Serverless

Overview

"Serverless" refers to an architecture in which the infrastructure of your applications is managed by cloud providers. Contrary to its name, a serverless application does require a server but it doesn't require you to run and manage it on your own. Instead, you subscribe to a given cloud provider, such as AWS, Azure or GCP, and pay a subscription fee only for the resources you actually use. Since the resource allocation can be dynamic and depends on your current needs, the serverless model is particularly cost-effective when you want to implement a certain logic that is triggered on demand. Simply, you get your things done and don't pay for the infrastructure that sits idle.

Similarly to cloud providers, Kyma offers a service (known as "functions-as-a-service" or "FaaS") that provides a platform on which you can build, run, and manage serverless applications in Kubernetes. These applications are called Functions and are based on the Function CR objects. They are simple code snippets that implement the exact business logic you define in them. After you create a Function, you can:

  • Configure it to be triggered by events coming from external sources to which you subscribe.
  • Expose it to an external endpoint (HTTPS).

Architecture

Serverless relies heavily on Kubernetes resources. It uses Deployments, Services and HorizontalPodAutoscalers to deploy and manage Functions, and Kubernetes Jobs to create Docker images. See how these and other resources process a Function within a Kyma cluster:

Serverless architecture

CAUTION: Serverless imposes some requirements on the setup of Namespaces. If you create a new Namespace, do not disable sidecar injection in it as Serverless requires Istio for other resources to communicate with Functions correctly. Also, if you apply custom LimitRanges for a new Namespace, they must be higher than or equal to the limits for building Jobs' resources.

  1. Create a Function either through the UI or by applying a Function custom resource (CR). This CR contains the Function definition (business logic that you want to execute) and information on the environment on which it should run.

  2. Before the Function can be saved or modified, it is first updated and then verified by the defaulting and validation webhooks respectively.

  3. Function Controller (FC) detects the new, validated Function CR.

  4. FC creates a ConfigMap with the Function definition.

  5. Based on the ConfigMap, FC creates a Kubernetes Job that triggers the creation of a Function image.

  6. The Job creates a Pod which builds the production Docker image based on the Function's definition. The Job then pushes this image to a Docker registry.

    NOTE: Serverless offers a built-in internal Docker registry that is suitable for local development. For production purposes, switch to an external Docker registry.

  7. FC monitors the Job status. When the image creation finishes successfully, FC creates a Deployment that uses the newly built image.

  8. FC creates a Service that points to the Deployment.

  9. FC creates a HorizontalPodAutoscaler that automatically scales the number of Pods in the Deployment based on the observed CPU utilization.

  10. FC waits for the Deployment to become ready.

Details

Runtimes

Functions support multiple languages through the use of runtimes. To use a chosen runtime, add its name and version as a value in the spec.runtime field of the Function custom resource (CR). If this value is not specified, it defaults to nodejs12. Dependencies for a Node.js Function should be specified using the package.json file format. Dependencies for a Python Function should follow the format used by pip.

See sample Functions for all available runtime:

CAUTION: When you create a Function, the exported object in the Function's body must have main as the handler name.

  • Node.js 12
  • Node.js 10
  • Python 3.8

Git source type

Serverless in Kyma allows you to choose where you want to keep your Function's source code and dependencies. You can either place them directly in the Function custom resource (CR) under the spec.source and spec.deps fields as an inline Function, or store the code and dependencies in a public or private Git repository. Choosing the second option ensures your Function is versioned and gives you more development freedom in the choice of a project structure or an IDE.

Depending on a runtime you use to build your Function (Node.js 12, Node.js 10, or Python 3.8), your Git repository must contain at least a directory with these files:

  • handler.js or handler.py with Function's code
  • package.json or requirements.txt with Function's dependencies

The Function CR must contain type: git to specify that you use a Git repository for the Function's sources.

To create a Function with the Git source, you must:

  1. Create a GitRepository CR with details of your Git repository.
  2. Create a Secret (optional, only if you must authenticate to the repository).
  3. Create a Function CR with your Function definition and references to the Git repository.

NOTE: For detailed steps, see the tutorial on creating a Function from Git repository sources.

You can have various setups for your Function's Git source with different:

  • Directory structures

    You can specify the location of your code dependencies with the baseDir parameter in the Function CR. For example, use "/" if you keep the source files at the root of your repository.

  • Authentication methods

    You can define with the spec.auth parameter in the GitRepository CR that you must authenticate to the repository with a password or token (basic), or an SSH key (key).

  • Function's rebuild triggers

    You can use the reference parameter in the GitRepository CR to define whether the Function Controller must monitor a given branch or commit in the Git repository to rebuild the Function upon their changes.

Supported webhooks

A newly created or modified Function CR is first updated by the defaulting webhook and then verified by the validation webhook before the Function Controller starts to process it.

Defaulting webhook

NOTE: It only applies to the Function custom resource (CR).

The defaulting webhook sets the default values for CPU and memory requests and limits, and adds the maximum and the minimum number of replicas, if not specified already in the Function CR. It also sets the default runtime nodejs12 unless specified otherwise.

ParameterDefault value
requestCpu50m
requestMemory64Mi
limitsCpu100m
limitsMemory128Mi
minReplicas1
maxReplicas1
runtimenodejs12

Validation webhook

It checks the following conditions for these CRs:

  1. Function CR

    • Minimum values requested for CPU, memory, and replicas are not lower than the required ones:
    ParameterRequired value
    minRequestCpu10m
    minRequestMemory16Mi
    minReplicasValue1
    • Requests are lower than or equal to limits, and the minimum number of replicas is lower than or equal to the maximum one.
    • The Function CR contains all the required parameters.
    • If you decide to set a Git repository as the source of your Function's code and dependencies (spec.type set to git), the spec.reference and spec.baseDir fields must contain values.
    • The format of deps, envs, labels, and the Function name (RFC 1035) is correct.
    • The Function CR contains any envs reserved for the Deployment: FUNC_RUNTIME, FUNC_HANDLER, FUNC_PORT, MOD_NAME, NODE_PATH, PYTHONPATH.
  2. GitRepository CR

    • The spec.url parameter must:

      • Not be empty
      • Start with the http(s), git, or ssh prefix
      • End with the .git suffix
    • If your Function's code and dependencies are stored in a Git repository that requires authentication (spec.auth):

      • spec.auth.type must be set to either key (SSH key) or basic (password or token)
      • spec.auth.secretName must not be empty

Exposing Functions

To access a Function within the cluster, use the {function-name}.{namespace}.svc.cluster.local endpoint, such as test-function.default.svc.cluster.local. To expose a Function outside the cluster, you must create an APIRule custom resource (CR):

Expose a Function service

  1. Create the APIRule CR where you specify the Function to expose, define an Oathkeeper Access Rule to secure it, and list which HTTP request methods you want to enable for it.

  2. The API Gateway Controller detects a new APIRule CR and reads its definition.

  3. The API Gateway Controller creates an Istio Virtual Service and Access Rules according to details specified in the CR. Such a Function service is available under the {host-name}.{domain} endpoint, such as my-function.kyma.local.

This way you can specify multiple API Rules with different authentication methods for a single Function service.

TIP: See the tutorial for a detailed example.

NOTE: If you are using Minikube, before you can access the function you must add the endpoint to the Minikube IP entry in the /etc/hosts file.

Function processing

From the moment you create a Function (Function CR) until the time it is ready, it goes through three processing stages that are defined as these condition types:

  1. ConfigurationReady (PrinterColumn CONFIGURED)
  2. BuildReady (PrinterColumn BUILT)
  3. Running (PrinterColumn RUNNING)

For a Function to be considered ready, the status of all three conditions must be True:

Click to copy
NAME CONFIGURED BUILT RUNNING RUNTIME VERSION AGE
test-function True True True nodejs12 1 96s

When you update an existing Function, conditions change asynchronously depending on the change type.

The diagrams illustrate all three core status changes in the Function processing circle that the Function Controller handles. They also list all custom resources involved in this process and specify in which cases their update is required.

NOTE: Before you start reading, see the Function CR document for the custom resource detailed definition, the list of all Function's condition types and reasons for their success or failure.

Configured

This initial phase starts when you create a Function CR with configuration specifying the Function's setup. It ends with creating a ConfigMap that is used as a building block for a Function image.

Function configured

Built

This phase involves creating and processing the Job CR. It ends successfully when the Function image is built and sent to the Docker registry. If the image already exists and only an update is required, the Docker image receives a new tag.

Updating an existing Function requires an image rebuild only if you change the Function's body (source) or dependencies (deps). An update of Function's other configuration details, such as environment variables, replicas, resources, or labels, does not require image rebuild as it only affects the Deployment.

NOTE: Each time you update Function's configuration, the Function Controller deletes all previous Job CRs for the given Function's UID.

Function built

Running

This stage revolves around creating a Deployment, Service and HorizontalPodAutoscaler or updating them when configuration changes were made in the Function CR or the Function image was rebuilt.

In general, the Deployment is considered updated when both configuration and the image tag in the Deployment are up to date. Service and HorizontalPodAutoscaler are considered updated when there are proper labels set and configuration is up to date.

Thanks to the implemented reconciliation loop, the Function Controller constantly observes all newly created or updated resources. If it detects changes, it fetches the appropriate resource's status and only then updates the Function's status.

Function running

Security

To eliminate potential security risks when using Functions, bear in mind these few facts:

  • Kyma does not run any security scans against Functions and their images. Before you store any sensitive data in Functions, consider the potential risk of data leakage.

  • By default, JSON Web Tokens (JWTs) issued by Dex do not provide the scope parameter for Functions. This means that if you expose your Function and secure it with a JWT, you can use the token to validate access to all Functions within the cluster.

  • Kyma does not define any authorization policies that would restrict Functions' access to other resources within the Namespace. If you deploy a Function in a given Namespace, it can freely access all events and APIs of services within this Namespace.

  • All administrators and regular users who have access to a specific Namespace in a cluster can also access:

    • Source code of all Functions within this Namespace
    • Internal Docker registry that contains Function images

Configuration

Environment variables

To configure the Function with the Node.js runtime, override the default values of these environment variables:

Environment variableDescriptionTypeDefault value
FUNC_TIMEOUTSpecifies the number of seconds in which a runtime must execute the code.Number180
REQ_MB_LIMITSpecifies the payload body size limit in megabytes.Number1

See kubeless.js to get a deeper understanding of how the Express server, that acts as a runtime, uses these values internally to run Node.js Functions.

See the example of a Function with these environment variables set:

Click to copy
apiVersion: serverless.kyma-project.io/v1alpha1
kind: Function
metadata:
name: sample-fn-with-envs
namespace: default
spec:
env:
- name: FUNC_TIMEOUT
value: "2"
- name: REQ_MB_LIMIT
value: "10"
source: |
module.exports = {
main: function (event, context) {
return "Hello World!";
}
}

To configure a Function with the Python runtime, override the default values of these environment variables:

Environment variableDescriptionUnitDefault value
FUNC_MEMFILE_MAXMaximum size of memory buffer for the HTTP request body in bytes.Number100*1024*1024

See kubeless.py to get a deeper understanding of how the Bottle server, that acts as a runtime, uses these values internally to run Python Functions.

Click to copy
apiVersion: serverless.kyma-project.io/v1alpha1
kind: Function
metadata:
name: sample-fn-with-envs
namespace: default
spec:
env:
- name: FUNC_MEMFILE_MAX
value: "1048576" # 1MiB
source: |
def main(event. context):
return "Hello World!"

Serverless chart

To configure the Serverless chart, override the default values of its values.yaml file. This document describes parameters that you can configure.

TIP: To learn more about how to use overrides in Kyma, see the following documents:

Configurable parameters

This table lists the configurable parameters, their descriptions, and default values for both cluster and local installations.

NOTE: Limited memory and CPU resources on Minikube directly affect the Serverless functionality as you can process only a limited number of Functions at the same time. Also, their processing time is significantly longer. To process large workloads, we recommend using the cluster setup.

ParameterDescriptionDefault valueMinikube override
containers.manager.envs.buildRequestsCPUNumber of CPUs requested by the image-building Pod to operate.700m100m
containers.manager.envs.buildRequestsMemoryAmount of memory requested by the image-building Pod to operate.700Mi200Mi
containers.manager.envs.buildLimitsCPUMaximum number of CPUs available for the image-building Pod to use.1100m200m
containers.manager.envs.buildLimitsMemoryMaximum amount of memory available for the image-building Pod to use.1100Mi400Mi

TIP: To learn more, read the official documentation on resource units in Kubernetes.

Custom Resource

Function

The functions.serverless.kyma-project.io CustomResourceDefinition (CRD) is a detailed description of the kind of data and the format used to manage Functions within Kyma. To get the up-to-date CRD and show the output in the YAML format, run this command:

Click to copy
kubectl get crd functions.serverless.kyma-project.io -o yaml

Sample custom resource

The following Function object creates a Function which responds to HTTP requests with the "Hello John" message. The Function's code (source) and dependencies (deps) are specified in the Function CR.

Click to copy
apiVersion: serverless.kyma-project.io/v1alpha1
kind: Function
metadata:
name: my-test-function
spec:
env:
- name: PERSON_NAME
value: "John"
deps: |
{
"name": "hellowithdeps",
"version": "0.0.1",
"dependencies": {
"end-of-stream": "^1.4.1",
"from2": "^2.3.0",
"lodash": "^4.17.5"
}
}
labels:
app: my-test-function
minReplicas: 3
maxReplicas: 3
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 500m
memory: 500Mi
source: |
module.exports = {
main: function(event, context) {
const name = process.env.PERSON_NAME;
return 'Hello ' + name;
}
}
runtime: nodejs12
status:
conditions:
- lastTransitionTime: "2020-04-14T08:17:11Z"
message: "Deployment my-test-function-nxjdp is ready"
reason: DeploymentReady
status: "True"
type: Running
- lastTransitionTime: "2020-04-14T08:16:55Z"
message: "Job my-test-function-build-552ft finished"
reason: JobFinished
status: "True"
type: BuildReady
- lastTransitionTime: "2020-04-14T08:16:16Z"
message: "ConfigMap my-test-function-xv6pc created"
reason: ConfigMapCreated
status: "True"
type: ConfigurationReady

If you store the Function's source code and dependencies in a Git repository and want the Function Controller to fetch them from it, use these parameters in the Function CR:

Click to copy
apiVersion: serverless.kyma-project.io/v1alpha1
kind: Function
metadata:
name: my-test-function
spec:
type: git
source: auth-basic
baseDir: "/"
reference: "branchA"
runtime: "nodejs12"

Custom resource parameters

This table lists all the possible parameters of a given resource together with their descriptions:

ParameterRequiredDescription
metadata.nameYesSpecifies the name of the CR.
metadata.namespaceNoDefines the Namespace in which the CR is available. It is set to default unless you specify otherwise.
spec.envNoSpecifies environment variables you need to export for the Function.
spec.depsNoSpecifies the Function's dependencies.
spec.labelsNoSpecifies the Function's Pod labels.
spec.minReplicasNoDefines the minimum number of Function's Pods to run at a time.
spec.maxReplicasNoDefines the maximum number of Function's Pods to run at a time.
spec.resources.limits.cpuNoDefines the maximum number of CPUs available for the Function's Pod to use.
spec.resources.limits.memoryNoDefines the maximum amount of memory available for the Function's Pod to use.
spec.resources.requests.cpuNoSpecifies the number of CPUs requested by the Function's Pod to operate.
spec.resources.requests.memoryNoSpecifies the amount of memory requested by the Function's Pod to operate.
spec.runtimeNoSpecifies the runtime of the Function. The available values are nodejs12, nodejs10, and python38. It is set to nodejs12 unless specified otherwise.
spec.typeNoDefines that you use a Git repository as the source of Function's code and dependencies. It must be set to git.
spec.sourceYesProvides the Function's full source code or the name of the Git directory in which the code and dependencies are stored.
spec.baseDirNoSpecifies the relative path to the Git directory that contains the source code from which the Function will be built​.
spec.referenceNoSpecifies either the branch name or the commit revision from which the Function Controller automatically fetches the changes in Function's code and dependencies.
status.conditions.lastTransitionTimeNot applicableProvides a timestamp for the last time the Function's condition status changed from one to another.
status.conditions.messageNot applicableDescribes a human-readable message on the CR processing progress, success, or failure.
status.conditions.reasonNot applicableProvides information on the Function CR processing success or failure. See the Reasons section for the full list of possible status reasons and their descriptions. All status reasons are in camelCase.
status.conditions.statusNot applicableDescribes the status of processing the Function CR by the Function Controller. It can be True for success, False for failure, or Unknown if the CR processing is still in progress. If the status of all conditions is True, the overall status of the Function CR is ready.
status.conditions.typeNot applicableDescribes a substage of the Function CR processing. There are three condition types that a Function has to meet to be ready: ConfigurationReady, BuildReady, and Running. When displaying the Function status in the terminal, these types are shown under CONFIGURED, BUILT, and RUNNING columns respectively. All condition types can change asynchronously depending on the type of Function modification, but all three need to be in the True status for the Function to be considered successfully processed.

Status reasons

Processing of a Function CR can succeed, continue, or fail for one of these reasons:

ReasonTypeDescription
ConfigMapCreatedConfigurationReadyA new ConfigMap was created based on the Function CR definition.
ConfigMapUpdatedConfigurationReadyThe existing ConfigMap was updated after changes in the Function CR name, its source code or dependencies.
SourceUpdatedConfigurationReadyThe Function Controller managed to fetch changes in the Functions's source code and configuration from the Git repository (type: git).
SourceUpdateFailedConfigurationReadyThe Function Controller failed to fetch changes in the Functions's source code and configuration from the Git repository.
JobFailedBuildReadyThe image with the Function's configuration could not be created due to an error.
JobCreatedBuildReadyThe Kubernetes Job resource that builds the Function image was created.
JobUpdatedBuildReadyThe existing Job was updated after changing the Function's metadata or spec fields that do not affect the way of building the Function image, such as labels.
JobRunningBuildReadyThe Job is in progress.
JobsDeletedBuildReadyPrevious Jobs responsible for building Function images were deleted.
JobFinishedBuildReadyThe Job was finished and the Function's image was uploaded to the Docker Registry.
DeploymentCreatedRunningA new Deployment referencing the Function's image was created.
DeploymentUpdatedRunningThe existing Deployment was updated after changing the Function's image, scaling parameters, variables, or labels.
DeploymentFailedRunningThe Function's Pod crashed or could not start due to an error.
DeploymentWaitingRunningThe Function was deployed and is waiting for the Deployment to be ready.
DeploymentReadyRunningThe Function was deployed and is ready.
ServiceCreatedRunningA new Service referencing the Function's Deployment was created.
ServiceUpdatedRunningThe existing Service was updated after applying required changes.
HorizontalPodAutoscalerCreatedRunningA new HorizontalPodScaler referencing the Function's Deployment was created.
HorizontalPodAutoscalerUpdatedRunningThe existing HorizontalPodScaler was updated after applying required changes.

These are the resources related to this CR:

Custom resourceDescription
ConfigMapStores the Function's source code and dependencies.
JobBuilds an image with the Function's code in a runtime.
DeploymentServes the Function's image as a microservice.
ServiceExposes the Function's Deployment as a network service inside the Kubernetes cluster.
HorizontalPodAutoscalerAutomatically scales the number of Function's Pods.

These components use this CR:

ComponentDescription
Function ControllerUses the Function CR for the detailed Function definition, including the environment on which it should run.

GitRepository

The gitrepositories.serverless.kyma-project.io CustomResourceDefinition (CRD) is a detailed description of the kind of data and the format used to define and manage Git repositories that store the Function's source code and dependencies. To get the up-to-date CRD and show the output in the YAML format, run this command:

Click to copy
kubectl get crd gitrepositories.serverless.kyma-project.io -o yaml

Sample custom resource

This is a sample custom resource that creates a GitRepository object pointing to a Git repository with the Function's source code and dependencies. This resource specifies that the repository requires an SSH key to authenticate to it and points to the Secret that stores these credentials.

Click to copy
apiVersion: serverless.kyma-project.io/v1alpha1
kind: GitRepository
metadata:
name: sample-with-auth
spec:
url: "git@github.com:sample-organization/sample-repo.git"
auth:
type: key
secretName: kyma-git-creds

Custom resource parameters

This table lists all the possible parameters of a given resource together with their descriptions:

ParameterRequiredDescription
spec.urlYesProvides the address to the Git repository with the Function's code and dependencies. Depending on whether the repository is public or private and what authentication method is used to access it, the URL must start with the http(s), git, or ssh prefix, and end with the .git suffix.
spec.authNoSpecifies that you must authenticate to the Git repository.
spec.auth.typeNoDefines if you must authenticate to the repository with a password or token (basic), or an SSH key (key). This parameter is required if you provide spec.auth.
spec.auth.secretNameNoSpecifies the name of the Secret with credentials used by the Function Controller to authenticate to the Git repository in order to fetch the Function's source code and dependencies. This Secret must be stored in the same Namespace as the GitRepository CR. The spec.auth.secretName parameter is required if you provide spec.auth.

These are the resources related to this CR:

Custom resourceDescription
FunctionStores the Function's source code and dependencies on a cluster.

These components use this CR:

ComponentDescription
Function ControllerUses the GitRepository CR to locate the Function's source code and dependencies in a Git repository.

Tutorials

Create an inline Function

This tutorial shows how you can create a simple "Hello World!" Function in Node.js 12.

Steps

Follows these steps:

  • kubectl
  • Console UI

Create a Function from Git repository sources

Create a sample Function from code and dependencies stored in a Git repository. The tutorial is based on the Function from the orders service example. It shows how you can fetch Function's source code and dependencies from a public Git repository that does not require any authentication method.

NOTE: Read more about Git source type and different ways of securing your repository.

Steps

Follows these steps:

  • kubectl
  • Console UI

Expose a Function with an API Rule

This tutorial shows how you can expose your Function to access it outside the cluster, through an HTTP proxy. To expose it, use an APIRule custom resource (CR) managed by the in-house API Gateway Controller. This controller reacts to an instance of the APIRule CR and, based on its details, it creates an Istio Virtual Service and Oathkeeper Access Rules that specify your permissions for the exposed Function.

When you complete this tutorial, you get a Function that:

  • Is available on an unsecured endpoint (handler set to noop in the APIRule CR).
  • Accepts the GET, POST, PUT, and DELETE methods.

NOTE: To learn more about securing your Function, see the tutorial.

Prerequisites

This tutorial is based on an existing Function. To create one, follow the Create a Function tutorial.

Steps

Follows these steps:

  • kubectl
  • Console UI

Bind a ServiceInstance to a Function

This tutorial shows how you can bind a sample instance of the Redis service to a Function. After completing all steps, you will get the Function with encoded Secrets to the service. You can use them for authentication when you connect to the service to implement custom business logic of your Function.

To create the binding, you will use ServiceBinding and ServiceBindingUsage custom resources (CRs) managed by the Service Catalog.

NOTE: See the document on provisioning and binding to learn more about binding ServiceInstances to applications in Kyma.

Prerequisites

This tutorial is based on an existing Function. To create one, follow the Create a Function tutorial.

Steps

Follows these steps:

  • kubectl
  • Console UI

Test the Function

To test if the Secret has been properly connected to the Function:

  1. Change the Function's code to:​

    Click to copy
    module.exports = {
    main: function (event, context) {
    return "Redis port: " + process.env.REDIS_PORT;
    },
    };
  2. Expose the Function through an API Rule, and access the Function's external address. You should get this result:

    Click to copy
    Redis port: 6379

Trigger a Function with an event

This tutorial shows how to trigger a Function with an event from an Application connected to Kyma.

NOTE: To learn more about events flow in Kyma, read the eventing documentation.

Prerequisites

This tutorial is based on an existing Function. To create one, follow the Create a Function tutorial.

You must also have:

  • An Application bound to a specific Namespace. Read the tutorials to learn how to create an Application and bind it to a Namespace.
  • An event service (an API of AsyncAPI type) registered in the desired Application. Read the tutorial to learn how to do it.
  • A Service Instance created for the registered service to expose events in a specific Namespace. Read the tutorial for details.

Steps

Follows these steps:

  • kubectl
  • Console UI

Test the trigger

CAUTION: Before you follow steps in this section and send a sample event, bear in mind that it will be propagated to all services subscribed to this event type.

To test if the Trigger CR is properly connected to the Function:

  1. Change the Function's code to:​

    Click to copy
    module.exports = {
    main: function (event, context) {
    console.log("User created: ", event.data);
    }
    }
  2. Send an event manually to trigger the function. The first example shows the implementation introduced with the Kyma 1.11 release where a CloudEvent is sent directly to the Event Mesh. In the second example, an event also reaches the Event Mesh, but it is first modified by the compatibility layer to the format compliant with the CloudEvents specification. This solution ensures compatibility if your events follow a format other than CloudEvents, or you use the Event Bus available before 1.11.

    TIP: For details on CloudEvents, exposed endpoints, and the compatibility layer, read about event processing and delivery.

    • Send CloudEvents directly to Event Mesh
    • Send events to Event Mesh through compatibility layer
    • CLUSTER_DOMAIN is the domain of your cluster, such as kyma.local.

    • CERT_FILE_NAME and KEY_FILE_NAME are client certificates for a given Application. You can get them by completing steps in the tutorial.

  3. After sending an event, you should get this result from logs of your Function's latest Pod:

    Click to copy
    User created: 123456789

Set an external Docker registry

By default, you install Kyma with Serverless that uses the internal Docker registry running on a cluster. This tutorial shows how to switch to an external Docker registry from one of these cloud providers using an override:

CAUTION: Function images are not cached in the Docker Hub. The reason is that this registry is not compatible with the caching logic defined in Kaniko that Serverless uses for building images.

Prerequisites

  • Docker Hub
  • GCR
  • ACR

Steps

Create required cloud resources

  • Docker Hub
  • GCR
  • ACR

Override Serverless configuration

Apply the following Secret with an override to a cluster or Minikube. Run:

  • Docker Hub
  • GCR
  • ACR

CAUTION: If you want to set an external Docker registry before you install Kyma, manually apply the Secret to the cluster before you run the installation script.

Trigger installation

Trigger Kyma installation or update it by labeling the Installation custom resource. Run:

Click to copy
kubectl -n default label installation/kyma-installation action=install