The Function Runner provides three core functional areas that work together to execute KRM functions in isolated environments:
Functional Areas#
Function Evaluation#
Executes KRM functions through pluggable evaluator strategies:
- Evaluator Interface: Common contract for all function execution strategies
- Pod Evaluator: Executes functions in Kubernetes pods with wrapper server integration
- Executable Evaluator: Runs pre-cached function binaries locally for fast execution
- Multi-Evaluator: Chains evaluators with fallback logic (exec → pod)
- Request Channel Pattern: Channel-based communication for pod cache coordination
- Wrapper Server Integration: gRPC wrapper injected into function pods for structured execution
For detailed architecture and process flows, see [Function Evaluation]({{% relref "/docs/5_architecture_and_components/function-runner/functionality/function-evaluation.md" %}}).
Pod Lifecycle Management#
Manages function execution pods with caching and garbage collection:
- Pod Cache Manager: Orchestrates pod lifecycle via channel-based communication
- Pod Manager: Handles pod and service CRUD operations
- Pod Creation: Template-based pod creation with init container for wrapper server injection
- Service Management: ClusterIP service frontends for service mesh compatibility
- TTL-Based Caching: Reuses pods with configurable expiration and extension on use
- Garbage Collection: Periodic cleanup of expired pods and failed pod handling
- Pod Warming: Pre-creates pods for frequently-used functions
For detailed architecture and process flows, see [Pod Lifecycle Management]({{% relref "/docs/5_architecture_and_components/function-runner/functionality/pod-lifecycle-management.md" %}}).
Image and Registry Management#
Caches image metadata and handles private registry authentication:
- Metadata Caching: In-memory cache of image digests and entrypoints
- Image Inspection: Fetches manifests and configs from container registries
- Private Registry Support: Authentication using Docker config format
- TLS Configuration: Custom CA certificates for secure registry connections
- Secret Management: Creates and attaches image pull secrets to function pods
- Registry Operations: Handles manifest retrieval, authentication retry, and error handling
For detailed architecture and process flows, see [Image and Registry Management]({{% relref "/docs/5_architecture_and_components/function-runner/functionality/image-registry-management.md" %}}).
How They Work Together#
┌─────────────────────────────────────────────────────────┐
│ Function Runner Service │
│ │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ Function │ │ Pod │ │
│ │ Evaluation │ ───> │ Lifecycle │ │
│ │ │ │ Management │ │
│ │ • Evaluator │ │ │ │
│ │ Selection │ │ • Pod Cache │ │
│ │ • Exec/Pod │ │ • Pod Manager │ │
│ │ Fallback │ │ • GC/TTL │ │
│ │ • Wrapper │ │ • Service Mgmt │ │
│ │ Server │ │ │ │
│ └──────────────────┘ └──────────────────┘ │
│ │ │ │
│ └────────┬────────────────┘ │
│ ↓ │
│ ┌──────────────────┐ │
│ │ Image & │ │
│ │ Registry │ │
│ │ Management │ │
│ │ │ │
│ │ • Metadata │ │
│ │ Cache │ │
│ │ • Registry │ │
│ │ Auth │ │
│ │ • TLS Config │ │
│ │ • Pull Secrets │ │
│ └──────────────────┘ │
└─────────────────────────────────────────────────────────┘
Integration flow:
- Function Evaluation receives gRPC request from Task Handler
- Multi-Evaluator tries executable evaluator first (fast path)
- If NotFound, falls back to pod evaluator (container execution)
- Pod Lifecycle Management checks pod cache for existing pod
- If cache miss, creates new pod with wrapper server via Pod Manager
- Image & Registry Management resolves image metadata and authentication
- Pod Manager creates pod with image pull secrets and service frontend
- Pod Cache Manager stores pod with TTL for reuse
- Function Evaluation connects to pod via service and executes function
- Wrapper Server executes function binary and returns structured results
- Garbage Collection periodically removes expired pods from cache
Each functional area is documented in detail on its own page with architecture diagrams, process flows, and implementation specifics.