Skip to content

OpenFaaS

Finally we are here, installing OpenFaaS on our already running K3s kubernetes cluster on premise.

Install

We are going to use Arkade we installed before to simplify the whole process.

# Switch to root, I did everything under root to avoid issues. ( In production you would use custom user, never run stuff under root in the wild.)
arkade install openfaas

Above will end with some information that you should note somewhere, like how to get admin password for OpenFaaS Gateway.

PASSWORD=$(kubectl get secret -n openfaas basic-auth -o jsonpath="{.data.basic-auth-password}" | base64 --decode; echo)
# Above will store password in $PASSWORD environmental variable, this will disappear after relog.
echo $PASSWORD

But first we/I want to have OpenFaaS gateway on its own IP accessible from outside.

Custom MetalLB service

Deploying OpenFaaS with arcade will create two Gateway services:

  • gateway
  • gateway-external
root@control01:/home/ubuntu# kubectl get svc -n openfaas
NAME                TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)          AGE
alertmanager        ClusterIP      10.43.109.178   <none>          9093/TCP         23h
basic-auth-plugin   ClusterIP      10.43.31.210    <none>          8080/TCP         23h
gateway             ClusterIP      10.43.195.169   <none>          8080/TCP         23h
gateway-external    NodePort       10.43.57.200    <none>          8080:31112/TCP   23h
nats                ClusterIP      10.43.76.87     <none>          4222/TCP         23h
prometheus          ClusterIP      10.43.238.226   <none>          9090/TCP         23h

These are all fine and dandy, but we did not deploy MetalLB for nothing. So I created new yaml config:

apiVersion: v1
kind: Service
metadata:
  name: openfaas-service
  namespace: openfaas
spec:
  selector:
    app: gateway
  type: LoadBalancer
  ports:
    - name: openfaas-port
      protocol: TCP
      port: 8080
      targetPort: 8080
  loadBalancerIP: 192.168.0.233

What to pay attention to:

  • name - How is our service going to be called.
  • namespace - This needs to be openfaas, thats where the OpenFaaS lives.
  • port - Port from outside, we use default where the gateway runs so 8080
  • targetPort - Inside container, 8080 it is.
  • loadBalancerIP - Our desired external IP ( remember we set range for MetalLB, so its one of theses)

To further explain, and I think I mentioned this before, I run the whole kubernetes cluster in private LAN separated from my network. So when I'm logging in I'm targeting WAN IP of switch and that its NATed to control01 node.

Next I do NAT again, just for port 8080 from WAN to 192.168.0.233 inside, this give me access to OpenFaaS Gateway from my LAN. Whole this is outside of scope of this guide, but not difficult to setup. Its just specific to your switch/router.

Anyway apply the config and check:

root@control01:/home/ubuntu# kubectl apply -f service.yaml
root@control01:/home/ubuntu# kubectl get svc -n openfaas
NAME                TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)          AGE
alertmanager        ClusterIP      10.43.109.178   <none>          9093/TCP         23h
basic-auth-plugin   ClusterIP      10.43.31.210    <none>          8080/TCP         23h
gateway             ClusterIP      10.43.195.169   <none>          8080/TCP         23h
gateway-external    NodePort       10.43.57.200    <none>          8080:31112/TCP   23h
nats                ClusterIP      10.43.76.87     <none>          4222/TCP         23h
openfaas-service    LoadBalancer   10.43.58.88     192.168.0.233   8080:31547/TCP   8h
prometheus          ClusterIP      10.43.238.226   <none>          9090/TCP         23h

openfaas-service is there with external IP 192.168.0.233, nice !

/etc/hosts

Lets give the IP also some nice DNS name.

ansible cube -b -m lineinfile -a "path='/etc/hosts' line='192.168.0.233 openfaas openfaas.cube.local'"

Environment

We will setup environment variable for CLI to know where is the OpenFaaS url. This way you don't have to type it again. And also where is our local docker registry. If you check back in this guide I made entry in /etc/hosts of every server to point docker-registry.local to docker registry service IP in our kubernetes.

nano ~/.bash_profile
export OPENFAAS_URL=http://openfaas.local:8080
export OPENFAAS_PREFIX=docker-registry.local:5000

OpenFaaS faas-cli

We need special OpenFaaS CLI for us to build, push, remove functions and generally interact with OpenFaaS in general. Installation is super simple:

curl -sL https://cli.openfaas.com | sudo sh

Check:

root@control01:/home/ubuntu# faas-cli version
  ___                   _____           ____
 / _ \ _ __   ___ _ __ |  ___|_ _  __ _/ ___|
| | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \
| |_| | |_) |  __/ | | |  _| (_| | (_| |___) |
 \___/| .__/ \___|_| |_|_|  \__,_|\__,_|____/
      |_|

CLI:
 commit:  598336a0cad38a79d5466e6a3a9aebab4fc61ba9
 version: 0.12.21

Now you need to log in to gateway, if you did not restart your connection the password is still in your variable. If you did, just re-run the command again.

root@control01:/home/ubuntu# echo -n $PASSWORD | faas-cli login --username admin --password-stdin
Calling the OpenFaaS server to validate the credentials...
WARNING! Communication is not secure, please consider using HTTPS. Letsencrypt.org offers free SSL/TLS certificates.
credentials saved for admin http://openfaas.local:8080

Ignore the https warning, we do not use https since there is no domain that points back to our server. And we do run this on premise anyway 🙂

This is it ! OpenFaaS is installed and running. You can confirm just in case, with:

root@control01:/home/ubuntu# kubectl get pods -n openfaas
NAME                                 READY   STATUS    RESTARTS   AGE
alertmanager-7b849dbf96-js76z        1/1     Running   0          23h
basic-auth-plugin-6dc5ddd97f-v6vg7   1/1     Running   0          23h
gateway-8d768fb57-4rqnr              2/2     Running   0          23h
nats-7fdd76d465-6677w                1/1     Running   0          23h
prometheus-54c655c4fd-89g9k          1/1     Running   0          23h
queue-worker-64b75867c8-kn7br        1/1     Running   0          23h

In next chapter we will deploy some python function as example.


Last update: February 8, 2021

Comments