faasd on Nomad

faasd.nomad

job "faasd_bundle" {
  datacenters = ["dc1"]
  type        = "system"
 
  group "faasd-provider" {
    network {
      port "provider" {
        static = 8081
        to = 8081
      }
    }
    task "faasd_provider" {
      driver = "raw_exec"
      
      config {
        command = "/usr/local/bin/faasd"
        args = ["provider"]
      }
      resources {
        cpu    = 50
        memory = 100
      }
    }
  }

  group "faasd" {

    restart {
      attempts = 100
      delay    = "5s"
      interval = "10m"
      mode     = "delay"
    }

    network {
      mode = "bridge"
      port "gateway" {
        static = 8080
        to = 8080
      }
    }

    service {
      name = "faasd-gateway"
      tags = [ "serverless" ]
      port = "gateway"

      check {
          type = "tcp"
          port = "gateway"
          interval = "5s"
          timeout = "2s"
      }
    }

    task "basic-auth-plugin" {
      driver = "docker"

      config {
        image = "ghcr.io/openfaas/basic-auth:0.20.5"
        ports = ["auth"]
      }

      template {
        data = "password"
        destination = "secrets/basic-auth-password"
      }

      template {
        data = "admin"
        destination = "secrets/basic-auth-user"
      }

      env {
        port = "9000"
        secret_mount_path = "/secrets/"
        user_filename = "basic-auth-user"
        pass_filename = "basic-auth-password"
      }

      resources {
        cpu    = 20
        memory = 30
      }
    }

    task "nats" {
      driver = "docker"
      config {
        image = "docker.io/library/nats-streaming:0.11.2"
        entrypoint = ["/nats-streaming-server"]
        args = [
          "-m",
          "8222",
          "--store=memory",
          "--cluster_id=faas-cluster"
        ]
        ports = ["nats"]
      }
      resources {
        cpu    = 50
        memory = 50
      }
    }

    task "gateway" {
      driver = "docker"
      config {
        image = "ghcr.io/openfaas/gateway:0.20.7"
        ports = ["gateway"]
      }
      template {
        data = "password"
        destination = "secrets/basic-auth-password"
      }
      template {
        data = "admin"
        destination = "secrets/basic-auth-user"
      }
      env {
        basic_auth="true"
        functions_provider_url="http://${attr.unique.network.ip-address}:8081/"
        direct_functions="false"
        read_timeout="60s"
        write_timeout="60s"
        upstream_timeout="65s"
        faas_prometheus_host="localhost"
        faas_prometheus_port="9090"
        faas_nats_address="localhost"
        faas_nats_port="4222"
        auth_proxy_url="http://localhost:9000/validate"
        auth_proxy_pass_body="false"
        secret_mount_path="/secrets"
        scale_from_zero="true"
        function_namespace="openfaas-fn"
      }
      resources {
        cpu    = 50
        memory = 50
      }
    }

    task "queue-worker" {
      driver = "docker"
      config {
        image = "docker.io/openfaas/queue-worker:0.11.2"
      }
      template {
        data = "password"
        destination = "secrets/basic-auth-password"
      }

      template {
        data = "admin"
        destination = "secrets/basic-auth-user"
      }
      env {
        faas_nats_address="localhost"
        faas_nats_port="4222"
        gateway_invoke="true"
        faas_gateway_address="localhost:8080"
        ack_wait="5m5s"
        max_inflight="1"
        write_debug="true"
        basic_auth="true"
        secret_mount_path="/secrets"
      }
      resources {
        cpu    = 50
        memory = 50
      }
    }

    task "prometheus" {
      template {
        change_mode = "noop"
        destination = "local/prometheus.yml"

        data = <<EOH
---
global:
  scrape_interval:     10s
  evaluation_interval: 10s
scrape_configs:
  - job_name: 'prometheus'
    static_configs:
    - targets: ['localhost:9090']

  - job_name: 'gateway'
    static_configs:
    - targets: ['localhost:8082']
EOH
      }

      driver = "docker"

      config {
        image = "prom/prometheus:latest"
        args = [
          "--config.file=/etc/prometheus/prometheus.yml"
        ]

        volumes = [
          "local/prometheus.yml:/etc/prometheus/prometheus.yml",
        ]
      }
    }
  }
}

I want to clarify something... you're installing faasd during the nomad installation/setup, is this correct?
It looks like this is so the faasd_provider task has access to it.
Have you tried downloading it as an artifact first, then executing it? I'm not sure if that's possible because of where it has to be installed, but I thought I'd ask.

Yes, you are right. The faasd binary should be available on the host. I've tried downloading it as an artifact, but that didn't worked well. faasd forks a new process when deploying a function and expects a binary is located at /usr/local/bin/faasd. I wasn't able to put it in that directory when defining it as an artifact, perhaps I was missing something there. Downloading the binary with an "Init Task" could be a workaround.

I also see that you've run this as a system job. Have you tried load balancing deployment of functions? Or, deploying functions to a specific faasd instance?

With this setup I suggest deploying functions to a specific faasd instance. Invoking a function can be done using a loadbalancer, but then you should either deploy the functions an all faad instances, or make the loadbalancer aware of which function is deployed on which instance. I've found a way to do that with consul and fabio, but still need to finetune the solution.

Cheers!