Skip to content

Overview

OpenFaaS Pro

OpenFaaS Pro is a commercially licensed distribution of OpenFaaS with additional features, configurations and commercial support from the founders.

There are two editions of OpenFaaS Pro - Standard and for Enterprises.

Standard is meant for any team making use of OpenFaaS at work, whether external, or internal-facing. OpenFaaS for Enterprises is meant for multi-tenancy, and regulated companies who have additional requirements around security, compliance and support.

Do we need the Community Edition or Pro?

OpenFaaS Community Edition (CE) is meant for open-source developers and basic exploration, OpenFaaS Pro is meant for production.

Core platform

Efficiency and redundancy:

  • New auto-scaling engine to get the scaling just right either on Requests Per Second (RPS), Inflight requests or CPU.
  • Scale idle functions to zero to save on compute costs, increase efficiency and lower your threat profile
  • Retry failed invocations for functions to handle issues with downstream APIs and back-pressure on concurrency-limited functions
  • CPU and RAM usage metrics for every function to measure usage and fine-tune limits
  • GitOps compatibility with the Function CustomResource, with Helm, ArgoCD and FluxCD.

Scaling that works for various types of functions

Scaling that works for various types of functions

The OpenFaaS Pro autoscaler emits detailed usage information, meaning functions can scale not just on requests per second, but inflight requests and CPU utilisation.

Usability and operations:

The OpenFaaS dashboard

The OpenFaaS dashboard integrates with CPU & RAM usage metrics, and container logs to give you insights on your functions in one place. You can also add metadata from your source control management tool like a SHA, owner, project or URL to the source code.

Events and triggers

Event-driven programming and triggers:

Workload tuning

To avoid errors when scaling up or down, you may need to tune your function's configuration to suit how it works. Pro users get access to fine-tune health checks, set custom Kubernetes service accounts and termination grace periods for shutting down functions.

  • Custom HTTP health checks for functions - including path, period seconds and initial delay
  • Custom Kubernetes service accounts for functions to access the Kubernetes API
  • Custom runtime profiles for security & isolation using gVisor, kata containers etc.
  • Custom TerminationGracePeriod for draining work for long running functions
  • Custom support for probing Istio endpoints during scale from zero

Read more: OpenFaaS workloads and Custom Profiles

Enterprise security

  • Identity and Access Management (IAM)
  • Single Sign On with OpenID Connect (OIDC)

Learn more about IAM for OpenFaaS

Platform building features

Run a secure, multi-tenant functions platform - for internal or external users:

Build functions at scale - for services providers and large teams:

Integrate securely using short-lived tokens from your Identity Provider (IdP) or from Kubernetes:

Grafana dashboards

OpenFaaS comes with built-in Prometheus metrics. We provide a collection of Grafana dashboards to customers to help with monitoring OpenFaaS and individual functions.

Private code from functions

Get access to Pro plugins for the faas-cli and additional function templates to build functions that require code from private Git, PyPy or NPM.

On our roadmap

Recently released:

  • Scaling upon inflight requests for long running & memory/CPU bound functions (released Jan 2022)
  • A new Pro UI dashboard for managing and monitoring OpenFaaS functions across namespaces (released March 2022)
  • CPU and RAM usage metrics within the OpenFaaS API, CLI and Pro UI dashboard (released Feb 2022)
  • AWS SQS event-connector (released January 2022)
  • Concurrency limiting for functions - i.e. one request per container
  • Redesigned async system with NATS JetStream which replaces NATS Streaming (released)
    • NATS Streaming is available for CE and will be deprecated in June 2023.
    • Dedicated Helm chart for installing additional queue-workers with JetStream
    • Structured logging / JSON for OpenFaaS Pro customers in the queue-worker
  • Custom readiness per function for enhanced concurrency limiting (released Oct 2022)
  • Postgres event connector using either WAL or LISTEN/NOTIFY (released Dec 2022)
  • Access to private artifact registries from faas-cli build for npm, Pip, Go modules, etc (released Dec 2022)
  • AWS SNS event-connector (released Jan 2023)
  • IAM & RBAC for the OpenFaaS REST API (Released June 2023)
  • Enhanced multi-tenant isolation for large organisations and service providers (Released June 2023)

Upcoming:

  • Invocation via the OpenFaaS Pro Dashboard (in progress)
  • Webhook-based auditing of the OpenFaaS REST API (arriving shortly)
  • Conversion to structured/JSON logging of OpenFaaS Pro components (ongoing)
  • Additional event triggers i.e. AMQP event trigger for RabbitMQ and Azure Service Bus and Google PubSub
  • Proactive remote monitoring for support customers

Is there something else you need for your team or organisation? Get in touch with us here.

If you're already a customer, we welcome suggestions for the roadmap in the Customer Community.

Comparison

Do we need the Community Edition or Pro?

OpenFaaS Community Edition (CE) is meant for open-source developers and initial exploration of functions, OpenFaaS Pro is meant for production.

OpenFaaS Pro is a distribution of OpenFaaS with additional features and configurations that we believe customers need to operate a product or service in production.

As we tune OpenFaaS Pro for our existing customers, we improve it for everyone else at the same time - writing articles, tuning configuration and adding key features.

We see it as the start of a two-way relationship and an opportunity to collaborate directly with our team.

Support

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Suitability Open Source developers and initial exploration Production, business critical, or PoC Regulated companies which may have additional legal and compliance requirements
SLA N/a N/a Response within 1 business day for P1
Buying process N/a Invoice paid by bank transfer Supplier portals, custom paperwork, negotiation with procurement.
Legal review of contract N/a N/a Yes
Signing of Mutual NDA N/a N/a Subject to agreement
Additional compliance needs N/a N/a Subject to agreement
Support via email N/a Pro features only All certified Open Source and commercial components
Support via GitHub N/a Pro features only using the Customer Community N/a
Support via Slack N/a N/a Up to 5 developers
License MIT Commercial license EULA As per Pro
Architecture review N/a N/a With our team via Zoom
Onboarding call N/a N/a With our team via Zoom
Customer Community N/a Private access to Customer Community - one user per licensed cluster Custom amount of users

OpenFaaS For Enterprise comes with an SLA, defined separately. It is suitable for companies which have a separate legal and procurement department, who are regulated and have additional legal or compliance requirements. The annual architecture review is to reduce risk by reviewing the configuration and informing the team of any recommended changes to the installation and configuration of OpenFaaS.

Support for OpenFaaS Pro is on a self-service basis, with no formal SLA offered. That said, our our customers say good things about the help and insights we've given them.

The Customer Community is a private GitHub repository for giving feedback to the OpenFaaS team, for early access to new features and collaboration with other customers.

Did you know?

The OpenFaaS community holds a weekly Office Hours call on Zoom where you can start contributing to the project and ask any additional questions you may have.

Autoscaling

Did you know? OpenFaaS Pro's autoscaling engine can scale many different types of functions and closely match the load with the right amount of replicas.

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Scale to Zero Not supported Global default, or custom time per function As per Pro
Maximum replicas per function 5 Pods No limit applied As per Pro
Scale to From Not supported Supported, with additional checks for Istio As per Pro
Autoscaling strategy RPS-only CPU utilization, Capacity (inflight requests) or RPS As per Pro
Autoscaling granularity Single rule for all functions Configurable per function As per Pro

Data-driven, intensive, or long running functions are best suited to capacity-based autoscaling, which is only available in OpenFaaS Pro.

Scaling to zero is also a Pro feature, which can be opted into on a per function basis, with a custom idle threshold.

Core features

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
UI Dashboard Legacy UI (in code-freeze) New UI dashboard with metrics, logs & CI integration As per Pro, but with support for multiple namespaces
Consume secrets in faas-cli build for npm, Go and Pypy Not available Via build-time secrets As Per Pro
Kubernetes service accounts for functions N/a Supported per function As per Pro
Async / queueing In-memory only, max 10 items in queue, 256KB message size JetStream with shared queue JetStream with dedicated queues
Metrics Basic function metrics Function, HTTP, CPU/RAM usage, and async/queue metrics As per Pro
CPU & RAM utilization Not available Integrated with Prometheus metrics, OpenFaaS REST API & CLI As per Pro
Grafana Dashboards N/a 4x dashboards supplied in Customer Community - overview, spotlight for debugging a function, queue-worker and Function Builder API As per Pro
GitOps & CRD support Not available ArgoCD, FluxCD and Helm compatibility using the Function CRD As per Pro
Deployment options faas-cli or REST API As per CE, plus: Function CRD with kubectl, Helm or GitOps As per Pro
Custom Resource Definition Not available Function and Profile CRDs As per Pro
Image Pull Policy (for air-gap) Always Always, IfNotPresent or Never As per Pro

Did you know? Synadia, the vendor of NATS Streaming announced the product is now deprecated, and it will receive no updates from June 2023 onwards. OpenFaaS Ltd developed an alternative based upon their newest product JetStream. Learn more about JetStream for OpenFaaS

Event-connectors

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Number of topics per function One topic per function Multiple topics per function As per Pro
Kafka event trigger Not supported Supports SASL or TLS auth, Aiven, Confluent and self-hosted Support with SLA
Postgres trigger Not supported Supports insert, update and delete, with table-level filters using WAL or LISTEN/NOTIFY. Support with SLA
AWS SQS trigger Not supported Standard support Support with SLA
Cron and scheduled invocations Community support Standard support Support with SLA

Durability and reliability

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Readiness probes Not supported Readiness probes supported with custom HTTP path and intervals per function As per Pro
Retries for failed function invocations Not supported Retry invocations for configured HTTP codes with an exponential back-off As per Pro
Highly Available messaging Not available, in-memory only Available for NATS JetStream, with 3x servers. As per Pro
Long executions of async functions Limited to 5 minutes Configurable duration As per Pro
Callback to custom URL for async functions Supported As per CE As per CE

Security

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Authentication for OpenFaaS API, CLI and UI Shared admin password between everyone who uses OpenFaaS as per CE Single Sign-On with OIDC
Identity and Policy N/a N/a Least Privilege with Identity and Access Management
Compatibility with Istio for mTLS N/a Supported As per Pro
PCI/GDPR compliance Sensitive information such as the request body/response body, headers may be printed into the logs for each asynchronous invocation Sensitive information is not printed to the logs for asynchronous requests As per Pro
Secure isolation with Kata containers or gVisor N/a N/a Supported using an OpenFaaS Pro Profile and runtimeClass
Service links injected as environment variables Yes, cannot be disabled Disabled as a default As per Pro
Pod privilege escalation Default for Kubernetes Explicitly disabled As per Pro
Split installation without ClusterAdmin role N/a Provided in Customer Community As per Pro

Isolation using Kata containers or gVisor is advisable when running untrusted code, or when you want to ensure that your functions are not vulnerable to container escape attacks.

Platform features

We have several customers of varying size who host code on behalf of their customers. OpenFaaS can provide a complete workflow from building the code securely, to deploying it within an isolated namespace. It's easy to integrate with existing systems using the REST APIs we make available.

Description OpenFaaS CE OpenFaaS Standard OpenFaaS for Enterprise
Deploy functions via REST API Yes As per CE As per CE
Manage namespaces via REST API N/a N/a Full CRUD API available
Build containers and functions via REST API N/a N/a Yes via Function Builder API
Multiple namespace support No support N/a Supported with Kubernetes namespaces
Multi-tenancy Not supported N/a Supported

Some customers extend their own platform using OpenFaaS functions, because it's quicker and easier to deploy a function than change the core platform.

Trusted by

OpenFaaS Pro is trusted by:

  • Fortune 500 company (semiconductor / global technology)
  • Fortune 500 company (financial services)
  • Cyber Security Solutions company (North America)
  • Check Point Software Technologies Ltd (Global 2000 company)
  • Yokogawa Electric Corporation (Global 2000 company)
  • Waylay.io
  • RateHub.ca
  • Surge "workwithsurge"
  • Edge Delta
  • Patchworks Integration Limited
  • Klar MX
  • Black.ai
  • Live Time Value (LTV) Co.
  • BCubed Engineering
  • Kubiya
  • Corva
  • Mnemonic
  • E2E Networks Ltd

Tell us about your use-case for OpenFaaS Pro, OpenFaaS Community Edition (CE) or faasd and see what other companies are doing in the: ADOPTERS file

Support

OpenFaaS for Enterprise comes with support for the Certified Open Source Components and OpenFaaS Pro, with support via email within a Service Level Agreement (SLA). Along with email support, each team gets their own dedicated Slack channel for questions, collaboration and assistance.

OpenFaaS Pro operates on a self-service model with support for OpenFaaS Pro features only via email.

Both tiers come with access to the Customer Community, for feedback & collaboration with the OpenFaaS developers and other customers.

No support is offered to commercial users of OpenFaaS CE, which is primarily meant for exploration and open source developers.

Getting started

OpenFaaS Pro is developed primarily for team deploying to Kubernetes, however most of the features are also compatible with faasd. Learn about faasd and OpenFaaS Pro here: The Event-Driven Edge with OpenFaaS

Are you interested in OpenFaaS for your organisation? Contact us to find out more.