martindekov/faasd

faasd - serverless with containerd and CNI 🐳

faasd - serverless with containerd and CNI 🐳

faasd is the same OpenFaaS experience and ecosystem, but without Kubernetes. Functions and microservices can be deployed anywhere with reduced overheads whilst retaining the portability of containers and cloud-native tooling.

About faasd

• is a single Golang binary
• can be set-up and left alone to run your applications
• is multi-arch, so works on Intel x86_64 and ARM out the box
• uses the same core components and ecosystem of OpenFaaS

Demo of faasd running in KVM

What does faasd deploy?

• faasd - itself, and its faas-provider for containerd
• Prometheus
• OpenFaaS Gateway & UI
• OpenFaaS queue-worker for NATS
• NATS for asynchronous processing and queues

You'll also need:

• CNI
• containerd
• runc

You can use the standard faas-cli along with pre-packaged functions from the Function Store, or build your own using any OpenFaaS template.

Tutorials

Get started on DigitalOcean or with cloud-init

• Build a Serverless appliance with cloud-init and faasd

Run locally on MacOS, Linux, or Windows with Multipass.run

• Get up and running with your own faasd installation on your Mac/Ubuntu or Windows with cloud-config

Get started on armhf / Raspberry Pi

You can run this tutorial on your Raspberry Pi, or adapt the steps for a regular Linux VM/VPS host.

• faasd - lightweight Serverless for your Raspberry Pi

Using private repos / registries

To use private image repos, ~/.docker/config.json needs to be copied to /var/lib/faasd/.docker/config.json.

If you'd like to set up your own private registry, see this tutorial.

Manual / developer instructions

See here for manual / developer instructions

Backlog

Supported operations

• faas login
• faas up
• faas list
• faas describe
• faas deploy --update=true --replace=false
• faas invoke --async
• faas invoke
• faas rm
• faas store list/deploy/inspect
• faas version
• faas namespace
• faas secret

Scale from and to zero is also supported. On a Dell XPS with a small, pre-pulled image unpausing an existing task took 0.19s and starting a task for a killed function took 0.39s. There may be further optimizations to be gained.

Other operations are pending development in the provider such as:

• faas logs - to stream logs on-demand for a known function
• faas auth - for the OAuth2 and OIDC integration

Todo

Pending:

• Add support for using container images in third-party public registries
• Add support for using container images in private third-party registries
• Monitor and restart any of the core components at runtime if the container stops
• Bundle/package/automate installation of containerd - see bootstrap from k3s
• Provide ufw rules / example for blocking access to everything but a reverse proxy to the gateway container
• Provide simple Caddyfile example in the README showing how to expose the faasd proxy on port 80/443 with TLS

Done:

• Provide a cloud-config.txt file for automated deployments of faasd
• Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway - done via /etc/hosts mount
• Add queue-worker and NATS
• Create faasd.service and faasd-provider.service
• Self-install / create systemd service via faasd install
• Restart containers upon restart of faasd
• Clear / remove containers and tasks with SIGTERM / SIGINT
• Determine armhf/arm64 containers to run for gateway
• Configure basic_auth to protect the OpenFaaS gateway and faasd-provider HTTP API
• Setup custom working directory for faasd /var/lib/faasd/
• Use CNI to create network namespaces and adapters