├── .gitignore ├── LICENSE ├── README.md ├── deploy-cluster └── docker-ee │ ├── README.md │ └── terraform.tfvars └── deploy-framework └── docker-ee ├── fn └── README.md ├── gestalt └── README.md ├── nuclio ├── README.md └── nuclio.yaml ├── openfaas └── README.md ├── openwhisk └── README.md └── riff └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | vendor 2 | terraform.tfstate* 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2018 Docker Inc 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Deploying and Benchmarking Open Source Serverless Frameworks 2 | 3 | Since the advent of AWS Lambda in 2014, the function-as-a-service programming paradigm has gained a lot of traction in the cloud community. At first, only large cloud providers such as AWS Lambda, Google Cloud Functions or Azure Functions provided such services with a pay-per-invocation model, but since then interest has increased for developers and entreprises to build their own solutions on an open source model. 4 | 5 | The rise of container orchestrators such as Kubernetes, Docker Swarm or DC/OS has made this process even easier, resulting in a number of competing frameworks in this space. We have identified at least 9 differents frameworks*. In this study, we focus on the following six: [OpenFaaS](https://github.com/openfaas), [nuclio](https://github.com/nuclio/nuclio), [Gestalt](http://www.galacticfog.com/product/), [Riff](https://github.com/projectriff/riff), [Fn](https://github.com/fnproject/fn), [OpenWhisk](https://openwhisk.apache.org/). 6 | 7 | These frameworks vary a lot in feature set, but all have the feature we come know to expect from a FaaS offering in the style of AWS Lambda: 8 | 9 | - The ability to create and modify language-specific scripts with a simple interface in either "inline" (within browser) or packaged form. 10 | - The ability to invoke functions through an HTTP API. 11 | 12 | Finally, all of these frameworks can easily be deploying using Kubernetes. 13 | 14 | In this project, we provide so far guides on how to **deploy** these open source serverless frameworks on kubernetes distributions, starting with Docker EE. 15 | 16 | We wish to develop this repository into a benchmarking tool in collaboration with the various serverless frameworks maintainers and communities in the context of the [CNCF Serverless Working Group](https://github.com/cncf/wg-serverless). 17 | 18 | 19 | *: in addition to the six frameworks above, we have also identified funktion, kubeless, fission.io 20 | 21 | ### Deploying Kubernetes Clusters 22 | 23 | In order to make benchmarking reproduceable and verifiable, we provide instructions on deploying clusters on AWS in the [deploy-cluster](https://github.com/docker/serverlessbenchmark/tree/master/deploy-cluster/docker-ee/README.md) folder. Clusters are configured to have: 24 | 25 | - 1 kubernetes manager using an M4.Xlarge instance 26 | - 2 kubernetes workers using a T2.large instance 27 | - Each machine runs the ubuntu-16.04 operating system 28 | 29 | The instructions may vary according to kubernetes distribution. The only instructions currently available are for Docker EE. 30 | 31 | ### Deploying Serverless Frameworks 32 | 33 | In the [deploy-framework folder](https://github.com/docker/serverlessbenchmark/tree/master/deploy-framework), we provide instructions to deploy each framework for a specific kubernetes distribution. The only instructions available are for Docker EE: 34 | 35 | - [Deploy OpenFaaS on Docker EE](https://github.com/docker/serverlessbenchmark/tree/master/deploy-framework/docker-ee/openfaas) 36 | - [Deploy Fn on Docker EE](https://github.com/docker/serverlessbenchmark/tree/master/deploy-framework/docker-ee/fn) 37 | - [Deploy Riff on Docker EE](https://github.com/docker/serverlessbenchmark/tree/master/deploy-framework/docker-ee/riff) 38 | - [Deploy Gestalt on Docker EE](https://github.com/docker/serverlessbenchmark/tree/master/deploy-framework/docker-ee/gestalt) 39 | - [Deploy OpenWhisk on Docker EE](https://github.com/docker/serverlessbenchmark/tree/master/deploy-framework/docker-ee/openwhisk) 40 | - [Deploy Nuclio on Docker EE](https://github.com/docker/serverlessbenchmark/tree/master/deploy-framework/docker-ee/nuclio) 41 | 42 | ### Deploying Functions 43 | 44 | TBD 45 | 46 | ### Benchmarking Serverless Frameworks 47 | 48 | TBD 49 | 50 | ### Open Source Serverless Frameworks 51 | 52 | Here is the list of the supported open source serverless frameworks. 53 | 54 | - [OpenFaaS](https://github.com/openfaas) 55 | - [Nuclio](https://github.com/nuclio/nuclio) 56 | - [Gestalt](http://www.galacticfog.com/product/) 57 | - [Riff](https://github.com/projectriff/riff) 58 | - [Fn](https://github.com/fnproject/fn) 59 | - [OpenWhisk](https://openwhisk.apache.org/) 60 | 61 | ### Kubernetes Distributions 62 | 63 | For now, the only vendor that is suppported is Docker Entreprise Edition. 64 | 65 | ### Notes 66 | 67 | - The benchmarking component of this repository has not been released yet. 68 | -------------------------------------------------------------------------------- /deploy-cluster/docker-ee/README.md: -------------------------------------------------------------------------------- 1 | # Setup Docker EE cluster for the serverless benchmark 2 | 3 | In this document, we detail how to deploy a Docker EE cluster for the purposes of the serverless benchmark on an AWS account. **NOTE**: the instructions below will deploy a cluster using a trial (1 month) license. 4 | 5 | **Note: following this guide will provision Ec2 machines on your AWS account, for which you will be charged for by AWS.** 6 | 7 | ### Requirements 8 | 9 | - [Terraform](https://www.terraform.io/downloads.html) (version 0.11.7) 10 | - [Ansible](http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) (version 2.5.4) 11 | - An AWS account, an Ec2 KeyPair for an IAM account with the following permissions*: 12 | - EC2 (full access) 13 | - EFS (full access) 14 | - ELB (full access) 15 | - IAM (full access) 16 | - S3 (full access) 17 | - Route 53 (full access) 18 | - A [Docker EE trial subscription](https://success.docker.com/article/how-do-i-get-a-docker-enterprise-edition-trial-subscription) (ubuntu edition). 19 | - Your [Docker EE subscription ID](https://success.docker.com/article/how-do-i-access-my-docker-enterprise-edition-subscription). You can get the id by inspecting the URL shown on the bottom right corner of your subscription page. 20 | 21 | \*: these permissions are likely too permissive, will provide finer grain access requirements soon. 22 | 23 | ### Deploying the cluster 24 | 25 | Download the [Docker Certified Infrastructure for AWS](https://success.docker.com/article/certified-infrastructures-aws) (version 1.0.0) and place the `aws-v1.0.0.tar.gz` file in the `frameworks/cluster-setup/docker-ee` directory. 26 | 27 | ``` 28 | tar -zxvf aws-v1.0.0.tar.gz 29 | cp terraform.tfvars aws-v1.0.0/ 30 | cd aws-v1.0.0 31 | ``` 32 | 33 | Now edit the `terraform.tfvars` file inside the `aws-v1.0.0` directory with your AWS credentials and Ec2 Key-Pair. 34 | 35 | Now create the `inventory/extra-vars` file and include the following: 36 | 37 | ``` 38 | [all:vars] 39 | docker_dtr_image_repository=docker 40 | docker_dtr_version=2.5.2 41 | docker_ucp_image_repository=docker 42 | docker_ucp_version=3.0.1 43 | docker_ee_release_channel=stable 44 | docker_ee_version=17.06 45 | docker_ee_package_version=3:17.06.2~ee~11~3-0~ubuntu 46 | docker_ee_package_version_win=17.06.2-ee-10 47 | docker_ee_subscriptions_ubuntu= 48 | ``` 49 | 50 | Do the following inside the `aws-v1.0.0` directory. 51 | 52 | ``` 53 | terraform init 54 | terraform apply -auto-approve 55 | ansible-playbook --private-key=~/.ssh/private_key install.yml 56 | ``` 57 | 58 | Finally, configure the Docker EE cluster for the purposes of the serverless benchmark: 59 | 60 | - Using [this guide](https://docs.docker.com/ee/ucp/admin/configure/set-orchestrator-type/), set the orchestrator type of all worker nodes to Kubernetes. 61 | - Under admin > Admin Settings > Scheduler, uncheck all boxes under Container Scheduling. 62 | 63 | ### Deleting the cluster 64 | 65 | ``` 66 | terraform destroy -force 67 | ``` 68 | 69 | ### Notes 70 | 71 | - This deployment creates a node running Docker Trusted Registry, which isn't necessary for the benchmarking purposes, but is created nonetheless by the Docker Certified Infrastructure scripts. It is fine to shut it down / remove it from the cluster. 72 | 73 | ### TODO 74 | 75 | - Update these instructions to use Docker Certified Infrastructure for AWS (version 2.0.0) as soon as it is available. This is required to allow kubernetes to provision AWS resources and create deployments without DTR. 76 | - Remove the requirement for a DTR node, it isn't necessary. 77 | -------------------------------------------------------------------------------- /deploy-cluster/docker-ee/terraform.tfvars: -------------------------------------------------------------------------------- 1 | # Docker EE Cluster Topology 2 | #################################### 3 | linux_ucp_manager_count = 1 4 | linux_ucp_worker_count = 2 5 | linux_dtr_count = 1 6 | windows_ucp_worker_count = 0 7 | deployment = "serverless-bench-" # VM/Hostname prefix string. Prepended to all resources. 8 | # Docker EE Configuration 9 | #################################### 10 | ansible_inventory = "inventory/1.hosts" 11 | ucp_license_path = "./docker_subscription.lic" 12 | ucp_admin_password = "" # If unset, check $ansible_inventory for generated value 13 | 14 | # AWS Credentials 15 | ################################### 16 | # Nota Bene: you need to have ~/.aws/credentials in place 17 | region = "us-west-2" # The region to deploy (e.g. us-east-2) 18 | key_name = "" # (a short string identifying your AWS Ec2 KeyPair, e.g. "alice") 19 | # Make sure this key has no password to enable automatic retrieval of Windows instance passwords. 20 | private_key_path = "" # The path to the private key corresponding to key_name 21 | 22 | # AWS AMIs for Docker EE 23 | ################################### 24 | # Linux instances will use the newest AMI matching this pattern 25 | # Windows instances will use the newest AMI matching this pattern 26 | # VM Credentials and Domains 27 | #################################### 28 | #windows_user = "Administrator" 29 | #windows_admin_password = "" 30 | # Docker EE VM Settings 31 | #################################### 32 | #See instances.auto.tfvars to change Instance Types 33 | #linux_manager_volume_size = 100 34 | #linux_worker_volume_size = 20 35 | #windows_worker_volume_size = 100 36 | #dtr_instance_volume_size = 100 37 | # Docker EE Uninstallation 38 | #################################### 39 | #linux_ucp_uninstall_command = "" 40 | #windows_ucp_uninstall_command = "" 41 | #linux_dtr_uninstall_command = "" 42 | # Load balancer DNS names 43 | #################################### 44 | #docker_ucp_lb = "ucp.example.com" 45 | #docker_dtr_lb = "dtr.example.com" 46 | # AWS Configuration Options 47 | ################################### 48 | # VPC configuration 49 | # By default, a new VPC will be created with all appropriate routes and subnets. 50 | # However, if you wish to use a pre-existing VPC then: 51 | # 1. Set the existing VPC ID here 52 | # 2. Allocate a block of IP addresses within, as vpc_cidr. 53 | # Terraform will create one subnet within this block for each availablility zone. 54 | # This will take up a further 4 bits in the address, so vpc_cidr can't be larger than a /22. 55 | # After running terraform, you'll need to associate the new subsets with some routing 56 | # table and ensure that they have Internet access. 57 | #vpc_id = "vpc-0417d63da5aeb8ed6" 58 | #vpc_cidr = "10.0.16.0/20" 59 | #efs_supported = 1 # 1 if the region supports EFS (0 if not) 60 | # OPTIONAL: Database VM 61 | #################################### 62 | #linux_database_count = 0 63 | #windows_database_count = 0 64 | # OPTIONAL: Build VM 65 | #################################### 66 | #linux_build_server_count = 0 67 | #windows_build_server_count = 0 68 | linux_user = "ubuntu" 69 | efs_supported = 0 70 | linux_ami_owner = "099720109477" 71 | linux_ami_name = "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180109" 72 | # windows_ami_owner = "" 73 | # windows_ami_name = "" # Was using ami-8f5366ea, which doesn't appear to exist 74 | -------------------------------------------------------------------------------- /deploy-framework/docker-ee/fn/README.md: -------------------------------------------------------------------------------- 1 | # Fn Platform 2 | 3 | **In this file, we detail how to deploy [Fn](https://github.com/fnproject/fn) for the serverless benchmark on Docker EE.** 4 | 5 | ## Requirements 6 | 7 | - [Docker CLI](https://www.docker.com/get-docker) 8 | - A Docker EE cluster with admin credentials (see [here]() for how to install one) 9 | - A configured [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (follow [this guide](https://docs.docker.com/ee/ucp/user-access/kubectl/) to configure it on your cluster) 10 | 11 | ## Download installer 12 | 13 | ``` 14 | git clone https://github.com/jtestard/fn-helm.git 15 | cd fn-helm 16 | ``` 17 | 18 | ## Deploy Fn 19 | 20 | See the README.md file of the fn-helm repo. Some notes: 21 | 22 | - Remember that fn is a Kubernetes-only product, therefore your Docker EE cluster requires worker nodes configured with Kubernetes as their orchestrator. 23 | 24 | ## Removing Fn 25 | 26 | See the README.md file of the fn-helm repo. 27 | -------------------------------------------------------------------------------- /deploy-framework/docker-ee/gestalt/README.md: -------------------------------------------------------------------------------- 1 | # Gestalt Platform 2 | 3 | **In this file, we detail how to deploy Gestalt for the serverless benchmark on Docker EE.** 4 | 5 | ## Requirements 6 | 7 | - [Docker CLI](https://www.docker.com/get-docker) 8 | - A Docker EE cluster with admin credentials (see [here]() for how to install one) 9 | - A configured [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (follow [this guide](https://docs.docker.com/ee/ucp/user-access/kubectl/) to configure it on your cluster) 10 | 11 | ## Download installer 12 | 13 | ``` 14 | git clone https://github.com/jtestard/gestalt-k8s-install.git 15 | cd gestalt-k8s-install 16 | git checkout docker-ee-changes 17 | ``` 18 | 19 | ## Deploy Gestalt 20 | 21 | See the `/docs/readme_docker_ee.md` file of the installer repo. Some notes: 22 | 23 | - Remember that gestalt is a Kubernetes-only product, therefore your Docker EE cluster requires worker nodes configured with Kubernetes as their orchestrator. 24 | 25 | ## Removing Gestalt 26 | 27 | See the README.md file of the installer repo. 28 | -------------------------------------------------------------------------------- /deploy-framework/docker-ee/nuclio/README.md: -------------------------------------------------------------------------------- 1 | # Nuclio Platform 2 | 3 | **In this file, we detail how to deploy [Nuclio](https://nuclio.io/) for the serverless benchmark on Docker EE.** 4 | 5 | ## Requirements 6 | 7 | - [Docker CLI](https://www.docker.com/get-docker) 8 | - A Docker EE cluster with admin credentials (see [here]() for how to install one) 9 | - A configured [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (follow [this guide](https://docs.docker.com/ee/ucp/user-access/kubectl/) to configure it on your cluster) 10 | 11 | ## Deploy Nuclio 12 | 13 | Instructions shown here are largely inspired from [nuclio's own instructions](https://nuclio.io/docs/latest/setup/k8s/getting-started-k8s/). 14 | 15 | Create the namespace and docker hub credentials: 16 | 17 | ``` 18 | kubectl create namespace nuclio 19 | kubectl create secret docker-registry registry-credentials --namespace nuclio \ 20 | --docker-username $username \ 21 | --docker-password $mypassword \ 22 | --docker-server registry.hub.docker.com \ 23 | --docker-email ignored@nuclio.io 24 | ``` 25 | 26 | Grant the following Docker EE permissions by using this [guide](https://docs.docker.com/ee/ucp/authorization/grant-permissions/): 27 | 28 | | Namespace | Service Account | Role | Resource Set | 29 | |------------- |----------------- |-------------------- |---------------------- | 30 | | default | default | Restricted Control | kubernetesnamespaces | 31 | | nuclio | default | Full Control | kubernetesnamespaces | 32 | 33 | ``` 34 | kubectl apply -f nuclio.yaml 35 | ``` 36 | 37 | ## TODO 38 | 39 | - Add support for service of type LoadBalancer for benchmarking purposes. 40 | -------------------------------------------------------------------------------- /deploy-framework/docker-ee/nuclio/nuclio.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2017 The Nuclio Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | 17 | # Define a "function" custom resource definition - extending the k8s API to allow management of "function" resources 18 | apiVersion: apiextensions.k8s.io/v1beta1 19 | description: Function resource 20 | kind: CustomResourceDefinition 21 | metadata: 22 | name: functions.nuclio.io 23 | spec: 24 | group: nuclio.io 25 | names: 26 | kind: Function 27 | plural: functions 28 | singular: function 29 | scope: Namespaced 30 | version: v1beta1 31 | 32 | --- 33 | 34 | # Define a "project" custom resource definition - extending the k8s API to allow management of "project" resources 35 | apiVersion: apiextensions.k8s.io/v1beta1 36 | description: Project resource 37 | kind: CustomResourceDefinition 38 | metadata: 39 | name: projects.nuclio.io 40 | spec: 41 | group: nuclio.io 42 | names: 43 | kind: Project 44 | plural: projects 45 | singular: project 46 | scope: Namespaced 47 | version: v1beta1 48 | 49 | --- 50 | 51 | # Define a "functionevent" custom resource definition - extending the k8s API to allow management of "functionevent" resources 52 | apiVersion: apiextensions.k8s.io/v1beta1 53 | description: Function event resource 54 | kind: CustomResourceDefinition 55 | metadata: 56 | name: functionevents.nuclio.io 57 | spec: 58 | group: nuclio.io 59 | names: 60 | kind: FunctionEvent 61 | plural: functionevents 62 | singular: functionevent 63 | scope: Namespaced 64 | version: v1beta1 65 | 66 | --- 67 | 68 | # The nuclio controller listens for changes on the function CRD and creates the proper deployment, service, etc 69 | # for the function 70 | apiVersion: apps/v1beta1 71 | kind: Deployment 72 | metadata: 73 | name: nuclio-controller 74 | namespace: nuclio 75 | spec: 76 | replicas: 1 77 | template: 78 | metadata: 79 | labels: 80 | nuclio.io/env: test 81 | nuclio.io/app: controller 82 | nuclio.io/class: service 83 | annotations: 84 | nuclio.io/version: 0.5.2 85 | spec: 86 | containers: 87 | - name: nuclio-controller 88 | image: nuclio/controller:0.5.2-amd64 89 | env: 90 | - name: NUCLIO_CONTROLLER_IMAGE_PULL_SECRETS 91 | value: registry-credentials 92 | 93 | --- 94 | 95 | # The nuclio playground is an ephemeral UI to try out functions. It is insecure in nature - a fully fledged UI 96 | # is in the works 97 | apiVersion: apps/v1beta1 98 | kind: Deployment 99 | metadata: 100 | name: nuclio-playground 101 | namespace: nuclio 102 | spec: 103 | replicas: 1 104 | template: 105 | metadata: 106 | labels: 107 | nuclio.io/env: test 108 | nuclio.io/app: playground 109 | nuclio.io/class: service 110 | annotations: 111 | nuclio.io/version: 0.5.2 112 | spec: 113 | containers: 114 | - name: nuclio-playground 115 | image: nuclio/playground:0.5.2-amd64 116 | ports: 117 | - containerPort: 8070 118 | volumeMounts: 119 | - mountPath: /var/run/docker.sock 120 | name: docker-sock 121 | - name: registry-credentials 122 | mountPath: "/etc/nuclio/playground/registry-credentials" 123 | readOnly: true 124 | volumes: 125 | - name: docker-sock 126 | hostPath: 127 | path: /var/run/docker.sock 128 | - name: registry-credentials 129 | secret: 130 | secretName: registry-credentials 131 | optional: true 132 | --- 133 | apiVersion: v1 134 | kind: Service 135 | metadata: 136 | name: nuclio-playground 137 | namespace: nuclio 138 | spec: 139 | selector: 140 | nuclio.io/app: playground 141 | ports: 142 | - name: admin 143 | port: 8070 144 | protocol: TCP 145 | 146 | --- 147 | 148 | # The nuclio dashboard is a WIP replacement for the playground 149 | apiVersion: apps/v1beta1 150 | kind: Deployment 151 | metadata: 152 | name: nuclio-dashboard 153 | namespace: nuclio 154 | spec: 155 | replicas: 1 156 | template: 157 | metadata: 158 | labels: 159 | nuclio.io/env: test 160 | nuclio.io/app: dashboard 161 | nuclio.io/class: service 162 | annotations: 163 | nuclio.io/version: 0.5.2 164 | spec: 165 | containers: 166 | - name: nuclio-dashboard 167 | image: nuclio/dashboard:0.5.2-amd64 168 | ports: 169 | - containerPort: 8070 170 | volumeMounts: 171 | - mountPath: /var/run/docker.sock 172 | name: docker-sock 173 | - name: registry-credentials 174 | mountPath: "/etc/nuclio/dashboard/registry-credentials" 175 | readOnly: true 176 | volumes: 177 | - name: docker-sock 178 | hostPath: 179 | path: /var/run/docker.sock 180 | - name: registry-credentials 181 | secret: 182 | secretName: registry-credentials 183 | optional: true 184 | --- 185 | apiVersion: v1 186 | kind: Service 187 | metadata: 188 | name: nuclio-dashboard 189 | namespace: nuclio 190 | spec: 191 | type: NodePort 192 | selector: 193 | nuclio.io/app: dashboard 194 | ports: 195 | - name: admin 196 | port: 8070 197 | protocol: TCP 198 | -------------------------------------------------------------------------------- /deploy-framework/docker-ee/openfaas/README.md: -------------------------------------------------------------------------------- 1 | # OpenFaaS - Serverless Functions Made Simple 2 | 3 | **In this file, we detail how to deploy OpenFaaS for the serverless benchmark on Docker EE.** 4 | 5 | ## Requirements 6 | 7 | - [Docker CLI](https://www.docker.com/get-docker) 8 | - A Docker EE cluster with admin credentials (see [here]() for how to install one) 9 | - A configured [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (follow [this guide](https://docs.docker.com/ee/ucp/user-access/kubectl/) to configure it on your cluster) 10 | 11 | ## Deploy OpenFaaS 12 | 13 | --- 14 | 15 | You can create a separate namespace for OpenFaaS core services and functions: 16 | 17 | ``` 18 | kubectl apply -f https://raw.githubusercontent.com/openfaas/faas-netes/master/namespaces.yml 19 | ``` 20 | 21 | Grant the following Docker EE permissions by using this [guide](https://docs.docker.com/ee/ucp/authorization/grant-permissions/): 22 | 23 | | Namespace | Service Account | Role | Resource Set | 24 | |------------- |----------------- |-------------------- |---------------------- | 25 | | openfaas | default | Full Control | kubernetesnamespaces | 26 | | openfaas-fn | default | Full Control | kubernetesnamespaces | 27 | | kube-system | default | Full Control | kubernetesnamespaces | 28 | 29 | To select the `kubernetesnamespaces` resource set, on the Create Grant page under the Resource Sets tab, select the **namespaces** type and toggle 30 | "Apply Grant to all existing and new namespaces". 31 | 32 | ``` 33 | helm init 34 | ``` 35 | 36 | This is will initialize the Tiller component. Before continuing, wait until the output of `helm version` includes a server version in addition to the client's. 37 | 38 | ``` 39 | git clone https://github.com/openfaas/faas-netes.git 40 | cd faas-netes/chart/openfaas 41 | ``` 42 | 43 | The default NodePorts used by OpenFaaS are in a range not valid for Docker EE. The commands below will change those port values. 44 | 45 | ``` 46 | sed -i '' s/"nodePort: 31112"/"nodePort: 33000"/g ./values.yaml 47 | ``` 48 | 49 | Finally this will install openfaas: 50 | 51 | ``` 52 | helm install . --name openfaas \ 53 | --namespace openfaas \ 54 | --set rbac=false \ 55 | --set functionNamespace=openfaas-fn 56 | ``` 57 | 58 | With these instructions, NodePort services will be created for the API Gateway. 59 | 60 | Finally, an extra grant is required to actually deploy functions: 61 | 62 | | Namespace | Service Account | Role | Resource Set | 63 | |------------- |----------------- |-------------------- |---------------------- | 64 | | openfaas | faas-controller | Full Control | openfaas-fn | 65 | 66 | 67 | ## Removing the OpenFaaS 68 | 69 | All control plane components can be cleaned up with helm: 70 | 71 | ``` 72 | helm delete --purge openfaas 73 | ``` 74 | 75 | ## TODO 76 | 77 | - Once Docker Certified Infrastructure 2.0.0 becomes available, change these instructions to use an ingress load balancer instead. 78 | -------------------------------------------------------------------------------- /deploy-framework/docker-ee/openwhisk/README.md: -------------------------------------------------------------------------------- 1 | # OpenWhisk 2 | 3 | **In this file, we detail how to deploy [OpenWhisk](https://nuclio.io/) for the serverless benchmark on Docker EE.** 4 | 5 | ## Requirements 6 | 7 | - [Docker CLI](https://www.docker.com/get-docker) 8 | - A Docker EE cluster with admin credentials (see [here]() for how to install one) 9 | - A configured [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (follow [this guide](https://docs.docker.com/ee/ucp/user-access/kubectl/) to configure it on your cluster) 10 | 11 | ## Download installer 12 | 13 | ``` 14 | git clone https://github.com/jtestard/incubator-openwhisk-deploy-kube.git 15 | cd incubator-openwhisk-deploy-kube.git 16 | ``` 17 | 18 | ## Deploy Openwhisk 19 | 20 | See the README.md file of the incubator-openwhisk-deploy-kube repo. Some notes: 21 | 22 | - Remember that OpenWhisk is a Kubernetes product, therefore your Docker EE cluster requires worker nodes configured with Kubernetes as their orchestrator. 23 | 24 | ## Removing Fn 25 | 26 | See the README.md file of the incubator-openwhisk-deploy-kube repo. 27 | -------------------------------------------------------------------------------- /deploy-framework/docker-ee/riff/README.md: -------------------------------------------------------------------------------- 1 | # Riff Platform 2 | 3 | **In this file, we detail how to deploy [Riff](https://github.com/projectriff/riff) for the serverless benchmark on Docker EE.** 4 | 5 | ## Requirements 6 | 7 | - [Docker CLI](https://www.docker.com/get-docker) 8 | - A Docker EE cluster with admin credentials (see [here]() for how to install one) 9 | - A configured [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (follow [this guide](https://docs.docker.com/ee/ucp/user-access/kubectl/) to configure it on your cluster) 10 | - [Riff CLI](https://github.com/projectriff/riff/tree/master/riff-cli) 11 | 12 | ## Deploy Riff 13 | 14 | Start by initializing helm: 15 | 16 | ``` 17 | helm init 18 | ``` 19 | 20 | Download the riff repo through helm: 21 | 22 | ``` 23 | helm repo add riffrepo https://riff-charts.storage.googleapis.com 24 | helm repo update 25 | helm search riff -l 26 | ``` 27 | 28 | Add the `riff-system` namespace: 29 | 30 | ``` 31 | kubectl create namespace riff-system 32 | ``` 33 | 34 | Grant the following Docker EE permissions by using this [guide](https://docs.docker.com/ee/ucp/authorization/grant-permissions/): 35 | 36 | | Namespace | Service Account | Role | Resource Set | 37 | |------------- |----------------- |-------------------- |---------------------- | 38 | | default | default | Restricted Control | kubernetesnamespaces | 39 | | riff-system | default | Restricted Control | kubernetesnamespaces | 40 | | kube-system | default | Full Control | kubernetesnamespaces | 41 | 42 | To select the `kubernetesnamespaces` resource set, on the Create Grant page under the Resource Sets tab, select the **namespaces** type and toggle 43 | "Apply Grant to all existing and new namespaces". 44 | 45 | ``` 46 | helm install --name transport --namespace riff-system riffrepo/kafka 47 | helm install riffrepo/riff --version 0.0.5 --name demo --set rbac.create=false --set httpGateway.service.type=NodePort 48 | ``` 49 | 50 | Now that the repo is installed, apply the following grant 51 | 52 | | Namespace | Service Account | Role | Resource Set | 53 | |------------- |----------------- |-------------------- |---------------------- | 54 | | default | demo-riff | Restricted Control | kubernetesnamespaces | 55 | 56 | ## Install Riff Invokers 57 | 58 | Riff invokers are required to deploy functions with Riff. They can be installed after the CLI is. 59 | 60 | ``` 61 | riff invokers apply -f https://github.com/projectriff/command-function-invoker/raw/v0.0.6/command-invoker.yaml 62 | riff invokers apply -f https://github.com/projectriff/go-function-invoker/raw/v0.0.3/go-invoker.yaml 63 | riff invokers apply -f https://github.com/projectriff/java-function-invoker/raw/v0.0.7/java-invoker.yaml 64 | riff invokers apply -f https://github.com/projectriff/node-function-invoker/raw/v0.0.8/node-invoker.yaml 65 | riff invokers apply -f https://github.com/projectriff/python3-function-invoker/raw/v0.0.6/python3-invoker.yaml 66 | ``` 67 | 68 | ## Notes 69 | 70 | - Remember that gestalt is a Kubernetes-only product, therefore your Docker EE cluster requires worker nodes configured with Kubernetes as their orchestrator. 71 | - Update instructions to use an ingress and a service of type LoadBalancer. 72 | --------------------------------------------------------------------------------