a1c8a8111b
* Issue was detected whilst testing 0.4.0 from @Waterdrips which added basic auth, but the header was not being propagated. * This code is tested in OpenFaaS already, but unit tests will be added retrospectively. * Proxy now reads the gateway URL via a channel instead of from a file to make unit testing easier. Basic auth now works as expected with faas-cli login / list. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
faasd - serverless with containerd
faasd is a Golang supervisor that bundles OpenFaaS for use with containerd instead of a container orchestrator like Kubernetes or Docker Swarm.
About faasd:
- faasd is a single Golang binary
- faasd is multi-arch, so works on
x86_64, armhf and arm64 - faasd downloads, starts and supervises the core components to run OpenFaaS
What does faasd deploy?
You can use the standard faas-cli with faasd along with pre-packaged functions in the Function Store, or build your own with the template store.
faas-containerd supports:
faas listfaas describefaas deploy --update=true --replace=falsefaas invokefaas invoke --async
Other operations are pending development in the provider.
Pre-reqs
- Linux - ideally Ubuntu, which is used for testing
- Installation steps as per faas-containerd for building and for development
- netns binary in
$PATH - containerd v1.3.2
- netns binary in
- faas-cli (optional)
Backlog
Pending:
- Use CNI to create network namespaces and adapters
- Monitor and restart any of the core components at runtime if the container stops
- Bundle/package/automate installation of containerd - see bootstrap from k3s
- Provide ufw rules / example for blocking access to everything but a reverse proxy to the gateway container
Done:
- Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway - done via
/etc/hostsmount - Add queue-worker and NATS
- Create faasd.service and faas-containerd.service
- Self-install / create systemd service via
faasd install - Restart containers upon restart of faasd
- Clear / remove containers and tasks with SIGTERM / SIGINT
- Determine armhf/arm64 containers to run for gateway
- Configure
basic_authto protect the OpenFaaS gateway and faas-containerd HTTP API
Hacking (build from source)
First run faas-containerd
cd $GOPATH/src/github.com/alexellis/faas-containerd
# You'll need to install containerd and its pre-reqs first
# https://github.com/alexellis/faas-containerd/
sudo ./faas-containerd
Then run faasd, which brings up the gateway and Prometheus as containers
cd $GOPATH/src/github.com/alexellis/faasd
go build
# Install with systemd
# sudo ./faasd install
# Or run interactively
# sudo ./faasd up
Build and run (binaries)
# For x86_64
sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.3.1/faasd" \
-o "/usr/local/bin/faasd" \
&& sudo chmod a+x "/usr/local/bin/faasd"
# armhf
sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.3.1/faasd-armhf" \
-o "/usr/local/bin/faasd" \
&& sudo chmod a+x "/usr/local/bin/faasd"
# arm64
sudo curl -fSLs "https://github.com/alexellis/faasd/releases/download/0.3.1/faasd-arm64" \
-o "/usr/local/bin/faasd" \
&& sudo chmod a+x "/usr/local/bin/faasd"
At run-time
Look in hosts in the current working folder to get the IP for the gateway or Prometheus
127.0.0.1 localhost
172.19.0.1 faas-containerd
172.19.0.2 prometheus
172.19.0.3 gateway
172.19.0.4 nats
172.19.0.5 queue-worker
Since faas-containerd uses containerd heavily it is not running as a container, but as a stand-alone process. Its port is available via the bridge interface, i.e. netns0.
-
Prometheus will run on the Prometheus IP plus port 8080 i.e. http://172.19.0.2:9090/targets
-
faas-containerd runs on 172.19.0.1:8081
-
Now go to the gateway's IP address as shown above on port 8080, i.e. http://172.19.0.3:8080 - you can also use this address to deploy OpenFaaS Functions via the
faas-cli. -
basic-auth
You will then need to get the basic-auth password, it is written to
$GOPATH/src/github.com/alexellis/faasd/basic-auth-passwordif you followed the above instructions. The default Basic Auth username isadmin, which is written to$GOPATH/src/github.com/alexellis/faasd/basic-auth-user, if you wish to use a non-standard user then create this file and add your username (no newlines or other characters)
Installation with systemd
faasd install- install faasd and containerd with systemd, run in$GOPATH/src/github.com/alexellis/faasdjournalctl -u faasd- faasd systemd logsjournalctl -u faas-containerd- faas-containerd systemd logs
Appendix
Removing containers:
echo faas-containerd gateway prometheus | xargs sudo ctr task rm -f
echo faas-containerd gateway prometheus | xargs sudo ctr container rm
echo faas-containerd gateway prometheus | xargs sudo ctr snapshot rm
Links
c4f62c86bd/catraia-net/network.go