Provide action limit configuration for each namespace

[upgle]

Description

Currently, openwhisk has only the system limit shared by all namespaces. I have received requirements to set different limits for each namespace/user. So I propose a new feature for namespace limit.

3 types of limits

• There are (1) system limits, (2) namespace default limits, (3) namespace limits.
  • (1) system limits: under no circumstances may this limit be exceeded.
  • (2) namespace default limits: use this limit value unless a limit has been set in the namespace.
  • (3) namespace limit: It can be set by the system administrator. This value cannot exceed the range of the system limit.

case1) Using default namespace limit

case1) Using namespace limit (for foo namespace)

Limit doc

You can set namespace limits with {namespace}/limits document just like any other existing setting.

{
  "concurrentInvocations": 100,
  "invocationsPerMinute": 100,
  "firesPerMinute": 100,
  "maxActionMemory": 128,
  "maxActionConcurrency": 400
  "maxActionLogs": 128,
  "maxParameterSize": "1 kb"
}

New namespace limit config

config key	description
minActionMemory	minimum action memory size for namespace
maxActionMemory	maximum action memory size for namespace
minActionLogs	minimum activation log size for namespace
maxActionLogs	maximum activation log size for namespace
minActionTimeout	minimum action time limit for namespace
maxActionTimeout	maximum action time limit for namespace
minActionConcurrency	minimum action concurrency limit for namespace
maxActionConcurrency	maximum action concurrency limit for namespace
maxParameterSize	maximum parameter size for namespace
maxPayloadSize	maximum activation payload size for namespace
truncationSize	activation truncation size for namespace

Related issue and scope

I didn't open new issue, but described the changes here.

My changes affect the following components

• API
• Controller
• Tests
• Documentation

Types of changes

• Bug fix (generally a non-breaking change which closes an issue).
• Enhancement or new feature (adds new functionality).
• Breaking change (a bug fix or enhancement which changes existing behavior).

Checklist:

• I signed an Apache CLA.
• I reviewed the style guides and followed the recommendations (Travis CI will check :).
• I added tests to cover my changes.
• My changes require further changes to the documentation.
• I updated the documentation where necessary.

[style95]

Nice!
Could you open another PR to add a POEM for this feature as well?
https://github.com/apache/openwhisk/tree/master/proposals

[codecov-commenter]

Codecov Report

Merging #5229 (9005a08) into master (9005a08) will not change coverage.
The diff coverage is n/a.

❗ Current head 9005a08 differs from pull request most recent head 28ade66. Consider uploading reports for the commit 28ade66 to get more accurate results

@@           Coverage Diff           @@
##           master    #5229   +/-   ##
=======================================
  Coverage   81.12%   81.12%           
=======================================
  Files         239      239           
  Lines       14192    14192           
  Branches      580      580           
=======================================
  Hits        11513    11513           
  Misses       2679     2679           

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[jiangpengcheng]

I think it already check the limit here? https://github.com/apache/openwhisk/pull/5229/files#diff-618ee3b5632d322d90e279346bd69b1d30f39f22b237e557f1a4f507414b61fdR216

[upgle]

@jiangpengcheng The code you shared is for checking the limit when creating an action.
In order to prevent execution by malicious modifications such as DB alteration, the invoker side verifies once more before invoking an action.

[ningyougang]

Does it apply the new scheduler? e.g. when FunctionPoolConatinerProxy fetches the activation from memoryQueue's activation

[upgle]

Yes, It supports new scheduler.

[ningyougang]

I am ok with test case, can provide the opposite test case? e.g. allow create when memory is greater than maximum allowed namespace limit?

[bdoyle0182]

Should this be two separate functions? The context in which you check the set limits for a namespace are different from the context you check the system limits. You check against the system limits when creating the action or updating your namespace's configuration. When you check against the namespace's limit it would be on the execution path when an activation is occurring.

[upgle]

Because updating the namespace limit configuration directly inserts/updates into the Couch DB, I've updated the code to fallback to the system limit if the namespace limit that exceeds the system limit.

So, namespace limits that can not exceed the system limit are checked when an action is created/invoked.

[upgle]

@style95 As the implementation continues to change, POEM has been added to this PR for consistency.
I will continue to update the PR content as well.

Nice!
Could you open another PR to add a POEM for this feature as well?
https://github.com/apache/openwhisk/tree/master/proposals

[style95]

According to this process, we need a separate PR to add a POEM along with this PR.
https://github.com/apache/openwhisk/blob/master/proposals/POEM-1-proposal-for-openwhisk-enhancements.md#procedures

[ningyougang]

If this pr: /pull/5229 merged.

Let's assume, user may want to use 3GB of memory for her action, but the system limit maybe 2GB currently.

• Does openwhisk admin need to reconfigure his system limit (e.g. make system limit to a high value)?

  So openwhisk admin needs to adjust the system limit value to >=3GB?

• As common user, he just changes the $namespace/limit document is enough?

  Has any check mechanism that when user changes the $namespace/limit document, namespace limit value can't be greater than system limit?

• Has any extra work on wskadmin? e.g. Admin can use wskadmin can change the $namespace/limit document as well.

Have any influence for old action? e.g. user or admin may need some migration works.

[upgle]

@ningyougang

• Does openwhisk admin need to reconfigure his system limit (e.g. make system limit to a high value)?
  So openwhisk admin needs to adjust the system limit value to >=3GB?

  • If the existing system limit was 2GB and you want to allocate up to 3GB, you need to raise the system limit and redeploy it. And because the namespace default limit is 2GB, existing users without a limit setting will use this limit.

• Has any check mechanism that when user changes the $namespace/limit document, namespace limit value can't be greater than system limit?

  • If the namespace limit is greater than the system limit, it is lowered to the system limit.

• Has any extra work on wskadmin? e.g. Admin can use wskadmin can change the $namespace/limit document as well.

  • Not yet. There is a plan to add it, but it seems to have to be created as a separate PR because there are a lot of changes in the PR.

@style95

According to this process, we need a separate PR to add a POEM along with this PR.
https://github.com/apache/openwhisk/blob/master/proposals/POEM-1-proposal-for-openwhisk-enhancements.md#procedures

I'm working on integrating with the new scheduler and improving backward compatibility. I'ill create a separate POEM PR as soon as it is completed.

[upgle]

Removed the POEM document file from this PR as it created a separate PR for POEM #5236.

[style95]

It generally looks good to me.

[style95]

Do we need toBytes here?

[upgle]

Yes. Since maxResponse is a ByteSize type, it needs a cast.

    maxResponse: ByteSize,

[style95]

👍

[style95]

Don't we need this negative test case?

[upgle]

The scheme test based on the hardcoded limit value is no longer used and validation checks are performed based on user input at runtime.

[style95]

@upgle It seems it does not pass the unit test.
I kept rerunning the test but could not make it work.

[style95]

LGTM!

[ningyougang]

Need rebase

[style95]

merged as it's been so long.