millicpus = 4000 |
| #} |
| |
| # Action pods can be injected with pod data using field refs to the pod spec (aka The Downward API): |
| # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/#use-pod-fields-as-values-for-environment-variables |
| #field-ref-environment: { |
| # "POD_NAMESPACE":"metadata.namespace", |
| # "POD_NAME":"metadata.name", |
| # "POD_UID": "metadata.uid" |
| #} |
| |
| #if missing, the pod will be created without ephermal disk request/limit |
| #if specified, the pod will be created with ephemeral-storage request+limit set or using the scale factor |
| #as a multiple of the request memory. If the scaled value exceeds the limit, the limit will be used so, it's good |
| #practice to set the limit if you plan on using the scale-factor. |
| #See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#local-ephemeral-storage |
| #ephemeral-storage { |
| # limit = 2 g |
| # scale-factor = 2.0 |
| #} |
| |
| #enable PodDisruptionBudget creation for pods? (will include same labels as pods, and specify minAvailable=1 to prevent termination of action pods during maintenance) |
| pdb-enabled = false |
| } |
| |
| # Timeouts for runc commands. Set to "Inf" to disable timeout. |
| runc.timeouts { |
| pause: 10 seconds |
| resume: 10 seconds |
| } |
| |
| # args for 'docker run' to use |
| container-factory { |
| container-args { |
| network: bridge |
| # See https://docs.docker.com/config/containers/container-networking/#dns-services for documentation of dns-* |
| dns-servers: [] |
| dns-search: [] |
| dns-options: [] |
| extra-env-vars: [] # sequence of `key` and/or `key=value` bindings to add to all user action container environments |
| extra-args: {} # to pass additional args to 'docker run'; format is `{key1: [v1, v2], key2: [v1, v2]}` |
| } |
| runtimes-registry { |
| url: "" |
| } |
| user-images-registry { |
| url: "" |
| } |
| } |
| |
| container-proxy { |
| timeouts { |
| # The "unusedTimeout" in the ContainerProxy, |
| #aka 'How long should a container sit idle until we kill it?' |
| idle-container = 10 minutes |
| pause-grace = 10 seconds |
| keeping-duration = 10 minutes |
| } |
| action-health-check { |
| enabled = false # if true, prewarm containers will be pinged periodically and warm containers will be pinged once after resumed |
| check-period = 3 seconds # how often should prewarm containers be pinged (tcp connection attempt) |
| max-fails = 3 # prewarm containers that fail this number of times will be destroyed and replaced |
| } |
| |
| log-activation-errors { |
| application-errors = false |
| developer-errors = false |
| whisk-errors = true |
| } |
| } |
| |
| # tracing configuration |
| tracing { |
| component = "Invoker" |
| } |
| |
| invoker { |
| username: "invoker.user" |
| password: "invoker.pass" |
| protocol: http |
| |
| resource { |
| tags: "" |
| } |
| dedicated { |
| namespaces: "" |
| } |
| } |
| runtime.delete.timeout = "30 seconds" |
| } |