OpenFaaS
Finally, we are here! Installing OpenFaaS on our already running K3s Kubernetes cluster on premise.
Install
We are going to use Arkade. Since we installed this before to simplify the whole process.
# Switch to root, I did everything under root to avoid issues. ( In production you would use custom user, never run stuff under root in the wild.)
arkade install openfaasThe above will end with some information that you should note somewhere, like how to get an admin password for OpenFaaS Gateway.
PASSWORD=$(kubectl get secret -n openfaas basic-auth -o jsonpath="{.data.basic-auth-password}" | base64 --decode; echo)
# Above will store password in $PASSWORD environmental variable, this will disappear after relog.
echo $PASSWORDBut first, I want to have OpenFaaS gateway on its own IP accessible from outside.
Custom MetalLB service
Deploying OpenFaaS with arcade will create two Gateway services:
- gateway
- gateway-external
root@control01:~/openfaas# kubectl get svc -n openfaas
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
basic-auth-plugin ClusterIP 10.43.6.51 <none> 8080/TCP 12d
prometheus ClusterIP 10.43.98.240 <none> 9090/TCP 12d
nats ClusterIP 10.43.113.234 <none> 4222/TCP 12d
alertmanager ClusterIP 10.43.19.176 <none> 9093/TCP 12d
gateway ClusterIP 10.43.139.78 <none> 8080/TCP 12d
gateway-external NodePort 10.43.142.141 <none> 8080:31112/TCP 12dThese are all fine and dandy, but we did not deploy MetalLB for nothing.
Create new folder called OpenFaaS and put a file there called svc.yaml
apiVersion: v1
kind: Service
metadata:
name: openfaas-service
namespace: openfaas
spec:
selector:
app: gateway
type: LoadBalancer
ports:
- name: openfaas-port
protocol: TCP
port: 8080
targetPort: 8080
loadBalancerIP: 192.168.0.203What to pay attention to:
- name - What is our service going to be called?
- namespace - This needs to be
openfaas, that’s where the OpenFaaS lives. - port - Port from outside; we use the default where the gateway runs, so 8080.
- targetPort - Inside the container, it is 8080.
- loadBalancerIP - Our desired external IP (remember we set the range for MetalLB, so it’s one of these).
To further explain, and I think I mentioned this before, I run the whole Kubernetes cluster in private LAN, separated from my network. So, when I'm logging in, I'm targeting the WAN IP of the switch, and that’s it NATed to the control01 node.
Apply the config and check:
root@control01:~/openfaas# kubectl apply -f service.yaml
root@control01:~/openfaas# kubectl get svc -n openfaas
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
basic-auth-plugin ClusterIP 10.43.6.51 <none> 8080/TCP 12d
prometheus ClusterIP 10.43.98.240 <none> 9090/TCP 12d
nats ClusterIP 10.43.113.234 <none> 4222/TCP 12d
alertmanager ClusterIP 10.43.19.176 <none> 9093/TCP 12d
gateway ClusterIP 10.43.139.78 <none> 8080/TCP 12d
gateway-external NodePort 10.43.142.141 <none> 8080:31112/TCP 12d
openfaas-service LoadBalancer 10.43.2.41 192.168.0.203 8080:31682/TCP 12dopenfaas-service is there with external IP 192.168.0.203, nice!
/etc/hosts
Let’s give the IP some nice DNS name.
ansible cube -b -m lineinfile -a "path='/etc/hosts' line='192.168.0.203 openfaas openfaas.cube.local'"Environment
We will set up environment variables so CLI knows where the OpenFaaS url is. This way, you don't have to type it again. Also, where is our local docker registry? If you check back in this guide, I made an entry in /etc/hosts for every server to point docker-registry.local to the Docker registry service IP in our Kubernetes.
nano ~/.bash_profile
export OPENFAAS_URL=http://openfaas.cube.local:8080
export OPENFAAS_PREFIX=registry.cube.local:5000OpenFaaS faas-cli
We need a special OpenFaaS CLI for us to build, push, remove functions and generally interact with OpenFaaS.
Installation is super simple, first install git, if you haven't already.
apt install git -yAnd then:
curl -sL https://cli.openfaas.com | sudo shCheck:
root@control01:~/openfaas# faas-cli version
___ _____ ____
/ _ \ _ __ ___ _ __ | ___|_ _ __ _/ ___|
| | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \
| |_| | |_) | __/ | | | _| (_| | (_| |___) |
\___/| .__/ \___|_| |_|_| \__,_|\__,_|____/
|_|
CLI:
commit: b1c09c0243f69990b6c81a17d7337f0fd23e7542
version: 0.14.2
Gateway
uri: http://openfaas.cube.local:8080
version: 0.21.4
sha: 4e868f5f9d81485740e7951e52e4026a09775a3d
Provider
name: faas-netes
orchestration: kubernetes
version: 0.14.2
sha: 54f00fd5acaceadca289e41d8d55360a0b4d5079Now, you need to log in to gateway. If you did not restart your connection the password is still in your variable. If you did, just re-run the command.
root@control01:~/openfaas# echo -n $PASSWORD | faas-cli login --username admin --password-stdin
Calling the OpenFaaS server to validate the credentials...
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
credentials saved for admin http://openfaas.cube.local:8080Ignore the HTTPS warning: we do not use HTTPS, since there is no domain that points back to our server. We run this on premise anyway 🙂.
This is it! OpenFaaS is installed and running. You can confirm just in case, with:
root@control01:~/openfaas# kubectl get pods -n openfaas
NAME READY STATUS RESTARTS AGE
nats-54785d8c5d-xdcl4 1/1 Running 0 12d
queue-worker-7bbcdf48f4-4bmpc 1/1 Running 1 (12d ago) 12d
basic-auth-plugin-86d958777b-9frg7 1/1 Running 0 12d
gateway-64b54cd87d-f7vp7 2/2 Running 0 12d
prometheus-6564dbc65f-xtdpb 1/1 Running 0 12d
alertmanager-6556874845-qpqjd 1/1 Running 0 12dIn the next chapter, we will deploy some python functions as examples.
If you got this far you must be parched, get some drink and maybe coffee for me and come back to this guide later.