Use OpenFaaS with AKS enabled by Azure Arc
Applies to: AKS on Azure Stack HCI 22H2, AKS on Windows Server
OpenFaaS is a framework for building serverless functions by using containers. As an open source project, it gained large-scale adoption within the community. This article describes installing and using OpenFaas on a Kubernetes cluster running on AKS enabled by Azure Arc.
Prerequisites
In order to complete the steps in this article, make sure you have the following requirements:
- A basic understanding of Kubernetes.
- A Kubernetes cluster with at least one Linux worker node that's up and running.
- Your local
kubectl
environment is configured to point to your cluster. You can use the Get-AksHciCredential PowerShell command to access your cluster usingkubectl
. - Helm v3 command line and prerequisites are installed.
- You can use Azure CLI to run commands if you prefer Azure CLI to PowerShell.
- Git command-line tools are installed on your system.
- The
OpenFaaS
CLI is installed. For installation options, see the OpenFaaS CLI documentation.
Important
Helm is intended to run on Linux nodes. If your cluster has Windows Server nodes, you must ensure that Helm pods are scheduled to run only on Linux nodes. You must also ensure that any Helm charts you install are scheduled to run on the correct nodes. The commands in this article use node selectors to make sure pods are scheduled to the correct nodes, but not all Helm charts expose a node selector. You can also use other options, such as taints, on your cluster.
Add the OpenFaaS Helm chart repo
With your kubeconfig file available, open your console to start the deployment process. If you're running on Windows, downloading and running Git Bash is the easiest way to follow along. From there, OpenFaaS maintains its own Helm charts to keep up to date with all the latest changes:
helm repo add openfaas https://openfaas.github.io/faas-netes/
helm repo update
Deploy OpenFaaS
As a best practice, OpenFaaS and OpenFaaS functions should be stored in their own Kubernetes namespace.
Create a namespace for the OpenFaaS system and functions:
kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml
Generate a password for the OpenFaaS UI Portal and REST API:
# generate a random password
PASSWORD=$(head -c 12 /dev/urandom | shasum| cut -d' ' -f1)
kubectl -n openfaas create secret generic basic-auth \
--from-literal=basic-auth-user=admin \
--from-literal=basic-auth-password="$PASSWORD"
You can get the value of the secret with echo $PASSWORD
.
The Helm chart uses the password you create here to enable basic authentication on the OpenFaaS Gateway, which is exposed externally through a load balancer.
A Helm chart for OpenFaaS is included in the cloned repository. Use this chart to deploy OpenFaaS on your Kubernetes cluster:
helm upgrade openfaas --install openfaas/openfaas \
--namespace openfaas \
--set basic_auth=true \
--set functionNamespace=openfaas-fn \
--set serviceType=LoadBalancer
Output:
NAME: openfaas
LAST DEPLOYED: Fri May 14 18:35:47 2021
NAMESPACE: openfaas
STATUS: deployed
REVISION: 1
TEST SUITE: None
To verify that OpenFaas started, run the following command:
kubectl --namespace=openfaas get deployments -l "release=openfaas, app=openfaas"
A public IP address is created for accessing the OpenFaaS gateway. To retrieve this IP address, use the kubectl get service command. It can take a minute for the IP address to be assigned to the service:
kubectl get service -l component=gateway --namespace openfaas
Output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gateway ClusterIP 10.110.205.41 <none> 8080/TCP 7m
gateway-external LoadBalancer 10.107.51.110 192.168.0.152 8080:32029/TCP 7m
To test the OpenFaaS system, browse to the external IP address on port 8080 - http://192.168.0.152:8080
in this example. You are prompted to sign in. To retrieve your password, enter echo $PASSWORD
.
Set $OPENFAAS_URL
to the External-IP found in this example.
Sign in with your console. If you run commands in GitBash on Windows, you might need to use faas-cli
instead of ./faas-cli
in the following command:
export OPENFAAS_URL=http://192.168.0.152:8080
echo -n $PASSWORD | ./faas-cli login -g $OPENFAAS_URL -u admin --password-stdin
Create first function
Now that OpenFaaS is operational, create a function using the OpenFaaS portal.
Select Deploy New Function, and search for Figlet. Select the Figlet function, and then click Deploy.
Use curl
to invoke the function. Replace the IP address in the following example with the address of your OpenFaaS gateway.
curl -X POST http://192.168.0.152:8080/function/figlet -d "Hello Azure"
Output:
_ _ _ _ _
| | | | ___| | | ___ / \ _____ _ _ __ ___
| |_| |/ _ \ | |/ _ \ / _ \ |_ / | | | '__/ _ \
| _ | __/ | | (_) | / ___ \ / /| |_| | | | __/
|_| |_|\___|_|_|\___/ /_/ \_\/___|\__,_|_| \___|
Clean up resources
When you deploy a Helm chart, many Kubernetes resources are created. These resources include pods, deployments, and services. To clean up these resources, use the helm uninstall
command, and specify your release name, as found in the previous helm list
command:
helm uninstall openfaas
The following example shows that the release named openfaas was uninstalled:
release "openfaas" uninstalled
Next steps
You can continue to learn with the OpenFaaS workshop through a set of hands-on labs that cover topics such as how to create your own GitHub bot, consuming secrets, viewing metrics, and auto-scaling.