How to Run a FaaS Platform On Your Own Terms

FaaS is a higher-level kind of Serverless tech where the smallest deployable unit is a Function.

AWS Lambda, Azure Functions, GCP Cloud Function are all super handy, but what if you can't use them for some reason?

Meet OpenFaaS! 🔽
OpenFaaS is an open-source project that turns a piece of lower-level infra into a high-level FaaS solution.

Sounds too abstract?

Kubernetes cluster + OpenFaaS = FaaS API
Single VM + containerd + OpenFaaS = same FaaS API!

where FaaS API is:
- mgmt. methods
- invoke functions
At a high level, OpenFaaS has a universal architecture that allows it to be installed on almost any kind of infra:

API Gateway (concrete) + FaaS-Provider (abstract)
OpenFaaS on Kuberentes

With Kubernetes FaaS-Provider, you get out of the box:

- High-availability
- Horizontal scaling
- Disaster recovery (the only state is in etcd)
OpenFaaS on a VM with containerd

A lightweight setup designed for cheaper servers and IoT devices (e.g Raspberry Pi).

- Blisteringly fast scaling to zero
- Super quick function cold starts
- x10 functions per server (comparing to K8s)
- systemd manages all long-living processes
I've been evaluating OpenFaaS for my personal projects, both from:

- Developer's standpoint
- Operator's standpoint

And as usual, documented my findings…

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Ivan Velichko

Ivan Velichko Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @iximiuz

30 Oct
How Kubernetes differs from Docker in the way it deals with containers 🔽

Under the hood, Kubernetes and Docker both rely on the same/similar lower-level components to run containers.

Often, both use containerd and runc. However, Kubernetes makes the container runtime pluggable
Even when Kubernetes uses exactly the same container runtime as Docker, the implementation of Pods differs from the implementation of Containers.

Pods are more than just groups of containers. Containers in a pod share net, ipc, and uts namespaces making pods more similar to VMs.
Not all Containers are Linux containers!

OCI Runtime Spec doesn't limit container implementation to namespaces and cgroups. And VM-based containers is a real thing!

Some of the container runtimes supported by Kubernetes (e.g., Kata), launch a micro-VM per Pod.
Read 6 tweets
20 Oct
Computer Networking in Layman's Terms (thread)

L2 - Ethernet
L3 - IP
L4 - TCP

Lots of server-side folks are fluent with L4/L7 concepts. But understanding L2/L3 is often important too!

Especially if you deal with containers, Kubernetes, or DC networking constraints 🔽
Example ✏️

By default, Docker/podman/containerd/etc. use a `bridge` network to interconnect containers on a single host. But what is a Bridge?

In the case of containers, a Bridge is a virtual device. However, it simulates a real-world L2/L3 networking device called a Switch.
A Switch is a multiport device that combines two logical functions: L2 bridging and L3 routing.

Bridging creates an L2 broadcast domain out of connected nodes. A single broadcast domain _usually_ forms an L3 network.

Routing creates an (inter)network out of L3 (sub)networks.
Read 8 tweets
3 Oct
Cloud-Native Learn-by-Doing Platforms (part 2) ✏️

I closely reviewed 10+ platforms providing a hands-on learning experience to study:

- Linux
- Containers
- Orchestration
- other Cloud-Native stuff

My findings (thread) 🔽

#kubernetes #docker #containers #linux #sre #devops
1. A Cloud Guru (acloudguru .com)

A really massive platform for individuals and businesses.

- 360+ courses and 1,600+ hands-on labs
- Clouds: AWS, GCP, etc.
- Tech: Kubernetes, Docker, Serverless

- Servers
- Temporary cloud accounts

2. Developer Sandbox for Red Hat OpenShift (developers.redhat .com/developer-sandbox)

A free platform with a private OpenShift playground:
7 GB RAM, 15GB storage 🔥

Almost no educational content, but combines well with kubebyexample .com.
Read 7 tweets
30 Aug
iptables - a userspace program to configure IP packets filtration and modification rules.

It's a dated but still widely used tool:

- Linux firewall
- Container egress (SNAT) and port publishing (DNAT)
- Kubernetes service discovery
- Service Mesh transparent injection
- etc. 🔽 Image
iptables comes with its own terminology:

- tables
- chains
- rules
- targets
- policies

...that might be challenging to grasp. Here is how I approach it.

1. Come up with a logical model of packet processing inside the Linux kernel. Give meaningful names to stages. Image
2. Understand possible packet paths through the kernel.

Packet from a local process:

Packet to a local process:

Packet forwarded between interfaces:
Read 6 tweets
22 Aug
How to Expose Multiple Containers On the Same Port

First off, why you may need it:

- Load Balancing - more containers mean more capacity
- Redundancy - if one container dies, there won't be downtime
- Single Facade - run multiple apps behind one frontend

Interested? Read on!🔽
Docker doesn't support binding multiple containers to the same host port.

Instead, it suggests using an extra container with a reverse proxy like Nginx, HAProxy, or Traefik.

Here are two ways you can trick Docker and avoid adding the reverse proxy:

2. iptables
Multiple Containers On the Same Port w/o Proxy (I)

1) Use SO_REUSEPORT sockopt for your server sockets
2) Run containers with `--network host` and the same port

SO_REUSEPORT allows binding diff processes to the same port.
--network host puts all containers on one network stack.
Read 8 tweets
21 Aug
Containers are Virtual Machines (controversial thread)

Some mental gymnastics. Bear with me.

Person A comes to Containers with prior VM experience.
Dockerfiles start FROM debian/centos/etc.
docker run/exec feels like SSH-ing sessions into servers.

Containers are VMs!
A container starts in less than a second
A VM takes tens of seconds to start

A bare-metal server can run hundreds of containers
Only a few VMs can coexist on a server

How come?

Person A starts digging into the internals to understand the difference between containers and VMs.
Person A: Aha! Containers are just isolated and restricted Linux processes + OS-level virtualization!

Person A starts sharing the finding with friends and colleagues - seasoned backend devs. Everyone instantly grasps the idea.

Then a Person B comes by. W/o prior VM experience.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!