faasd - serverless with containerd

faasd is a Golang supervisor that bundles OpenFaaS for use with containerd instead of a container orchestrator like Kubernetes or Docker Swarm.

About faasd:

• faasd is a single Golang binary
• faasd is multi-arch, so works on x86_64, armhf and arm64
• faasd downloads, starts and supervises the core components to run OpenFaaS

Demo of faasd running in KVM

What does faasd deploy?

• faasd - itself, and its faas-provider
• Prometheus
• the OpenFaaS gateway

You can use the standard faas-cli with faasd along with pre-packaged functions in the Function Store, or build your own with the template store.

Tutorials

Get started on DigitalOcean or with cloud-init

• Build a Serverless appliance with cloud-init and faasd

Run locally on MacOS, Linux, or Windows with Multipass.run

• Get up and running with your own faasd installation on your Mac/Ubuntu or Windows with cloud-config

Get started on armhf / Raspberry Pi

You can run this tutorial on your Raspberry Pi, or adapt the steps for a regular Linux VM/VPS host.

• faasd - lightweight Serverless for your Raspberry Pi

Manual / developer instructions

See here for manual / developer instructions

Backlog

faasd supports:

• faas list
• faas describe
• faas deploy --update=true --replace=false
• faas invoke
• faas rm
• faas login
• faas store list/deploy/inspect
• faas up
• faas version
• faas invoke --async
• faas namespace

Scale from and to zero is also supported. On a Dell XPS with a small, pre-pulled image unpausing an existing task took 0.19s and starting a task for a killed function took 0.39s. There may be further optimizations to be gained.

Other operations are pending development in the provider such as:

• faas logs
• faas secret
• faas auth

Todo

Pending:

• Add support for using container images in third-party public registries
• Add support for using container images in private third-party registries
• Monitor and restart any of the core components at runtime if the container stops
• Bundle/package/automate installation of containerd - see bootstrap from k3s
• Provide ufw rules / example for blocking access to everything but a reverse proxy to the gateway container
• Provide simple Caddyfile example in the README showing how to expose the faasd proxy on port 80/443 with TLS

Done:

• Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway - done via /etc/hosts mount
• Add queue-worker and NATS
• Create faasd.service and faasd-provider.service
• Self-install / create systemd service via faasd install
• Restart containers upon restart of faasd
• Clear / remove containers and tasks with SIGTERM / SIGINT
• Determine armhf/arm64 containers to run for gateway
• Configure basic_auth to protect the OpenFaaS gateway and faasd-provider HTTP API
• Setup custom working directory for faasd /var/lib/faasd/
• Use CNI to create network namespaces and adapters

Appendix

Links

31968e4b48/cmd/network.go

c4f62c86bd/catraia-net/network.go

https://github.com/containernetworking/plugins

https://github.com/containerd/go-cni