Skip to content

Instantly share code, notes, and snippets.

@slp

slp/OpenFaaS-libkrun-Fedora33.md

Created February 25, 2021 13:53
Show Gist options
  • Save slp/90a3dc41ad926ad8b79325874e51e216 to your computer and use it in GitHub Desktop.
Save slp/90a3dc41ad926ad8b79325874e51e216 to your computer and use it in GitHub Desktop.
Download ZIP
Installing OpenFaaS with libkrun-based isolation on Fedora 33
Raw
OpenFaaS-libkrun-Fedora33.md

Installing OpenFaaS with libkrun-based isolation on Fedora 33

Setting up the system

Revert to cgroup v1

The version of containerd that OpenFaaS will download during the installation doesn't support cgroup v2, so we need to configure systemd to avoid using the Unified cgroup Hierarchy, and reboot the system:

sudo dnf install -y grubby
sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
sudo systemctl reboot

Install required packages

sudo dnf install -y iptables golang git make perl-Digest-SHA

Install OpenFaaS

Use OpenFaaS automated installation script

git clone https://github.com/slp/faasd
cd faasd
./hack/install.sh

Build and install the patched binary

git checkout faasd-libkrun
make local
sudo mv /usr/local/bin/faasd /usr/local/bin/faasd.bak
sudo cp bin/faasd /usr/local/bin/faasd
sudo systemctl reboot

Install libkrun

Install libkrun and crun-krun packages from COPR

sudo dnf copr enable -y slp/libkrunfw
sudo dnf copr enable -y slp/libkrun
sudo dnf copr enable -y slp/crun-krun
sudo dnf install -y crun-krun

Replace runc with crun-krun

sudo mv /usr/bin/runc /usr/bin/runc.bak
sudo cp /usr/bin/crun-krun /usr/bin/runc

Enable DNS resolution via TCP

libkrun TSI-based networking only supports AF_INET streams at the moment, so we need to do DNS resolution via TCP:

printf '\noptions use-vc' | sudo tee -a /var/lib/faasd/resolv.conf
printf '\noptions use-vc' | sudo tee -a /var/lib/faasd-provider/resolv.conf

Test the installation

sudo cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s
faas-cli store deploy "ASCII Cows"
curl http://127.0.0.1:8080/function/cows
@alexellis
Copy link

To "prove it":

[alex@libkrun-faasd ~]$ faas-cli deploy --name uname --image ghcr.io/openfaas/alpine:latest --fprocess "uname -a"

Deployed. 200 OK.
URL: http://127.0.0.1:8080/function/uname

[alex@libkrun-faasd ~]$ curl http://127.0.0.1:8080/function/uname
Linux (none) 5.10.10 #1 SMP Thu Jan 28 05:39:21 UTC 2021 x86_64 Linux
[alex@libkrun-faasd ~]$ 
[alex@libkrun-faasd ~]$ uname -a
Linux libkrun-faasd 5.8.15-301.fc33.x86_64 #1 SMP Thu Oct 15 16:58:06 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[alex@libkrun-faasd ~]$

ctr exec runs in the same kernel as the host however.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment