Skip to content

Instantly share code, notes, and snippets.

@mrsimpson

mrsimpson/script.md

Last active March 1, 2020 20:00
Show Gist options
  • Save mrsimpson/c968e66ea5553d259542a2b3bfec5e99 to your computer and use it in GitHub Desktop.
Save mrsimpson/c968e66ea5553d259542a2b3bfec5e99 to your computer and use it in GitHub Desktop.
Download ZIP
Setting up OpenFaaS - commands
Raw
script.md

The full story

kubernetes-cluster on Raspberry PI

https://blog.alexellis.io/test-drive-k3s-on-raspberry-pi/

ssh-copy-id -i ~/.ssh/id_rsa.pub pi@<IP> -f

Teardown

sudo /usr/local/bin/k3s-uninstall.sh

k3sup

k3sup install --ip 192.168.13.33 --user pi

Kubernetes Dashboard

arkade install kubernetes-dashboard

Assign permissions to dashboard admin-user

cat <<EOF | kubectl apply -f -
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
---
EOF

Get token for login

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user-token | awk '{print $1}')

Expose Dashboard

locally

kubectl port-forward deployment/kubernetes-dashboard -n kubernetes-dashboard 8443:8443

with an ingress

Didn't get it working. @see this blogpost though.

cat <<EOF | kubectl apply -f -
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  secretName: certificate-dashboard
  dnsNames:
  - dashboard.cluster.yourdomain
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    ingress.kubernetes.io/secure-backends: "true"
    kubernetes.io/ingress.class: traefik
spec:
  tls:
  - secretName: certificate-dashboard
    hosts:
      - dashboard.cluster.yourdomain
  rules:
  - host: dashboard.cluster.yourdomain
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443
---
EOF

Cert-Manager

arkade install cert-manager

OpenFaas

With k3sup:

arkade install openfaas

Using helm chart

kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml

helm repo add openfaas https://openfaas.github.io/faas-netes/

helm repo update \
 && helm upgrade openfaas -f values-armhf.yml --install openfaas/openfaas \
    --namespace openfaas  \
    --set functionNamespace=openfaas-fn \
    --set generateBasicAuth=true \
    --set ingress.enabled=true

Expose dashboard locally

kubectl port-forward -n openfaas svc/gateway-external 31112:8080

Logging in

PASSWORD=$(kubectl get secret -n openfaas basic-auth -o jsonpath="{.data.basic-auth-password}" | base64 --decode )

Accessing the store

faas-cli store list --platform armhf
 faas-cli store deploy figlet --platform armhf
 faas-cli store deploy nodeinfo --platform armhf

Ingress

Installation

Pre-requisite: cert-manager installed. arkade will install it though if not done yet.

arkade install openfaas-ingress -d openfaas.cluster..yourdomain -e email@a.b --ingress-class traefik

Force SSL

kubectl edit ingresses.extensions openfaas-gateway -n openfaas

add annotation ingress.kubernetes.io/ssl-redirect: "true"

Inlets

arkade install inlets-operator --token-file=$HOME/.k3sup/do-access-token -r fra1 -l $LICENSE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment