Skip to content

Overview

OpenFaaS Pro

OpenFaaS Pro is a commercially licensed distribution of OpenFaaS with additional features, configurations and commercial support from the founders.

There are two editions of OpenFaaS Pro - Standard and for Enterprises.

Standard is meant for any team making use of OpenFaaS at work, whether external, or internal-facing. OpenFaaS for Enterprises is meant for multi-tenancy, and regulated companies who have additional requirements around security, compliance and support.

Do we need the Community Edition or Pro?

OpenFaaS Community Edition (CE) is meant for open-source developers and basic exploration, it is not licensed for commercial usage. OpenFaaS Pro is meant for production.

Core platform

Efficiency and redundancy:

  • New auto-scaling engine to get the scaling just right either on Requests Per Second (RPS), Inflight requests or CPU.
  • Scale idle functions to zero to save on compute costs, increase efficiency and lower your threat profile
  • Retry failed invocations for functions to handle issues with downstream APIs and back-pressure on concurrency-limited functions
  • CPU and RAM usage metrics for every function to measure usage and fine-tune limits
  • GitOps compatibility with the Function CustomResource, with Helm, ArgoCD and FluxCD.

Scaling that works for various types of functions

Scaling that works for various types of functions

The OpenFaaS Pro autoscaler emits detailed usage information, meaning functions can scale not just on requests per second, but inflight requests and CPU utilisation.

Usability and operations:

The OpenFaaS dashboard

The OpenFaaS dashboard integrates with CPU & RAM usage metrics, and container logs to give you insights on your functions in one place. You can also add metadata from your source control management tool like a SHA, owner, project or URL to the source code.

Events and triggers

Event-driven programming and triggers:

Workload tuning

To avoid errors when scaling up or down, you may need to tune your function's configuration to suit how it works. Pro users get access to fine-tune health checks, set custom Kubernetes service accounts and termination grace periods for shutting down functions.

  • Custom HTTP health checks for functions - including path, period seconds and initial delay
  • Custom Kubernetes service accounts for functions to access the Kubernetes API
  • Custom runtime profiles for security & isolation using gVisor, kata containers etc.
  • Custom TerminationGracePeriod for draining work for long running functions
  • Custom support for probing Istio endpoints during scale from zero

Read more: OpenFaaS workloads and Custom Profiles

Enterprise security

  • Identity and Access Management (IAM)
  • Single Sign On with OpenID Connect (OIDC)

Learn more about IAM for OpenFaaS

Platform building features

Run a secure, multi-tenant functions platform - for internal or external users:

Build functions at scale - for services providers and large teams:

Integrate securely using short-lived tokens from your Identity Provider (IdP) or from Kubernetes:

Grafana dashboards

OpenFaaS comes with built-in Prometheus metrics. We provide a collection of Grafana dashboards to customers to help with monitoring OpenFaaS and individual functions.

Private code from functions

Get access to Pro plugins for the faas-cli and additional function templates to build functions that require code from private Git, PyPy or NPM.

On our roadmap

Recently released:

  • Scaling upon inflight requests for long running & memory/CPU bound functions (released Jan 2022)
  • A new Pro UI dashboard for managing and monitoring OpenFaaS functions across namespaces (released March 2022)
  • CPU and RAM usage metrics within the OpenFaaS API, CLI and Pro UI dashboard (released Feb 2022)
  • AWS SQS event-connector (released January 2022)
  • Concurrency limiting for functions - i.e. one request per container
  • Redesigned async system with NATS JetStream which replaces NATS Streaming (released)
    • NATS Streaming is available for CE and will be deprecated in June 2023.
    • Dedicated Helm chart for installing additional queue-workers with JetStream
    • Structured logging / JSON for OpenFaaS Pro customers in the queue-worker
  • Custom readiness per function for enhanced concurrency limiting (released Oct 2022)
  • Postgres event connector using either WAL or LISTEN/NOTIFY (released Dec 2022)
  • Access to private artifact registries from faas-cli build for npm, Pip, Go modules, etc (released Dec 2022)
  • AWS SNS event-connector (released Jan 2023)
  • IAM & RBAC for the OpenFaaS REST API (Released June 2023)
  • Enhanced multi-tenant isolation for large organisations and service providers (Released June 2023)
  • Invocation via the OpenFaaS Pro Dashboard (Oct 2023)
  • Webhook-based auditing of the OpenFaaS REST API (Dec 2023)
  • Webhook-based billing metrics per invocation for billing your users (Dec 2023)

Upcoming:

  • Proactive remote monitoring for support customers (available via opt-in)
  • Conversion to structured/JSON logging of OpenFaaS Pro components (ongoing - 75% complete)
  • Additional event triggers i.e. AMQP event trigger for RabbitMQ and Azure Service Bus and Google PubSub

Is there something else you need for your team or organisation? Get in touch with us here.

If you're already a customer, we welcome suggestions for the roadmap in the Customer Community.

Comparison

Do we need the Community Edition or Pro?

OpenFaaS Community Edition (CE) is meant for open-source developers and initial exploration of functions, OpenFaaS Pro is meant for production.

OpenFaaS Pro is a distribution of OpenFaaS with additional features and configurations that we believe customers need to operate a product or service in production.

As we tune OpenFaaS Pro for our existing customers, we improve it for everyone else at the same time - writing articles, tuning configuration and adding key features.

We see it as the start of a two-way relationship and an opportunity to collaborate directly with our team.

Support

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Suitability PoCs, non-production, experimentation & non-commercial use only Production, business critical, or PoC Regulated companies which may have additional legal and compliance requirements
SLA n/a n/a Response within 1 business day for P1
Buying process n/a Monthly via credit card, or discounted via annual invoice (SWIFT/ACH) Supplier portals, custom paperwork, negotiation with procurement.
Legal review of contract n/a n/a Yes
Signing of Mutual NDA n/a n/a Subject to agreement
Additional compliance needs n/a n/a Subject to agreement
Support via email n/a Pro features only All certified Open Source and commercial components
Support via GitHub n/a Pro features only using the Customer Community n/a
Support via Slack n/a n/a Up to 5 developers
License Container images/binaries: 60 day limit for commercial use, source code: MIT Commercial license EULA as per Standard
Architecture review n/a n/a With our team via Zoom
Onboarding call n/a n/a With our team via Zoom
Customer Community n/a Private access to Customer Community - one user per licensed cluster Custom amount of users

OpenFaaS For Enterprise comes with an SLA, defined separately. It is suitable for companies which have a separate legal and procurement department, who are regulated and have additional legal or compliance requirements. The annual architecture review is to reduce risk by reviewing the configuration and informing the team of any recommended changes to the installation and configuration of OpenFaaS.

Support for OpenFaaS Pro is on a self-service basis, with no formal SLA offered. That said, our our customers say good things about the help and insights we've given them.

The Customer Community is a private GitHub repository for giving feedback to the OpenFaaS team, for early access to new features and collaboration with other customers.

Did you know?

The OpenFaaS community holds a weekly Office Hours call on Zoom where you can start contributing to the project and ask any additional questions you may have.

Autoscaling

Did you know? OpenFaaS Pro's autoscaling engine can scale many different types of functions and closely match the load with the right amount of replicas.

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Scale to Zero Not supported Global default, or custom time per function as per Standard
Maximum replicas per function 5 Pods No limit applied as per Standard
Scale from Zero Not supported Supported, with additional checks for Istio as per Standard
Autoscaling strategy RPS-only CPU utilization, Capacity (inflight requests) or RPS as per Standard
Autoscaling granularity Single rule for all functions Configurable per function as per Standard

Data-driven, intensive, or long running functions are best suited to capacity-based autoscaling, which is only available in OpenFaaS Pro.

Scaling to zero is also a commercial feature, which can be opted into on a per function basis, with a custom idle threshold.

Core features

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Maximum functions 15 500 5000 per namespace
Maximum namespaces 1 1 Unlimited
Public/private registries Public images only, without authentication. Public or private with authentication As per Standard
UI Dashboard Legacy UI (in code-freeze) New UI dashboard with metrics, logs & CI integration as per Standard, but with support for multiple namespaces
Consume secrets in faas-cli build for npm, Go and Pypy Not available Via build-time secrets as per Standard
Kubernetes service accounts for functions n/a Supported per function as per Standard
Async / queueing In-memory only, max 10 items in queue, 256KB message size JetStream with shared queue JetStream with dedicated queues
Metrics Basic function metrics Function, HTTP, CPU/RAM usage, and async/queue metrics as per Standard
CPU & RAM utilization Not available Integrated with Prometheus metrics, OpenFaaS REST API & CLI as per Standard
Grafana Dashboards n/a 4x dashboards supplied in Customer Community - overview, spotlight for debugging a function, queue-worker and Function Builder API as per Standard
GitOps & CRD support Not available ArgoCD, FluxCD, Helm and Kustomize compatibility using the Function CRD as per Standard
Deployment options faas-cli or REST API As per CE, plus: Function CRD with kubectl, Helm or GitOps as per Standard
Custom Resource Definition Not available Function and Profile CRDs as per Standard
Image Pull Policy (for air-gap) Always Always, IfNotPresent or Never as per Standard

Did you know? Synadia, the vendor of NATS Streaming announced the product is now deprecated, and it will receive no updates from June 2023 onwards. OpenFaaS Ltd developed an alternative based upon their newest product JetStream. Learn more about JetStream for OpenFaaS

Advanced scheduling

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Toleration support n/a Supported via Profiles As per Standard
Taints support n/a Supported via Profiles As per Standard
Custom podSecurityContext n/a Supported via Profiles As per Standard
Custom runtimeClassName n/a n/a As per Standard
Custom topologySpreadConstraints n/a Supported via Profiles As per Standard
Custom affinity/anti-affinity n/a Supported via Profiles As per Standard
nodeSelectors Available via constraints in Function spec As per CE As per CE

IAM and Policy

Identity Access Management (IAM) and Policy-based authorization is available for OpenFaaS for Enterprises customers. It enables fine-grained policy, along with federation to external identity providers and Single Sign-On (SSO) with OpenID Connect (OIDC).

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Authentication Basic auth. As per CE SSO with OIDC
Authorization n/a n/a Policy-based identity and access management
OIDC Federation n/a n/a Federate external OIDC providers for authorization
Authorization with Kubernetes Service Account n/a n/a Supported via projected JWT tokens
Keyless deployment from CI/CD n/a n/a GitLab CI, GitHub Actions, and any OIDC compatible source

Event-connectors

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Number of topics per function One topic per function Multiple topics per function as per Standard
Kafka event trigger Not supported Supports SASL or TLS auth, Aiven, Confluent and self-hosted Support with SLA
Postgres trigger Not supported Supports insert, update and delete, with table-level filters using WAL or LISTEN/NOTIFY. Support with SLA
AWS SQS trigger Not supported Standard support Support with SLA
Cron and scheduled invocations Community support Standard support Support with SLA

Durability and reliability

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Readiness probes Not supported Readiness probes supported with custom HTTP path and intervals per function as per Standard
Retries for failed function invocations Not supported Retry invocations for configured HTTP codes with an exponential back-off as per Standard
Highly Available messaging Not available, in-memory only Available for NATS JetStream, with 3x servers. as per Standard
Long executions of async functions Limited to 5 minutes Configurable duration as per Standard
Callback to custom URL for async functions Supported As per CE As per CE

Security

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Air-gap and offline support No, Internet connection required Supported As per Standard
Authentication for OpenFaaS API, CLI and UI Shared admin password between everyone who uses OpenFaaS as per CE Single Sign-On with OIDC
Identity and Policy n/a n/a Least Privilege with Identity and Access Management
Compatibility with Istio for mTLS n/a Supported as per Standard
PCI/GDPR compliance Sensitive information such as the request body/response body, headers may be printed into the logs for each asynchronous invocation Sensitive information is not printed to the logs for asynchronous requests as per Standard
Secure isolation with Kata containers or gVisor n/a n/a Supported using an OpenFaaS Pro Profile and runtimeClass
Service links injected as environment variables Yes, cannot be disabled Disabled as a default as per Standard
Pod privilege escalation Default for Kubernetes Explicitly disabled as per Standard
Split installation without ClusterAdmin role n/a Provided in Customer Community as per Standard

Isolation using Kata containers or gVisor is advisable when running untrusted code, or when you want to ensure that your functions are not vulnerable to container escape attacks.

Platform features

We have several customers of varying size who host code on behalf of their customers. OpenFaaS can provide a complete workflow from building the code securely, to deploying it within an isolated namespace. It's easy to integrate with existing systems using the REST APIs we make available.

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Deploy functions via REST API Yes As per CE As per CE
Manage namespaces via REST API n/a n/a Full CRUD API available
Build containers and functions via REST API n/a n/a Yes via Function Builder API
Multiple namespace support No support n/a Supported with Kubernetes namespaces
Multi-tenancy Not supported n/a Supported
Billing metrics/chargeback n/a n/a Via webhooks

Some customers extend their own platform using OpenFaaS functions, because it's quicker and easier to deploy a function than change the core platform.

Trusted by

OpenFaaS Pro is trusted by:

  • Fortune 500 company (semiconductor / global technology)
  • Fortune 500 company (financial services)
  • Cyber Security Solutions company (North America)
  • Check Point Software Technologies Ltd (Global 2000 company)
  • Yokogawa Electric Corporation (Global 2000 company)
  • Waylay.io
  • RateHub.ca
  • Surge "workwithsurge"
  • Edge Delta
  • Patchworks Integration Limited
  • Klar MX
  • Black.ai
  • Live Time Value (LTV) Co.
  • BCubed Engineering
  • Kubiya
  • Corva.ai
  • Mnemonic
  • E2E Networks Ltd

Tell us about your use-case for OpenFaaS Standard, OpenFaaS Community Edition (CE) or faasd and see what other companies are doing in the: ADOPTERS file

Support

OpenFaaS for Enterprises comes with support for the Certified Open Source Components and OpenFaaS Standard, with support via email within a Service Level Agreement (SLA). Along with email support, each team gets their own dedicated Slack channel for questions, collaboration and assistance.

OpenFaaS Standard operates on a self-service model with support for OpenFaaS Standard features only via email.

Both tiers come with access to the Customer Community, for feedback & collaboration with the OpenFaaS developers and other customers.

No support is offered to commercial users of OpenFaaS CE, which is primarily meant for exploration and open source developers.

Getting started

OpenFaaS Standard is developed primarily for teams deploying to Kubernetes, however most of the features are also compatible with faasd. Learn about faasd and OpenFaaS Standard here: The Event-Driven Edge with OpenFaaS

Are you interested in OpenFaaS for your organisation? Contact us to find out more.