Share this page!

Maybe Scrolly?
Ivan Velichko Profile picture
Twitter logo
8 Dec, 7 tweets, 3 min read
How to Run a FaaS Platform On Your Own Terms

FaaS is a higher-level kind of Serverless tech where the smallest deployable unit is a Function.

AWS Lambda, Azure Functions, GCP Cloud Function are all super handy, but what if you can't use them for some reason?

Meet OpenFaaS! 🔽
OpenFaaS is an open-source project that turns a piece of lower-level infra into a high-level FaaS solution.

Sounds too abstract?

Kubernetes cluster + OpenFaaS = FaaS API
Single VM + containerd + OpenFaaS = same FaaS API!

where FaaS API is:
- mgmt. methods
- invoke functions
At a high level, OpenFaaS has a universal architecture that allows it to be installed on almost any kind of infra:

API Gateway (concrete) + FaaS-Provider (abstract)
OpenFaaS on Kuberentes

With Kubernetes FaaS-Provider, you get out of the box:

- High-availability
- Horizontal scaling
- Disaster recovery (the only state is in etcd)
OpenFaaS on a VM with containerd

A lightweight setup designed for cheaper servers and IoT devices (e.g Raspberry Pi).

- Blisteringly fast scaling to zero
- Super quick function cold starts
- x10 functions per server (comparing to K8s)
- systemd manages all long-living processes
I've been evaluating OpenFaaS for my personal projects, both from:

- Developer's standpoint
- Operator's standpoint

And as usual, documented my findings
iximiuz.com/en/posts/openf…
@openfaas on GitHub github.com/openfaas/faas

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ivan Velichko

Ivan Velichko Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @iximiuz

Ivan Velichko Profile picture
30 Oct
How Kubernetes differs from Docker in the way it deals with containers 🔽

Under the hood, Kubernetes and Docker both rely on the same/similar lower-level components to run containers.

Often, both use containerd and runc. However, Kubernetes makes the container runtime pluggable
Even when Kubernetes uses exactly the same container runtime as Docker, the implementation of Pods differs from the implementation of Containers.

Pods are more than just groups of containers. Containers in a pod share net, ipc, and uts namespaces making pods more similar to VMs.
Not all Containers are Linux containers!

OCI Runtime Spec doesn't limit container implementation to namespaces and cgroups. And VM-based containers is a real thing!

Some of the container runtimes supported by Kubernetes (e.g., Kata), launch a micro-VM per Pod.
Read 6 tweets
Ivan Velichko Profile picture
20 Oct
Computer Networking in Layman's Terms (thread)

L2 - Ethernet
L3 - IP
L4 - TCP
L7 - HTTP

Lots of server-side folks are fluent with L4/L7 concepts. But understanding L2/L3 is often important too!

Especially if you deal with containers, Kubernetes, or DC networking constraints 🔽
Example ✏️

By default, Docker/podman/containerd/etc. use a `bridge` network to interconnect containers on a single host. But what is a Bridge?

In the case of containers, a Bridge is a virtual device. However, it simulates a real-world L2/L3 networking device called a Switch.
A Switch is a multiport device that combines two logical functions: L2 bridging and L3 routing.

Bridging creates an L2 broadcast domain out of connected nodes. A single broadcast domain _usually_ forms an L3 network.

Routing creates an (inter)network out of L3 (sub)networks.
Read 8 tweets
Ivan Velichko Profile picture
3 Oct
Cloud-Native Learn-by-Doing Platforms (part 2) ✏️

I closely reviewed 10+ platforms providing a hands-on learning experience to study:

- Linux
- Containers
- Orchestration
- other Cloud-Native stuff

My findings (thread) 🔽

#kubernetes #docker #containers #linux #sre #devops
1. A Cloud Guru (acloudguru .com)

A really massive platform for individuals and businesses.

Content:
- 360+ courses and 1,600+ hands-on labs
- Clouds: AWS, GCP, etc.
- Tech: Kubernetes, Docker, Serverless

Playgrounds:
- Servers
- Temporary cloud accounts

Price:
$35-$50/month
2. Developer Sandbox for Red Hat OpenShift (developers.redhat .com/developer-sandbox)

A free platform with a private OpenShift playground:
7 GB RAM, 15GB storage 🔥

Almost no educational content, but combines well with kubebyexample .com.
Read 7 tweets
Ivan Velichko Profile picture
30 Aug
iptables - a userspace program to configure IP packets filtration and modification rules.

It's a dated but still widely used tool:

- Linux firewall
- Container egress (SNAT) and port publishing (DNAT)
- Kubernetes service discovery
- Service Mesh transparent injection
- etc. 🔽 Image
iptables comes with its own terminology:

- tables
- chains
- rules
- targets
- policies

...that might be challenging to grasp. Here is how I approach it.

1. Come up with a logical model of packet processing inside the Linux kernel. Give meaningful names to stages. Image
2. Understand possible packet paths through the kernel.

Packet from a local process:
OUTPUT -> POSTROUTE

Packet to a local process:
PREROUTE -> INPUT

Packet forwarded between interfaces:
PREROUTE -> FORWARD -> POSTROUTE
Read 6 tweets
Ivan Velichko Profile picture
22 Aug
How to Expose Multiple Containers On the Same Port

First off, why you may need it:

- Load Balancing - more containers mean more capacity
- Redundancy - if one container dies, there won't be downtime
- Single Facade - run multiple apps behind one frontend

Interested? Read on!🔽
Docker doesn't support binding multiple containers to the same host port.

Instead, it suggests using an extra container with a reverse proxy like Nginx, HAProxy, or Traefik.

Here are two ways you can trick Docker and avoid adding the reverse proxy:

1. SO_REUSEPORT
2. iptables
Multiple Containers On the Same Port w/o Proxy (I)

1) Use SO_REUSEPORT sockopt for your server sockets
2) Run containers with `--network host` and the same port

SO_REUSEPORT allows binding diff processes to the same port.
--network host puts all containers on one network stack.
Read 8 tweets
Ivan Velichko Profile picture
21 Aug
Containers are Virtual Machines (controversial thread)

Some mental gymnastics. Bear with me.

Person A comes to Containers with prior VM experience.
Dockerfiles start FROM debian/centos/etc.
docker run/exec feels like SSH-ing sessions into servers.

Containers are VMs!
A container starts in less than a second
A VM takes tens of seconds to start

A bare-metal server can run hundreds of containers
Only a few VMs can coexist on a server

How come?

Person A starts digging into the internals to understand the difference between containers and VMs.
Person A: Aha! Containers are just isolated and restricted Linux processes + OS-level virtualization!

Person A starts sharing the finding with friends and colleagues - seasoned backend devs. Everyone instantly grasps the idea.

Then a Person B comes by. W/o prior VM experience.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @iximiuz has new unrolls!

Check out other threads from @iximiuz!

Read all threads by @iximiuz

:(