mlrun 1.7.0rc16__py3-none-any.whl → 1.7.0rc17__py3-none-any.whl

mlrun/runtimes/nuclio/api_gateway.py

@@ -18,33 +18,30 @@ from urllib.parse import urljoin
 
 import requests
 from nuclio.auth import AuthInfo as NuclioAuthInfo
-from requests.auth import HTTPBasicAuth
+from nuclio.auth import AuthKinds as NuclioAuthKinds
 
 import mlrun
-import mlrun.common.schemas
+import mlrun.common.schemas as schemas
+import mlrun.common.types
+from mlrun.model import ModelObj
 from mlrun.platforms.iguazio import min_iguazio_versions
+from mlrun.utils import logger
 
-from ...model import ModelObj
-from ..utils import logger
-from .function import RemoteRuntime, get_fullname, min_nuclio_versions
-from .serving import ServingRuntime
+from .function import get_fullname, min_nuclio_versions
 
-NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_BASIC_AUTH = "basicAuth"
-NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_NONE = "none"
-NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_ACCESS_KEY = "accessKey"
 PROJECT_NAME_LABEL = "nuclio.io/project-name"
 
 
 class APIGatewayAuthenticator(typing.Protocol):
     @property
     def authentication_mode(self) -> str:
-        return NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_NONE
+        return schemas.APIGatewayAuthenticationMode.none.value
 
     @classmethod
-    def from_scheme(cls, api_gateway_spec: mlrun.common.schemas.APIGatewaySpec):
+    def from_scheme(cls, api_gateway_spec: schemas.APIGatewaySpec):
         if (
             api_gateway_spec.authenticationMode
-            == NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_BASIC_AUTH
+            == schemas.APIGatewayAuthenticationMode.basic.value
         ):
             if api_gateway_spec.authentication:
                 return BasicAuth(
@@ -55,7 +52,7 @@ class APIGatewayAuthenticator(typing.Protocol):
                 return BasicAuth()
         elif (
             api_gateway_spec.authenticationMode
-            == NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_ACCESS_KEY
+            == schemas.APIGatewayAuthenticationMode.access_key.value
         ):
             return AccessKeyAuth()
         else:
@@ -63,7 +60,7 @@ class APIGatewayAuthenticator(typing.Protocol):
 
     def to_scheme(
         self,
-    ) -> Optional[dict[str, Optional[mlrun.common.schemas.APIGatewayBasicAuth]]]:
+    ) -> Optional[dict[str, Optional[schemas.APIGatewayBasicAuth]]]:
         return None
 
 
@@ -89,13 +86,13 @@ class BasicAuth(APIGatewayAuthenticator):
 
     @property
     def authentication_mode(self) -> str:
-        return NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_BASIC_AUTH
+        return schemas.APIGatewayAuthenticationMode.basic.value
 
     def to_scheme(
         self,
-    ) -> Optional[dict[str, Optional[mlrun.common.schemas.APIGatewayBasicAuth]]]:
+    ) -> Optional[dict[str, Optional[schemas.APIGatewayBasicAuth]]]:
         return {
-            "basicAuth": mlrun.common.schemas.APIGatewayBasicAuth(
+            "basicAuth": schemas.APIGatewayBasicAuth(
                 username=self._username, password=self._password
             )
         }
@@ -108,7 +105,7 @@ class AccessKeyAuth(APIGatewayAuthenticator):
 
     @property
     def authentication_mode(self) -> str:
-        return NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_ACCESS_KEY
+        return schemas.APIGatewayAuthenticationMode.access_key.value
 
 
 class APIGatewayMetadata(ModelObj):
@@ -156,17 +153,17 @@ class APIGatewaySpec(ModelObj):
     def __init__(
         self,
         functions: Union[
-            list[str],
-            Union[
-                list[
-                    Union[
-                        RemoteRuntime,
-                        ServingRuntime,
-                    ]
-                ],
-                RemoteRuntime,
-                ServingRuntime,
+            list[
+                Union[
+                    str,
+                    "mlrun.runtimes.nuclio.function.RemoteRuntime",
+                    "mlrun.runtimes.nuclio.serving.ServingRuntime",
+                    "mlrun.runtimes.nuclio.application.ApplicationRuntime",
+                ]
             ],
+            "mlrun.runtimes.nuclio.function.RemoteRuntime",
+            "mlrun.runtimes.nuclio.serving.ServingRuntime",
+            "mlrun.runtimes.nuclio.application.ApplicationRuntime",
         ],
         project: str = None,
         description: str = "",
@@ -181,7 +178,8 @@ class APIGatewaySpec(ModelObj):
             Can be a list of function names (["my-func1", "my-func2"])
             or a list or a single entity of
             :py:class:`~mlrun.runtimes.nuclio.function.RemoteRuntime` OR
-            :py:class:`~mlrun.runtimes.nuclio.serving.ServingRuntime`
+            :py:class:`~mlrun.runtimes.nuclio.serving.ServingRuntime` OR
+            :py:class:`~mlrun.runtimes.nuclio.application.ApplicationRuntime`
         :param project: The project name
         :param description: Optional description of the API gateway
         :param path: Optional path of the API gateway, default value is "/"
@@ -207,17 +205,17 @@ class APIGatewaySpec(ModelObj):
         self,
         project: str,
         functions: Union[
-            list[str],
-            Union[
-                list[
-                    Union[
-                        RemoteRuntime,
-                        ServingRuntime,
-                    ]
-                ],
-                RemoteRuntime,
-                ServingRuntime,
+            list[
+                Union[
+                    str,
+                    "mlrun.runtimes.nuclio.function.RemoteRuntime",
+                    "mlrun.runtimes.nuclio.serving.ServingRuntime",
+                    "mlrun.runtimes.nuclio.application.ApplicationRuntime",
+                ]
             ],
+            "mlrun.runtimes.nuclio.function.RemoteRuntime",
+            "mlrun.runtimes.nuclio.serving.ServingRuntime",
+            "mlrun.runtimes.nuclio.application.ApplicationRuntime",
         ],
         canary: Optional[list[int]] = None,
         ports: Optional[list[int]] = None,
@@ -260,16 +258,17 @@ class APIGatewaySpec(ModelObj):
     def _validate_functions(
         project: str,
         functions: Union[
-            list[str],
-            Union[
-                list[
-                    Union[
-                        RemoteRuntime,
-                        ServingRuntime,
-                    ]
-                ],
-                Union[RemoteRuntime, ServingRuntime],
+            list[
+                Union[
+                    str,
+                    "mlrun.runtimes.nuclio.function.RemoteRuntime",
+                    "mlrun.runtimes.nuclio.serving.ServingRuntime",
+                    "mlrun.runtimes.nuclio.application.ApplicationRuntime",
+                ]
             ],
+            "mlrun.runtimes.nuclio.function.RemoteRuntime",
+            "mlrun.runtimes.nuclio.serving.ServingRuntime",
+            "mlrun.runtimes.nuclio.application.ApplicationRuntime",
         ],
     ):
         if not isinstance(functions, list):
@@ -348,7 +347,8 @@ class APIGateway(ModelObj):
         self,
         method="POST",
         headers: dict = None,
-        auth: Optional[tuple[str, str]] = None,
+        credentials: Optional[tuple[str, str]] = None,
+        path: Optional[str] = None,
         **kwargs,
     ):
         """
@@ -356,7 +356,9 @@ class APIGateway(ModelObj):
 
         :param method: (str, optional) The HTTP method for the invocation.
         :param headers: (dict, optional) The HTTP headers for the invocation.
-        :param auth: (Optional[tuple[str, str]], optional) The authentication creds for the invocation if required.
+        :param credentials: (Optional[tuple[str, str]], optional) The (username,password) for the invocation if required
+            can also be set by the environment variable (_, V3IO_ACCESS_KEY) for access key authentication.
+        :param path: (str, optional) The sub-path for the invocation.
         :param kwargs: (dict) Additional keyword arguments.
 
         :return: The response from the API gateway invocation.
@@ -373,29 +375,44 @@ class APIGateway(ModelObj):
                 f"API gateway is not ready. " f"Current state: {self.state}"
             )
 
+        auth = None
+
         if (
             self.spec.authentication.authentication_mode
-            == NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_BASIC_AUTH
+            == schemas.APIGatewayAuthenticationMode.basic.value
         ):
-            if not auth:
+            if not credentials:
                 raise mlrun.errors.MLRunInvalidArgumentError(
                     "API Gateway invocation requires authentication. Please pass credentials"
                 )
-            auth = HTTPBasicAuth(*auth)
+            auth = NuclioAuthInfo(
+                username=credentials[0], password=credentials[1]
+            ).to_requests_auth()
 
         if (
             self.spec.authentication.authentication_mode
-            == NUCLIO_API_GATEWAY_AUTHENTICATION_MODE_ACCESS_KEY
+            == schemas.APIGatewayAuthenticationMode.access_key.value
         ):
             # inject access key from env
-            auth = NuclioAuthInfo().from_envvar().to_requests_auth()
-
+            if credentials:
+                auth = NuclioAuthInfo(
+                    username=credentials[0],
+                    password=credentials[1],
+                    mode=NuclioAuthKinds.iguazio,
+                ).to_requests_auth()
+            else:
+                auth = NuclioAuthInfo().from_envvar().to_requests_auth()
+            if not auth:
+                raise mlrun.errors.MLRunInvalidArgumentError(
+                    "API Gateway invocation requires authentication. Please set V3IO_ACCESS_KEY env var"
+                )
+        url = urljoin(self.invoke_url, path or "")
         return requests.request(
             method=method,
-            url=self.invoke_url,
+            url=url,
             headers=headers or {},
-            **kwargs,
             auth=auth,
+            **kwargs,
         )
 
     def wait_for_readiness(self, max_wait_time=90):
@@ -420,10 +437,10 @@ class APIGateway(ModelObj):
         )
 
     def is_ready(self):
-        if self.state is not mlrun.common.schemas.api_gateway.APIGatewayState.ready:
+        if self.state is not schemas.api_gateway.APIGatewayState.ready:
             # try to sync the state
             self.sync()
-        return self.state == mlrun.common.schemas.api_gateway.APIGatewayState.ready
+        return self.state == schemas.api_gateway.APIGatewayState.ready
 
     def sync(self):
         """
@@ -461,13 +478,17 @@ class APIGateway(ModelObj):
     def with_canary(
         self,
         functions: Union[
-            list[str],
             list[
                 Union[
-                    RemoteRuntime,
-                    ServingRuntime,
+                    str,
+                    "mlrun.runtimes.nuclio.function.RemoteRuntime",
+                    "mlrun.runtimes.nuclio.serving.ServingRuntime",
+                    "mlrun.runtimes.nuclio.application.ApplicationRuntime",
                 ]
             ],
+            "mlrun.runtimes.nuclio.function.RemoteRuntime",
+            "mlrun.runtimes.nuclio.serving.ServingRuntime",
+            "mlrun.runtimes.nuclio.application.ApplicationRuntime",
         ],
         canary: list[int],
     ):
@@ -478,7 +499,8 @@ class APIGateway(ModelObj):
             Can be a list of function names (["my-func1", "my-func2"])
             or a list of nuclio functions of types
             :py:class:`~mlrun.runtimes.nuclio.function.RemoteRuntime` OR
-            :py:class:`~mlrun.runtimes.nuclio.serving.ServingRuntime`
+            :py:class:`~mlrun.runtimes.nuclio.serving.ServingRuntime` OR
+            :py:class:`~mlrun.runtimes.nuclio.application.ApplicationRuntime`
         :param canary: The canary percents for the API gateway of type list[int]; for instance: [20,80]
 
         """
@@ -503,13 +525,13 @@ class APIGateway(ModelObj):
         )
 
     @classmethod
-    def from_scheme(cls, api_gateway: mlrun.common.schemas.APIGateway):
+    def from_scheme(cls, api_gateway: schemas.APIGateway):
         project = api_gateway.metadata.labels.get(PROJECT_NAME_LABEL)
         functions, canary = cls._resolve_canary(api_gateway.spec.upstreams)
         state = (
             api_gateway.status.state
             if api_gateway.status
-            else mlrun.common.schemas.APIGatewayState.none
+            else schemas.APIGatewayState.none
         )
         new_api_gateway = cls(
             metadata=APIGatewayMetadata(
@@ -528,14 +550,14 @@ class APIGateway(ModelObj):
         new_api_gateway.state = state
         return new_api_gateway
 
-    def to_scheme(self) -> mlrun.common.schemas.APIGateway:
+    def to_scheme(self) -> schemas.APIGateway:
         upstreams = (
             [
-                mlrun.common.schemas.APIGatewayUpstream(
+                schemas.APIGatewayUpstream(
                     nucliofunction={"name": self.spec.functions[0]},
                     percentage=self.spec.canary[0],
                 ),
-                mlrun.common.schemas.APIGatewayUpstream(
+                schemas.APIGatewayUpstream(
                     # do not set percent for the second function,
                     # so we can define which function to display as a primary one in UI
                     nucliofunction={"name": self.spec.functions[1]},
@@ -543,7 +565,7 @@ class APIGateway(ModelObj):
             ]
             if self.spec.canary
             else [
-                mlrun.common.schemas.APIGatewayUpstream(
+                schemas.APIGatewayUpstream(
                     nucliofunction={"name": function_name},
                 )
                 for function_name in self.spec.functions
@@ -553,16 +575,14 @@ class APIGateway(ModelObj):
             for i, port in enumerate(self.spec.ports):
                 upstreams[i].port = port
 
-        api_gateway = mlrun.common.schemas.APIGateway(
-            metadata=mlrun.common.schemas.APIGatewayMetadata(
-                name=self.metadata.name, labels={}
-            ),
-            spec=mlrun.common.schemas.APIGatewaySpec(
+        api_gateway = schemas.APIGateway(
+            metadata=schemas.APIGatewayMetadata(name=self.metadata.name, labels={}),
+            spec=schemas.APIGatewaySpec(
                 name=self.metadata.name,
                 description=self.spec.description,
                 host=self.spec.host,
                 path=self.spec.path,
-                authenticationMode=mlrun.common.schemas.APIGatewayAuthenticationMode.from_str(
+                authenticationMode=schemas.APIGatewayAuthenticationMode.from_str(
                     self.spec.authentication.authentication_mode
                 ),
                 upstreams=upstreams,
@@ -592,7 +612,7 @@ class APIGateway(ModelObj):
 
     @staticmethod
     def _resolve_canary(
-        upstreams: list[mlrun.common.schemas.APIGatewayUpstream],
+        upstreams: list[schemas.APIGatewayUpstream],
     ) -> tuple[Union[list[str], None], Union[list[int], None]]:
         if len(upstreams) == 1:
             return [upstreams[0].nucliofunction.get("name")], None

mlrun/runtimes/nuclio/application/application.py

@@ -12,13 +12,20 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import pathlib
+import typing
 
 import nuclio
 
+import mlrun.common.schemas as schemas
 import mlrun.errors
-from mlrun.common.schemas import AuthInfo
+from mlrun.common.runtimes.constants import NuclioIngressAddTemplatedIngressModes
 from mlrun.runtimes import RemoteRuntime
 from mlrun.runtimes.nuclio import min_nuclio_versions
+from mlrun.runtimes.nuclio.api_gateway import (
+    APIGateway,
+    APIGatewayMetadata,
+    APIGatewaySpec,
+)
 from mlrun.runtimes.nuclio.function import NuclioSpec, NuclioStatus
 
 
@@ -113,7 +120,10 @@ class ApplicationSpec(NuclioSpec):
             state_thresholds=state_thresholds,
             disable_default_http_trigger=disable_default_http_trigger,
         )
-        self.internal_application_port = internal_application_port or 8080
+        self.internal_application_port = (
+            internal_application_port
+            or mlrun.mlconf.function.application.default_sidecar_internal_port
+        )
 
     @property
     def internal_application_port(self):
@@ -139,6 +149,9 @@ class ApplicationStatus(NuclioStatus):
         container_image=None,
         application_image=None,
         sidecar_name=None,
+        api_gateway_name=None,
+        api_gateway=None,
+        url=None,
     ):
         super().__init__(
             state=state,
@@ -151,6 +164,9 @@ class ApplicationStatus(NuclioStatus):
         )
         self.application_image = application_image or None
         self.sidecar_name = sidecar_name or None
+        self.api_gateway_name = api_gateway_name or None
+        self.api_gateway = api_gateway or None
+        self.url = url or None
 
 
 class ApplicationRuntime(RemoteRuntime):
@@ -176,6 +192,24 @@ class ApplicationRuntime(RemoteRuntime):
     def status(self, status):
         self._status = self._verify_dict(status, "status", ApplicationStatus)
 
+    @property
+    def api_gateway(self):
+        return self.status.api_gateway
+
+    @api_gateway.setter
+    def api_gateway(self, api_gateway: APIGateway):
+        self.status.api_gateway = api_gateway
+
+    @property
+    def url(self):
+        if not self.status.api_gateway:
+            self._sync_api_gateway()
+        return self.status.api_gateway.invoke_url
+
+    @url.setter
+    def url(self, url):
+        self.status.url = url
+
     def set_internal_application_port(self, port: int):
         self.spec.internal_application_port = port
 
@@ -220,7 +254,7 @@ class ApplicationRuntime(RemoteRuntime):
         project="",
         tag="",
         verbose=False,
-        auth_info: AuthInfo = None,
+        auth_info: schemas.AuthInfo = None,
         builder_env: dict = None,
         force_build: bool = False,
         with_mlrun=None,
@@ -228,6 +262,10 @@ class ApplicationRuntime(RemoteRuntime):
         is_kfp=False,
         mlrun_version_specifier=None,
         show_on_failure: bool = False,
+        skip_access_key_auth: bool = False,
+        direct_port_access: bool = False,
+        authentication_mode: schemas.APIGatewayAuthenticationMode = None,
+        authentication_creds: tuple[str] = None,
     ):
         """
         Deploy function, builds the application image if required (self.requires_build()) or force_build is True,
@@ -244,6 +282,10 @@ class ApplicationRuntime(RemoteRuntime):
         :param is_kfp:                  Deploy as part of a kfp pipeline
         :param mlrun_version_specifier: Which mlrun package version to include (if not current)
         :param show_on_failure:         Show logs only in case of build failure
+        :param skip_access_key_auth:    Skip adding access key auth to the API Gateway
+        :param direct_port_access:      Set True to allow direct port access to the application sidecar
+        :param authentication_mode:     API Gateway authentication mode
+        :param authentication_creds:    API Gateway authentication credentials as a tuple (username, password)
         :return: True if the function is ready (deployed)
         """
         if self.requires_build() or force_build:
@@ -261,6 +303,16 @@ class ApplicationRuntime(RemoteRuntime):
 
         self._ensure_reverse_proxy_configurations()
         self._configure_application_sidecar()
+
+        # we only allow accessing the application via the API Gateway
+        name_tag = tag or self.metadata.tag
+        self.status.api_gateway_name = (
+            f"{self.metadata.name}-{name_tag}" if name_tag else self.metadata.name
+        )
+        self.spec.add_templated_ingress_host_mode = (
+            NuclioIngressAddTemplatedIngressModes.never
+        )
+
         super().deploy(
             project,
             tag,
@@ -269,6 +321,14 @@ class ApplicationRuntime(RemoteRuntime):
             builder_env,
         )
 
+        ports = self.spec.internal_application_port if direct_port_access else []
+        self.create_api_gateway(
+            name=self.status.api_gateway_name,
+            ports=ports,
+            authentication_mode=authentication_mode,
+            authentication_creds=authentication_creds,
+        )
+
     def with_source_archive(
         self, source, workdir=None, pull_at_runtime=True, target_dir=None
     ):
@@ -290,6 +350,92 @@ class ApplicationRuntime(RemoteRuntime):
             target_dir=target_dir,
         )
 
+    @classmethod
+    def get_filename_and_handler(cls) -> (str, str):
+        reverse_proxy_file_path = pathlib.Path(__file__).parent / "reverse_proxy.go"
+        return str(reverse_proxy_file_path), "Handler"
+
+    def create_api_gateway(
+        self,
+        name: str = None,
+        path: str = None,
+        ports: list[int] = None,
+        authentication_mode: schemas.APIGatewayAuthenticationMode = None,
+        authentication_creds: tuple[str] = None,
+    ):
+        api_gateway = APIGateway(
+            APIGatewayMetadata(
+                name=name,
+                namespace=self.metadata.namespace,
+                labels=self.metadata.labels,
+                annotations=self.metadata.annotations,
+            ),
+            APIGatewaySpec(
+                functions=[self],
+                project=self.metadata.project,
+                path=path,
+                ports=mlrun.utils.helpers.as_list(ports) if ports else None,
+            ),
+        )
+
+        authentication_mode = (
+            authentication_mode
+            or mlrun.mlconf.function.application.default_authentication_mode
+        )
+        if authentication_mode == schemas.APIGatewayAuthenticationMode.access_key:
+            api_gateway.with_access_key_auth()
+        elif authentication_mode == schemas.APIGatewayAuthenticationMode.basic:
+            api_gateway.with_basic_auth(*authentication_creds)
+
+        db = mlrun.get_run_db()
+        api_gateway_scheme = db.store_api_gateway(
+            api_gateway=api_gateway.to_scheme(), project=self.metadata.project
+        )
+        if not self.status.api_gateway_name:
+            self.status.api_gateway_name = api_gateway_scheme.metadata.name
+        self.status.api_gateway = APIGateway.from_scheme(api_gateway_scheme)
+        self.status.api_gateway.wait_for_readiness()
+        self.url = self.status.api_gateway.invoke_url
+
+    def invoke(
+        self,
+        path: str,
+        body: typing.Union[str, bytes, dict] = None,
+        method: str = None,
+        headers: dict = None,
+        dashboard: str = "",
+        force_external_address: bool = False,
+        auth_info: schemas.AuthInfo = None,
+        mock: bool = None,
+        **http_client_kwargs,
+    ):
+        self._sync_api_gateway()
+        # If the API Gateway is not ready or not set, try to invoke the function directly (without the API Gateway)
+        if not self.status.api_gateway:
+            super().invoke(
+                path,
+                body,
+                method,
+                headers,
+                dashboard,
+                force_external_address,
+                auth_info,
+                mock,
+                **http_client_kwargs,
+            )
+
+        credentials = (auth_info.username, auth_info.password) if auth_info else None
+
+        if not method:
+            method = "POST" if body else "GET"
+        return self.status.api_gateway.invoke(
+            method=method,
+            headers=headers,
+            credentials=credentials,
+            path=path,
+            **http_client_kwargs,
+        )
+
     def _build_application_image(
         self,
         builder_env: dict = None,
@@ -355,7 +501,14 @@ class ApplicationRuntime(RemoteRuntime):
         self.set_env("SIDECAR_PORT", self.spec.internal_application_port)
         self.set_env("SIDECAR_HOST", "http://localhost")
 
-    @classmethod
-    def get_filename_and_handler(cls) -> (str, str):
-        reverse_proxy_file_path = pathlib.Path(__file__).parent / "reverse_proxy.go"
-        return str(reverse_proxy_file_path), "Handler"
+    def _sync_api_gateway(self):
+        if not self.status.api_gateway_name:
+            return
+
+        db = mlrun.get_run_db()
+        api_gateway_scheme = db.get_api_gateway(
+            name=self.status.api_gateway_name, project=self.metadata.project
+        )
+        self.status.api_gateway = APIGateway.from_scheme(api_gateway_scheme)
+        self.status.api_gateway.wait_for_readiness()
+        self.url = self.status.api_gateway.invoke_url

mlrun/runtimes/nuclio/function.py

@@ -547,7 +547,6 @@ class RemoteRuntime(KubeResource):
         if tag:
             self.metadata.tag = tag
 
-        save_record = False
         # Attempt auto-mounting, before sending to remote build
         self.try_auto_mount_based_on_config()
         self._fill_credentials()
@@ -565,15 +564,18 @@ class RemoteRuntime(KubeResource):
         #       now, functions can be not exposed (using service type ClusterIP) and hence
         #       for BC we first try to populate the external invocation url, and then
         #       if not exists, take the internal invocation url
-        if self.status.external_invocation_urls:
+        if (
+            self.status.external_invocation_urls
+            and self.status.external_invocation_urls[0] != ""
+        ):
             self.spec.command = f"http://{self.status.external_invocation_urls[0]}"
-            save_record = True
-        elif self.status.internal_invocation_urls:
+        elif (
+            self.status.internal_invocation_urls
+            and self.status.internal_invocation_urls[0] != ""
+        ):
             self.spec.command = f"http://{self.status.internal_invocation_urls[0]}"
-            save_record = True
-        elif self.status.address:
+        elif self.status.address and self.status.address != "":
             self.spec.command = f"http://{self.status.address}"
-            save_record = True
 
         logger.info(
             "Successfully deployed function",
@@ -581,8 +583,7 @@ class RemoteRuntime(KubeResource):
             external_invocation_urls=self.status.external_invocation_urls,
         )
 
-        if save_record:
-            self.save(versioned=False)
+        self.save(versioned=False)
 
         return self.spec.command
 
@@ -966,19 +967,24 @@ class RemoteRuntime(KubeResource):
             sidecar["image"] = image
 
         ports = mlrun.utils.helpers.as_list(ports)
+        # according to RFC-6335, port name should be less than 15 characters,
+        # so we truncate it if needed and leave room for the index
+        port_name = name[:13].rstrip("-_") if len(name) > 13 else name
         sidecar["ports"] = [
             {
-                "name": f"{name}-{i}",
+                "name": f"{port_name}-{i}",
                 "containerPort": port,
                 "protocol": "TCP",
             }
             for i, port in enumerate(ports)
         ]
 
-        if command:
+        # if it is a redeploy, 'command' might be set with the previous invocation url.
+        # in this case, we don't want to use it as the sidecar command
+        if command and not command.startswith("http"):
             sidecar["command"] = mlrun.utils.helpers.as_list(command)
 
-        if args:
+        if args and sidecar["command"]:
             sidecar["args"] = mlrun.utils.helpers.as_list(args)
 
     def _set_sidecar(self, name: str) -> dict: