Deploying Functions

On This Page

This tutorial guides you through the process of deploying functions and specifying the function configuration.

Writing a simple function

After successfully installing Nuclio, you can start writing functions and deploying them to your cluster. All supported runtimes (such as Go, Python, or NodeJS) have an entry point that receives two arguments:

  • Context: An object that maintains state across function invocations. Includes objects like the logger, data bindings, worker information and user specified data. See the appropriate context reference for your specific runtime for more
  • Event: An object containing information about the event that triggered the function including body, headers, trigger information and so forth

The entry point, essentially a function native to the runtime, is called whenever one of the configured triggers receives an event (more on configuring triggers later).

Note
Nuclio supports configuring multiple triggers for a single function. For example, the same function can be called either by calling an HTTP endpoint and by posting to a Kafka stream. Some functions can behave uniformly, as accessing many properties of the event is identical regardless of triggers (for example, event.GetBody). Other functions might want to behave differently, using the event's trigger information to determine through which trigger it arrived.

The entry point may return a response which is handled differently based on which trigger configured the function. Some synchronous triggers (like HTTP) expect a response, some (like RabbitMQ) expect an ack or nack and others (like cron) ignore the response altogether.

To put this in Python code, an entry point is a simple function with two arguments and a return value:

import os


def my_entry_point(context, event):

	# use the logger, outputting the event body
	context.logger.info_with('Got invoked',
		trigger_kind=event.trigger.kind,
		event_body=event.body,
		some_env=os.environ.get('MY_ENV_VALUE'))

	# check if the event came from cron
	if event.trigger.kind == 'cron':

		# log something
		context.logger.info('Invoked from cron')

	else:

		# return a response
		return 'A string response'

Deploying a simple function

To convert source code to a running function, you must first deploy the function. A deployment process has three stages:

  1. The source code is built to a container image and pushed to a Docker Registry.
  2. A function object is created in Nuclio; (in Kubernetes, this is a function CRD).
  3. A controller creates the appropriate function resources on the cluster; (in Kubernetes, this is the deployment, service, ingress, etc.).

This process can be triggered through nuctl deploy, which you'll use throughout this tutorial. You'll now write the function that you wrote in the previous step to a /tmp/nuclio/my_function.py file. Before you do anything, use nuctl to verify that everything is configured properly by getting all functions deployed in the "nuclio" namespace:

nuctl get function --namespace nuclio

No functions found

Now, deploy your function. Specify the function's namespace ("nuclio" in all the setup tutorials), path, runtime, handler function, and applicable registry information, and optionally set additional flags:

nuctl deploy my-function \
	--namespace nuclio \
	--path /tmp/nuclio/my_function.py \
	--runtime python \
	--handler my_function:my_entry_point \
	--http-trigger-service-type nodePort \
	--registry $(minikube ip):5000 --run-registry localhost:5000
Note
  1. --path can also be set to a URL.
  2. See the applicable setup tutorial for registry information.
  3. Note the use of the nodePort HTTP-trigger service type, which exposes the function and makes it reachable externally. This is done for demonstration purposes only. For more information, see the Exposing a function section in this tutorial.

Once the function deploys, you should see Function deploy complete and an HTTP port through which you can invoke it. If there's a problem, invoke the above with --verbose and try to understand what went wrong. You can see your function through nuctl get:

nuctl get function --namespace nuclio

  NAMESPACE |    NAME     | VERSION | STATE | NODE PORT | REPLICAS
  nuclio    | my-function | latest  | ready |     ?     | 1/1

To illustrate that the function is indeed accessible via HTTP, you'll use httpie to invoke the function at the port specified by the deployment log:

http $(minikube ip):<port from log>

HTTP/1.1 200 OK
Content-Length: 17
Content-Type: text/plain
Date: Mon, 05 Mar 2018 09:36:05 GMT
Server: nuclio

A string response

You can use nuctl invoke to invoke the function by name, and even get function logs in the process:

nuctl invoke my-function --namespace nuclio --via external-ip

    nuctl.platform.invoker (I) Executing function {"method": "GET", "url": "http://192.168.64.8:30521", "body": {}}
    nuctl.platform.invoker (I) Got response {"status": "200 OK"}
                     nuctl (I) >>> Start of function logs
                     nuctl (I) Got invoked {"trigger_kind": "http", "some_env": null, "event_body": "", "time": 1520245355728.884}
                     nuctl (I) <<< End of function logs

> Response headers:
Server = nuclio
Date = Mon, 05 Mar 2018 10:22:35 GMT
Content-Type = text/plain
Content-Length = 17

> Response body:
A string response

Providing function configuration

There are often cases in which providing code is not enough to deploy a function. For example, if

  • The function expects environment variables or secrets
  • You would like to trigger the function through Kafka, Kinesis, etc. These require configuration to connect to the data source
  • There are third-party dependencies or additional files (both language packages and OS) that need to reside alongside the function

For such cases and many others you need to provide a function configuration alongside your function code. Nuclio provides you with several mechanisms for providing the function configuration:

  • A function.yaml file
  • Inline configuration by means of crafting a comment in your code that contains the function.yaml contents
  • Command-line arguments for the Nuclio CLI (nuctl). This argument will override the function.yaml configuration, if present
  • The UI, through the Configuration tab

While there are several mechanisms to provide the configuration, there is only one configuration schema. In the following examples, you'll set an environment variable (MY_ENV_VALUE) and add a cron trigger through nuctl, a function.yaml file and inline configuration.

After you provide this configuration, you can invoke the function and notes that MY_ENV_VALUE is now set to my value:

nuctl invoke my-function --namespace nuclio --via external-ip

    nuctl.platform.invoker (I) Executing function {"method": "GET", "url": "http://192.168.64.8:30521", "body": {}}
    nuctl.platform.invoker (I) Got response {"status": "200 OK"}
                     nuctl (I) >>> Start of function logs
                     nuctl (I) Got invoked {"some_env": "my value", "event_body": "", "time": 1520246616537.9287, "trigger_kind": "http"}
                     nuctl (I) <<< End of function logs

> Response headers:
Server = nuclio
Date = Mon, 05 Mar 2018 10:43:35 GMT
Content-Type = text/plain
Content-Length = 17

> Response body:
A string response

If you were to look at the function logs through kubectl (assuming you're deploying to Kubernetes), you'd see the function being invoked periodically, where Invoked from cron is logged as well:

...
    processor.cron (I) Got invoked {"trigger_kind": "cron", "some_env": "my value", "event_body": ""}
    processor.cron (I) Invoked from cron
    processor.cron (I) Got invoked {"trigger_kind": "cron", "some_env": "my value", "event_body": ""}
    processor.cron (I) Invoked from cron
...

Providing configuration via nuctl

With nuctl, you simply pass --env and a JSON encoding of the trigger configuration:

nuctl deploy my-function \
    --namespace nuclio \
    --path /tmp/nuclio/my_function.py \
    --runtime python \
    --handler my_function:my_entry_point \
    --http-trigger-service-type nodePort \
    --registry $(minikube ip):5000 --run-registry localhost:5000 \
    --env MY_ENV_VALUE='my value' \
    --triggers '{"periodic": {"kind": "cron", "attributes": {"interval": "3s"}}}'

Providing configuration via function.yaml

For a more manageable approach, you can keep your configuration alongside your source in the same directory. Create a /tmp/nuclio/function.yaml file with the following contents:

apiVersion: "nuclio.io/v1"
kind: NuclioFunction
metadata:
  name: my-function
  namespace: nuclio
spec:
  env:
  - name: MY_ENV_VALUE
    value: my value
  handler: my_function:my_entry_point
  runtime: python
  triggers:
    http:
      kind: http
      attributes:
        serviceType: NodePort
    periodic:
      attributes:
        interval: 3s
      class: ""
      kind: cron

With all the information in the function.yaml, you can pass the directory of the source and configuration to nuctl. The name, namespace, trigger, env are all taken from the configuration file:

nuctl deploy \
    --path /tmp/nuclio \
    --registry $(minikube ip):5000 \
    --run-registry localhost:5000

Providing configuration via inline configuration

Sometimes it's convenient to have the source and configuration bundled together in a single, human readable file. While it's not recommended for production, it's great for trying things out. To do this, you craft a special comment somewhere in your function source and provide the containing file as path (this will not work if path is a directory).

Write the following to /tmp/nuclio/my_function_with_config.py:

import os

# @nuclio.configure
#
# function.yaml:
#   apiVersion: "nuclio.io/v1"
#   kind: NuclioFunction
#   metadata:
#     name: my-function
#     namespace: nuclio
#   spec:
#     env:
#     - name: MY_ENV_VALUE
#       value: my value
#     handler: my_function_with_config:my_entry_point
#     runtime: python
#     triggers:
#       http:
#         kind: http
#         attributes:
#           serviceType: NodePort
#       periodic:
#         attributes:
#           interval: 3s
#         class: ""
#         kind: cron

def my_entry_point(context, event):

	# use the logger, outputting the event body
	context.logger.info_with('Got invoked',
		trigger_kind=event.trigger.kind,
		event_body=event.body,
		some_env=os.environ.get('MY_ENV_VALUE'))

	# check if the event came from cron
	if event.trigger.kind == 'cron':

		# log something
		context.logger.info('Invoked from cron')

	else:

		# return a response
		return 'A string response'

Now deploy this function:

nuctl deploy \
    --path /tmp/nuclio/my_function_with_config.py \
    --registry $(minikube ip):5000 \
    --run-registry localhost:5000

Exposing a function

Security Note
Exposing your functions outside of your Kubernetes cluster network has significant security implications. Make sure that you understand the risks involved before deciding to expose any function externally. Always control on which networks your functions are exposed and use proper authentication to protect your functions and the rest of your pipeline and data.
By default, when deploying a function on a Kubernetes cluster the function is exposed only on the Kubernetes cluster network, using a ClusterIP Service Type, and isn't exposed for external communication. In most network topologies, this makes the function available only inside the cluster network, and Kubernetes network policies can be used to further limit and control communications. The function will be unavailable for invocations over HTTP from entities running outside of the cluster — such as curl, httpie, nuctl invoke, or any other HTTP client.

To understand whether a function can be reached by your HTTP client, consider the location from which the client is running and the network path to the function. An unexposed (default) function won't be reachable from your client unless you're running the client from inside a pod in your Kubernetes cluster.

If you wish to expose your function externally — for example, to enable running nuctl invoke from outside the Kubernetes network — you can do this during the function deployment in one of two ways, both controlled by the function's HTTP-trigger configuration:

  1. Configure the function with a reachable HTTP ingresses. For this to work you need to install an ingress controller on your cluster. For details, see the function-ingress documentation.
  2. Configure the function to use a serviceType attribute of type nodePort.

If you're deploying the function using the Nuclio CLI (nuctl), you can also easily configure a nodePort by using the --http-trigger-service-type=nodePort CLI option.

What's next?