core/invoker/src/main/resources/application.conf - openwhisk - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 # common logging configuration see common scala
 include "logging"
 include "akka-http-version"

 whisk {
   blacklist {
     poll-interval: 5 minutes
   }

   docker.client {
     # Docker < 1.13.1 has a known problem: if more than 10 containers are created (docker run)
     # concurrently, there is a good chance that some of them will fail.
     # See https://github.com/moby/moby/issues/29369
     # Use a semaphore to make sure that at most 10 `docker run` commands are active
     # the same time.
     # 0 means that there are infinite parallel runs.
     parallel-runs: 10

     # hide args passed into docker run command when logging docker run command
     mask-docker-run-args: false

     # Timeouts for docker commands. Set to "Inf" to disable timeout.
     timeouts {
       run: 1 minute
       rm: 1 minute
       pull: 10 minutes
       ps: 1 minute
       inspect: 1 minute
       pause: 10 seconds
       unpause: 10 seconds
       version: 10 seconds
     }
   }

   docker.container-factory {
     # Use runc for pause/resume functionality in DockerContainerFactory
     use-runc: true
   }

   docker.standalone.container-factory {
     #If enabled then pull would also be attempted for standard OpenWhisk images under`openwhisk` prefix
     pull-standard-images: false
   }

   container-pool {
     user-memory: 1024 m
     concurrent-peek-factor: 0.5 #factor used to limit message peeking: 0 < factor <= 1.0 - larger number improves concurrent processing, but increases risk of message loss during invoker crash
     akka-client:  false # if true, use PoolingContainerClient for HTTP from invoker to action container (otherwise use ApacheBlockingContainerClient)
     prewarm-expiration-check-init-delay: 10 minute # the init delay time for the first check
     prewarm-expiration-check-interval: 10 minute # period to check for prewarm expiration
     prewarm-expiration-check-interval-variance: 10 seconds # varies expiration across invokers to avoid many concurrent expirations
     prewarm-expiration-limit: 100 # number of prewarms to expire in one expiration cycle (remaining expired will be considered for expiration in next cycle)
     prewarm-max-retry-limit: 5 # max subsequent retry limit to create prewarm containers
     prewarm-promotion: false # if true, action can take prewarm container which has bigger memory
     memory-sync-interval: 1 second # period to sync memory info to etcd
     batch-deletion-size: 10 # batch size for removing containers when disable invoker, too big value may cause docker/k8s overload
     # optional setting to specify the total allocatable cpus for all action containers, each container will get a fraction of this proportional to its allocated memory to limit the cpu
     # user-cpus: 1
   }

   kubernetes {
     # Timeouts for k8s commands. Set to "Inf" to disable timeout.
     timeouts {
       run: 1 minute
       logs: 1 minute
     }
     user-pod-node-affinity {
       enabled: true
       key: "openwhisk-role"
       value: "invoker"
     }
     # Enables forwarding to remote port via a local random port. This mode is mostly useful
     # for development via Standalone mode
     port-forwarding-enabled = false

     # Pod template used as base for Action Pods created. It can be either
     #  1. Reference to file `file:/path/to/template.yml`
     #  2. OR yaml formatted multi line string. See multi line config support https://github.com/lightbend/config/blob/master/HOCON.md#multi-line-strings
     #
     #pod-template =

     # Set this optional string to be the namespace that the invoker should target for adding pods. This allows the invoker to run in a namesapce it doesn't have API access to but add pods to another namespace. See also https://github.com/apache/openwhisk/issues/4711
     # When not set the underlying client may pickup the namesapce from the kubeconfig or via system property setting.
     # See https://github.com/fabric8io/kubernetes-client#configuring-the-client for more information.
     # action-namespace = "ns-actions"

     #scale milliCPU config per segment of memory: 100 milliCPU == .1 vcpu per https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/
     #code will append the "m" after calculating the number of milliCPU
     #if missing, the pod will be created without cpu request/limit (and use the default for that namespace/cluster)
     #if specified, the pod will be created with cpu request+limit set as (action memory limit / cpu-scaling.memory) * cpu-scaling.millicpus; with max of cpu-scaling.max-millicpus and min of cpu-scaling.millicpus
     #cpu-scaling {
     #  millicpus = 100
     #  memory = 256 m
     #  max-millicpus = 4000
     #}

     # Action pods can be injected with pod data using field refs to the pod spec (aka The Downward API):
     # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/#use-pod-fields-as-values-for-environment-variables
     #field-ref-environment: {
     #  "POD_NAMESPACE":"metadata.namespace",
     #  "POD_NAME":"metadata.name",
     #  "POD_UID": "metadata.uid"
     #}

     #if missing, the pod will be created without ephermal disk request/limit
     #if specified, the pod will be created with ephemeral-storage request+limit set or using the scale factor
     #as a multiple of the request memory. If the scaled value exceeds the limit, the limit will be used so, it's good
     #practice to set the limit if you plan on using the scale-factor.
     #See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#local-ephemeral-storage
     #ephemeral-storage {
     #  limit = 2 g
     #  scale-factor = 2.0
     #}

     #enable PodDisruptionBudget creation for pods? (will include same labels as pods, and specify minAvailable=1 to prevent termination of action pods during maintenance)
     pdb-enabled = false
   }

   # Timeouts for runc commands. Set to "Inf" to disable timeout.
   runc.timeouts {
     pause: 10 seconds
     resume: 10 seconds
   }

   # args for 'docker run' to use
   container-factory {
     container-args {
       network: bridge
       # See https://docs.docker.com/config/containers/container-networking/#dns-services for documentation of dns-*
       dns-servers: []
       dns-search: []
       dns-options: []
       extra-env-vars: [] # sequence of `key` and/or `key=value` bindings to add to all user action container environments
       extra-args: {}   # to pass additional args to 'docker run'; format is `{key1: [v1, v2], key2: [v1, v2]}`
     }
     runtimes-registry {
       url: ""
     }
     user-images-registry {
       url: ""
     }
   }

   container-proxy {
     timeouts {
       # The "unusedTimeout" in the ContainerProxy,
       #aka 'How long should a container sit idle until we kill it?'
       idle-container = 10 minutes
       pause-grace = 10 seconds
       keeping-duration = 10 minutes
     }
     action-health-check {
       enabled = false # if true, prewarm containers will be pinged periodically and warm containers will be pinged once after resumed
       check-period = 3 seconds # how often should prewarm containers be pinged (tcp connection attempt)
       max-fails = 3 # prewarm containers that fail this number of times will be destroyed and replaced
     }

     log-activation-errors {
       application-errors = false
       developer-errors = false
       whisk-errors = true
     }
   }

   # tracing configuration
   tracing {
     component = "Invoker"
   }

   invoker {
     username: "invoker.user"
     password: "invoker.pass"
     protocol: http

     resource {
       tags: ""
     }
     dedicated {
       namespaces: ""
     }
   }
   runtime.delete.timeout = "30 seconds"
 }
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	# common logging configuration see common scala
	include "logging"
	include "akka-http-version"

	whisk {
	blacklist {
	poll-interval: 5 minutes
	}

	docker.client {
	# Docker < 1.13.1 has a known problem: if more than 10 containers are created (docker run)
	# concurrently, there is a good chance that some of them will fail.
	# See https://github.com/moby/moby/issues/29369
	# Use a semaphore to make sure that at most 10 `docker run` commands are active
	# the same time.
	# 0 means that there are infinite parallel runs.
	parallel-runs: 10

	# hide args passed into docker run command when logging docker run command
	mask-docker-run-args: false

	# Timeouts for docker commands. Set to "Inf" to disable timeout.
	timeouts {
	run: 1 minute
	rm: 1 minute
	pull: 10 minutes
	ps: 1 minute
	inspect: 1 minute
	pause: 10 seconds
	unpause: 10 seconds
	version: 10 seconds
	}
	}

	docker.container-factory {
	# Use runc for pause/resume functionality in DockerContainerFactory
	use-runc: true
	}

	docker.standalone.container-factory {
	#If enabled then pull would also be attempted for standard OpenWhisk images under`openwhisk` prefix
	pull-standard-images: false
	}

	container-pool {
	user-memory: 1024 m
	concurrent-peek-factor: 0.5 #factor used to limit message peeking: 0 < factor <= 1.0 - larger number improves concurrent processing, but increases risk of message loss during invoker crash
	akka-client: false # if true, use PoolingContainerClient for HTTP from invoker to action container (otherwise use ApacheBlockingContainerClient)
	prewarm-expiration-check-init-delay: 10 minute # the init delay time for the first check
	prewarm-expiration-check-interval: 10 minute # period to check for prewarm expiration
	prewarm-expiration-check-interval-variance: 10 seconds # varies expiration across invokers to avoid many concurrent expirations
	prewarm-expiration-limit: 100 # number of prewarms to expire in one expiration cycle (remaining expired will be considered for expiration in next cycle)
	prewarm-max-retry-limit: 5 # max subsequent retry limit to create prewarm containers
	prewarm-promotion: false # if true, action can take prewarm container which has bigger memory
	memory-sync-interval: 1 second # period to sync memory info to etcd
	batch-deletion-size: 10 # batch size for removing containers when disable invoker, too big value may cause docker/k8s overload
	# optional setting to specify the total allocatable cpus for all action containers, each container will get a fraction of this proportional to its allocated memory to limit the cpu
	# user-cpus: 1
	}

	kubernetes {
	# Timeouts for k8s commands. Set to "Inf" to disable timeout.
	timeouts {
	run: 1 minute
	logs: 1 minute
	}
	user-pod-node-affinity {
	enabled: true
	key: "openwhisk-role"
	value: "invoker"
	}
	# Enables forwarding to remote port via a local random port. This mode is mostly useful
	# for development via Standalone mode
	port-forwarding-enabled = false

	# Pod template used as base for Action Pods created. It can be either
	# 1. Reference to file `file:/path/to/template.yml`
	# 2. OR yaml formatted multi line string. See multi line config support https://github.com/lightbend/config/blob/master/HOCON.md#multi-line-strings
	#
	#pod-template =

	# Set this optional string to be the namespace that the invoker should target for adding pods. This allows the invoker to run in a namesapce it doesn't have API access to but add pods to another namespace. See also https://github.com/apache/openwhisk/issues/4711
	# When not set the underlying client may pickup the namesapce from the kubeconfig or via system property setting.
	# See https://github.com/fabric8io/kubernetes-client#configuring-the-client for more information.
	# action-namespace = "ns-actions"

	#scale milliCPU config per segment of memory: 100 milliCPU == .1 vcpu per https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/
	#code will append the "m" after calculating the number of milliCPU
	#if missing, the pod will be created without cpu request/limit (and use the default for that namespace/cluster)
	#if specified, the pod will be created with cpu request+limit set as (action memory limit / cpu-scaling.memory) * cpu-scaling.millicpus; with max of cpu-scaling.max-millicpus and min of cpu-scaling.millicpus
	#cpu-scaling {
	# millicpus = 100
	# memory = 256 m
	# max-millicpus = 4000
	#}

	# Action pods can be injected with pod data using field refs to the pod spec (aka The Downward API):
	# https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/#use-pod-fields-as-values-for-environment-variables
	#field-ref-environment: {
	# "POD_NAMESPACE":"metadata.namespace",
	# "POD_NAME":"metadata.name",
	# "POD_UID": "metadata.uid"
	#}

	#if missing, the pod will be created without ephermal disk request/limit
	#if specified, the pod will be created with ephemeral-storage request+limit set or using the scale factor
	#as a multiple of the request memory. If the scaled value exceeds the limit, the limit will be used so, it's good
	#practice to set the limit if you plan on using the scale-factor.
	#See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#local-ephemeral-storage
	#ephemeral-storage {
	# limit = 2 g
	# scale-factor = 2.0
	#}

	#enable PodDisruptionBudget creation for pods? (will include same labels as pods, and specify minAvailable=1 to prevent termination of action pods during maintenance)
	pdb-enabled = false
	}

	# Timeouts for runc commands. Set to "Inf" to disable timeout.
	runc.timeouts {
	pause: 10 seconds
	resume: 10 seconds
	}

	# args for 'docker run' to use
	container-factory {
	container-args {
	network: bridge
	# See https://docs.docker.com/config/containers/container-networking/#dns-services for documentation of dns-*
	dns-servers: []
	dns-search: []
	dns-options: []
	extra-env-vars: [] # sequence of `key` and/or `key=value` bindings to add to all user action container environments
	extra-args: {} # to pass additional args to 'docker run'; format is `{key1: [v1, v2], key2: [v1, v2]}`
	}
	runtimes-registry {
	url: ""
	}
	user-images-registry {
	url: ""
	}
	}

	container-proxy {
	timeouts {
	# The "unusedTimeout" in the ContainerProxy,
	#aka 'How long should a container sit idle until we kill it?'
	idle-container = 10 minutes
	pause-grace = 10 seconds
	keeping-duration = 10 minutes
	}
	action-health-check {
	enabled = false # if true, prewarm containers will be pinged periodically and warm containers will be pinged once after resumed
	check-period = 3 seconds # how often should prewarm containers be pinged (tcp connection attempt)
	max-fails = 3 # prewarm containers that fail this number of times will be destroyed and replaced
	}

	log-activation-errors {
	application-errors = false
	developer-errors = false
	whisk-errors = true
	}
	}

	# tracing configuration
	tracing {
	component = "Invoker"
	}

	invoker {
	username: "invoker.user"
	password: "invoker.pass"
	protocol: http

	resource {
	tags: ""
	}
	dedicated {
	namespaces: ""
	}
	}
	runtime.delete.timeout = "30 seconds"
	}