Skip to content

Instantly share code, notes, and snippets.

@viveksyngh

viveksyngh/setup-of-cloud-on-swarm.md

Last active September 18, 2018 14:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save viveksyngh/f680f5f7a0328590cd6139152f83db68 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save viveksyngh/f680f5f7a0328590cd6139152f83db68 to your computer and use it in GitHub Desktop.
Download ZIP
Step by Step description to setup OpenFaaS-Cloud on docker swarm.
Raw
setup-of-cloud-on-swarm.md

Deploy OpenFaaS on docker swarm using deploy script.

Use --no-auth if you want to disable basic authentication

./deploy_stack.sh --no-auth

Deploy local docker registry.

docker service rm registry
docker service create --network func_functions \
  --name registry \
  --detach=true -p 5000:5000 registry:latest

Deploy buildkit service

For using root in the container

docker rm -f of-buildkit
docker run -d --net func_functions -d --privileged \
--restart always \
--name of-buildkit alexellis2/buildkit:2018-04-17 --addr tcp://0.0.0.0:1234

For Rootless option

docker rm -f of-buildkit
docker run -d --net func_functions -d --privileged \
--restart always \
--name of-buildkit akihirosuda/buildkit-rootless:20180605 --addr tcp://0.0.0.0:1234

Deploy builder service

docker rm -f of-builder
export TAG=0.4.1
docker service create --network func_functions --name of-builder openfaas/of-builder:$TAG

Create github-webhook-secret secret

docker secret create github-webhook-secret <file_path_to_github_secret>

Create minio secrets

SECRET_KEY=$(head -c 12 /dev/urandom | shasum| cut -d' ' -f1)
ACCESS_KEY=$(head -c 12 /dev/urandom | shasum| cut -d' ' -f1)

echo -n "$SECRET_KEY" | docker secret create s3-secret-key -
echo -n "$ACCESS_KEY" | docker secret create s3-access-key -

Create minio service

docker service rm minio

docker service create --constraint="node.role==manager" \
 --name minio \
 --detach=true --network func_functions \
 --secret s3-access-key \
 --secret s3-secret-key \
 --env MINIO_SECRET_KEY_FILE=s3-secret-key \
 --env MINIO_ACCESS_KEY_FILE=s3-access-key \
minio/minio:latest server /export

Create private-key secret to provide your github app secret

docker secret create private-key <path/to/private-key.pem>

Update the private_key_filename and github_app_id in github.yml

...
   github_app_id: "your_github_app_id"
   private_key_filename: "private_key"
...

Update gateway_config.yml file as below

environment:
  customers_url: "https://raw.githubusercontent.com/openfaas/openfaas-cloud/master/CUSTOMERS"
  gateway_url:  http://gateway:8080/
  gateway_public_url: http://127.0.0.1:8080/
  audit_url: http://gateway:8080/function/audit-event
  repository_url: docker.io/of-community/
  push_repository_url: docker.io/of-community/
  basic_auth: true
  secret_mount_path: /var/openfaas/secrets
  builder_url: http://of-builder:8080/
  s3_url: minio:9000
  s3_region: us-east-1
  s3_tls: false
  s3_bucket: pipeline
  readonly_root_filesystem: true
  scaling_min_limit: 1
  scaling_max_limit: 4
  gateway_pretty_url: "http://user.local.com:8081/function"

# Private repo config
  repository_url: 127.0.0.1:5000
  push_repository_url: registry:5000

Update builder_url variable and environment_file for buildshiprun function in stack.yml

 buildshiprun:
    ...
    environment:
      ...
      builder_url: http://of-builder:8080/
      ...
    environment_file:
      ...
      - buildshiprun_limits_swarm.yml
      ...

Note: Update the prefix for function image names in stack.yml if you wish to push images to you own registry.

If you would like to use docker hub to push function docker images.

Update the gateway_config.yml file as below.

environment:
  customers_url: "https://raw.githubusercontent.com/openfaas/openfaas-cloud/master/CUSTOMERS"
  gateway_url:  http://gateway:8080/
  gateway_public_url: http://127.0.0.1:8080/
  audit_url: http://gateway:8080/function/audit-event
  repository_url: docker.io/<user_id>/
  push_repository_url: docker.io/<user_id>/
  basic_auth: true
  secret_mount_path: /var/openfaas/secrets
  builder_url: http://of-builder:8080/
  s3_url: minio:9000
  s3_region: us-east-1
  s3_tls: false
  s3_bucket: pipeline
  readonly_root_filesystem: true
  scaling_min_limit: 1
  scaling_max_limit: 4
  gateway_pretty_url: "http://user.local.com:8081/function"

Create registry authentication secret

chmod 777 $HOME/.docker/config.json
cat $HOME/.docker/config.json | docker secret create registry-secret -

Deploy of-builder service

export OF_BUILDER_TAG=0.4.2
docker service create --constraint="node.role==manager" \
 --name of-builder \
 --env insecure=false --detach=true --network func_functions \
 --secret src=registry-secret,target="/home/app/.docker/config.json" \
 --env enable_lchown=false \
openfaas/of-builder:$OF_BUILDER_TAG
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment