Instalando OpenFaaS en Docker for Desktop
OpenFaaS (Functions as a Service) es un framework para construir funciones serverless con Docker y Kubernetes. A continuación se muestran los pasos para el despliegue de OpenFaaS en Docker for Desktop sobre Windows 10 para pruebas. Se han seguido las instrucciones de este post https://medium.com/faun/getting-started-with-openfaas-on-minikube-634502c7acdf modificándolo de minikube por Docker for Desktop.
Se muestra la actual versión y estado del clúster de kubernetes.
PS C:\Users\pablo> kubectl get nodes
NAME STATUS ROLES AGE VERSION
docker-for-desktop Ready master 3d v1.10.11
Se instala el cliente FaaS-cli:
PS C:\Users\pablo> $version = (Invoke-WebRequest "https://api.github.com/repos/openfaas/faas-cli/releases/latest" | ConvertFrom-Json)[0].tag_name
PS C:\Users\pablo> (New-Object System.Net.WebClient).DownloadFile("https://github.com/openfaas/faas-cli/releases/download/$version/faas-cli.exe", "faas-cli.exe")
PS C:\Users\pablo> .\faas-cli.exe
___ _____ ____
/ _ \ _ __ ___ _ __ | ___|_ _ __ _/ ___|
| | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \
| |_| | |_) | __/ | | | _| (_| | (_| |___) |
\___/| .__/ \___|_| |_|_| \__,_|\__,_|____/
|_|
Manage your OpenFaaS functions from the command line
Usage:
faas-cli [flags]
faas-cli [command]
Available Commands:
auth Obtain a token for your OpenFaaS gateway
build Builds OpenFaaS function containers
cloud OpenFaaS Cloud commands
deploy Deploy OpenFaaS functions
describe Describe an OpenFaaS function
generate Generate Kubernetes CRD YAML file
help Help about any command
invoke Invoke an OpenFaaS function
list List OpenFaaS functions
login Log in to OpenFaaS gateway
logout Log out from OpenFaaS gateway
logs Tail logs from your functions
new Create a new template in the current folder with the name given as name
push Push OpenFaaS functions to remote registry (Docker Hub)
remove Remove deployed OpenFaaS functions
secret OpenFaaS secret commands
store OpenFaaS store commands
template OpenFaaS template store and pull commands
up Builds, pushes and deploys OpenFaaS function containers
version Display the clients version information
Flags:
--filter string Wildcard to match with function names in YAML file
-h, --help help for faas-cli
--regex string Regex to match with function names in YAML file
-f, --yaml string Path to YAML file describing function(s)
Se descarga del sitio web https://github.com/helm/helm/releases la última versión de heml para Windows y se prueba el funcionamiento.
PS C:\Users\pablo> .\helm.exe
The Kubernetes package manager
To begin working with Helm, run the 'helm init' command:
$ helm init
This will install Tiller to your running Kubernetes cluster.
It will also set up any necessary local configuration.
Common actions from this point include:
- helm search: search for charts
- helm fetch: download a chart to your local directory to view
- helm install: upload the chart to Kubernetes
- helm list: list releases of charts
Environment:
- $HELM_HOME: set an alternative location for Helm files. By default, these are stored in ~/.helm
- $HELM_HOST: set an alternative Tiller host. The format is host:port
- $HELM_NO_PLUGINS: disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
- $TILLER_NAMESPACE: set an alternative Tiller namespace (default "kube-system")
- $KUBECONFIG: set an alternative Kubernetes configuration file (default "~/.kube/config")
- $HELM_TLS_CA_CERT: path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
- $HELM_TLS_CERT: path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
- $HELM_TLS_KEY: path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
- $HELM_TLS_ENABLE: enable TLS connection between Helm and Tiller (default "false")
- $HELM_TLS_VERIFY: enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
- $HELM_TLS_HOSTNAME: the hostname or IP address used to verify the Tiller server certificate (default "127.0.0.1")
- $HELM_KEY_PASSPHRASE: set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for the passphrase while signing helm charts
Usage:
helm [command]
Available Commands:
completion Generate autocompletions script for the specified shell (bash or zsh)
create create a new chart with the given name
delete given a release name, delete the release from Kubernetes
dependency manage a chart's dependencies
fetch download a chart from a repository and (optionally) unpack it in local directory
get download a named release
help Help about any command
history fetch release history
home displays the location of HELM_HOME
init initialize Helm on both client and server
inspect inspect a chart
install install a chart archive
lint examines a chart for possible issues
list list releases
package package a chart directory into a chart archive
plugin add, list, or remove Helm plugins
repo add, list, remove, update, and index chart repositories
reset uninstalls Tiller from a cluster
rollback roll back a release to a previous revision
search search for a keyword in charts
serve start a local http web server
status displays the status of the named release
template locally render templates
test test a release
upgrade upgrade a release
verify verify that a chart at the given path has been signed and is valid
version print the client/server version information
Flags:
--debug enable verbose output
-h, --help help for helm
--home string location of your Helm config. Overrides $HELM_HOME (default "C:\\Users\\gpablo\\.helm")
--host string address of Tiller. Overrides $HELM_HOST
--kube-context string name of the kubeconfig context to use
--kubeconfig string absolute path to the kubeconfig file to use
--tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300)
--tiller-namespace string namespace of Tiller (default "kube-system")
Use "helm [command] --help" for more information about a command.
Se inicializa helm.
PS C:\Users\pablo> kubectl -n kube-system create sa tiller
PS C:\Users\pablo> kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
PS C:\Users\pablo> .\helm.exe init --skip-refresh --upgrade --service-account tiller
Creating C:\Users\gpablo\.helm
Creating C:\Users\gpablo\.helm\repository
Creating C:\Users\gpablo\.helm\repository\cache
Creating C:\Users\gpablo\.helm\repository\local
Creating C:\Users\gpablo\.helm\plugins
Creating C:\Users\gpablo\.helm\starters
Creating C:\Users\gpablo\.helm\cache\archive
Creating C:\Users\gpablo\.helm\repository\repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at C:\Users\gpablo\.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Se crea un namespace para OpenFaaS:
PS C:\Users\pablo> kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml
namespace "openfaas" created
namespace "openfaas-fn" created
Se añade OpenFaaS al repositorio de helm y se actualiza.
PS C:\Users\pablo> .\helm.exe repo add openfaas https://openfaas.github.io/faas-netes/
"openfaas" has been added to your repositories
PS C:\Users\pablo> .\helm.exe repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "openfaas" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
Se crea un usuario para la autenticación.
PS C:\Users\pablo> kubectl -n openfaas create secret generic basic-auth --from-literal=basic-auth-user=admin --from-literal=basic-auth-password="mySecretPassword"
secret "basic-auth" created
Se despliega con helm el deployment de OpenFaaS
PS C:\Users\pablo> .\helm.exe upgrade openfaas --install openfaas/openfaas --namespace openfaas --set functionNamespace=openfaas-fn --set basic_auth=true
Release "openfaas" does not exist. Installing it now.
NAME: openfaas
LAST DEPLOYED: Mon Jul 22 13:43:54 2019
NAMESPACE: openfaas
STATUS: DEPLOYED
RESOURCES:
==> v1/ConfigMap
NAME DATA AGE
alertmanager-config 1 1s
prometheus-config 2 1s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
alertmanager-859d76cc47-8bxdq 0/1 ContainerCreating 0 1s
basic-auth-plugin-554c468bf4-n2k2x 0/1 Pending 0 1s
faas-idler-fbd75c8b8-ztnm6 0/1 ContainerCreating 0 1s
gateway-5dd689fff4-ft7g7 0/2 ContainerCreating 0 1s
nats-55494bc6b4-8zjc9 0/1 ContainerCreating 0 1s
prometheus-68948c5f79-8bgpp 0/1 Pending 0 1s
queue-worker-b99df4594-dr2nh 0/1 Pending 0 0s
==> v1/Role
NAME AGE
openfaas-prometheus 1s
==> v1/RoleBinding
NAME AGE
openfaas-prometheus 1s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
alertmanager ClusterIP 10.102.78.88 <none> 9093/TCP 1s
basic-auth-plugin ClusterIP 10.108.175.26 <none> 8080/TCP 1s
gateway ClusterIP 10.101.85.101 <none> 8080/TCP 1s
gateway-external NodePort 10.111.53.143 <none> 8080:31112/TCP 1s
nats ClusterIP 10.105.50.36 <none> 4222/TCP 1s
prometheus ClusterIP 10.101.247.7 <none> 9090/TCP 1s
==> v1/ServiceAccount
NAME SECRETS AGE
openfaas-controller 1 1s
openfaas-prometheus 1 1s
==> v1beta1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
alertmanager 0/1 1 0 1s
basic-auth-plugin 0/1 0 0 1s
faas-idler 0/1 0 0 1s
gateway 0/1 1 0 1s
nats 0/1 1 0 1s
prometheus 0/1 0 0 1s
queue-worker 0/1 0 0 1s
==> v1beta1/Role
NAME AGE
openfaas-controller 1s
==> v1beta1/RoleBinding
NAME AGE
openfaas-controller 1s
NOTES:
To verify that openfaas has started, run:
kubectl --namespace=openfaas get deployments -l "release=openfaas, app=openfaas"
Se verifica el deployment y los pods
PS C:\Users\pablo> kubectl get deployment -n openfaas
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
alertmanager 1 1 1 1 3m
basic-auth-plugin 1 1 1 1 3m
faas-idler 1 1 1 1 3m
gateway 1 1 1 1 3m
nats 1 1 1 1 3m
prometheus 1 1 1 1 3m
queue-worker 1 1 1 1 3m
PS C:\Users\pablo> kubectl get pods -n openfaas
NAME READY STATUS RESTARTS AGE
alertmanager-859d76cc47-8bxdq 1/1 Running 0 1h
basic-auth-plugin-554c468bf4-n2k2x 1/1 Running 0 1h
faas-idler-fbd75c8b8-ztnm6 1/1 Running 2 1h
gateway-5dd689fff4-ft7g7 2/2 Running 1 1h
nats-55494bc6b4-8zjc9 1/1 Running 0 1h
prometheus-68948c5f79-8bgpp 1/1 Running 0 1h
queue-worker-b99df4594-dr2nh 1/1 Running 1 1h
Tras ello, con las credenciales generadas, se puede acceder a la url http://localhost:31112/ui/