Prerequisites
Registry Credential
When building a function, you’ll need to push your function container image to a container registry like Docker Hub or Quay.io. To do that you’ll need to generate a secret for your container registry first.
You can create this secret by filling in the REGISTRY_SERVER
, REGISTRY_USER
and REGISTRY_PASSWORD
fields, and then run the following command.
REGISTRY_SERVER=https://index.docker.io/v1/
REGISTRY_USER=<your_registry_user>
REGISTRY_PASSWORD=<your_registry_password>
kubectl create secret docker-registry push-secret \
--docker-server=$REGISTRY_SERVER \
--docker-username=$REGISTRY_USER \
--docker-password=$REGISTRY_PASSWORD
Source repository Credential
If your source code is in a private git repository, you’ll need to create a secret containing the private git repo’s username and password:
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: git-repo-secret
annotations:
build.shipwright.io/referenced.secret: "true"
type: kubernetes.io/basic-auth
stringData:
username: <cleartext username>
password: <cleartext password>
EOF
You can then reference this secret in the Function
CR’s spec.build.srcRepo.credentials
apiVersion: core.openfunction.io/v1beta1
kind: Function
metadata:
name: function-sample
spec:
version: "v2.0.0"
image: "openfunctiondev/sample-go-func:v1"
imageCredentials:
name: push-secret
port: 8080 # default to 8080
build:
builder: openfunction/builder-go:latest
env:
FUNC_NAME: "HelloWorld"
FUNC_CLEAR_SOURCE: "true"
srcRepo:
url: "https://github.com/OpenFunction/samples.git"
sourceSubPath: "functions/knative/hello-world-go"
revision: "main"
credentials:
name: git-repo-secret
serving:
template:
containers:
- name: function # DO NOT change this
imagePullPolicy: IfNotPresent
runtime: "knative"
Kafka
Async functions can be triggered by events in message queues like Kafka, here you can find steps to setup a Kafka cluster for demo purpose.
Install strimzi-kafka-operator in the default namespace.
helm repo add strimzi https://strimzi.io/charts/ helm install kafka-operator -n default strimzi/strimzi-kafka-operator
Run the following command to create a Kafka cluster and Kafka Topic in the default namespace. The Kafka and Zookeeper clusters created by this command have a storage type of ephemeral and are demonstrated using emptyDir.
Here we create a 1-replica Kafka server named
<kafka-server>
and a 1-replica topic named<kafka-topic>
with 10 partitionscat <<EOF | kubectl apply -f - apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: name: <kafka-server> namespace: default spec: kafka: version: 3.3.1 replicas: 1 listeners: - name: plain port: 9092 type: internal tls: false - name: tls port: 9093 type: internal tls: true config: offsets.topic.replication.factor: 1 transaction.state.log.replication.factor: 1 transaction.state.log.min.isr: 1 default.replication.factor: 1 min.insync.replicas: 1 inter.broker.protocol.version: "3.1" storage: type: ephemeral zookeeper: replicas: 1 storage: type: ephemeral entityOperator: topicOperator: {} userOperator: {} --- apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaTopic metadata: name: <kafka-topic> namespace: default labels: strimzi.io/cluster: <kafka-server> spec: partitions: 10 replicas: 1 config: cleanup.policy: delete retention.ms: 7200000 segment.bytes: 1073741824 EOF
Run the following command to check Pod status and wait for Kafka and Zookeeper to run and start.
$ kubectl get po NAME READY STATUS RESTARTS AGE <kafka-server>-entity-operator-568957ff84-nmtlw 3/3 Running 0 8m42s <kafka-server>-kafka-0 1/1 Running 0 9m13s <kafka-server>-zookeeper-0 1/1 Running 0 9m46s strimzi-cluster-operator-687fdd6f77-cwmgm 1/1 Running 0 11m
Run the following command to view the metadata for the Kafka cluster.
$ kafkacat -L -b <kafka-server>-kafka-brokers:9092
WasmEdge
Function now supports using WasmEdge
as workload runtime, here you can find steps to setup the WasmEdge
workload runtime in a Kubernetes cluster (with containerd
as the container runtime).
You should run the following steps on all the nodes (or a subset of the nodes that will host the wasm workload) of your cluster.
Step 1 : Installing WasmEdge
The easiest way to install WasmEdge is to run the following command. Your system should have git and curl installed.
wget -qO- https://raw.githubusercontent.com/WasmEdge/WasmEdge/master/utils/install.sh | bash -s -- -p /usr/local
Step 2 : Installing Container runtimes
crun
The crun project has WasmEdge support baked in. For now, the easiest approach is just download the binary and move it to /usr/local/bin/
wget https://github.com/OpenFunction/OpenFunction/releases/latest/download/crun-linux-amd64
mv crun-linux-amd64 /usr/local/bin/crun
If the above approach does not work for you, please refer to build and install a crun binary with WasmEdge support.
Step 3 : Setup CRI runtimes
Option 1: containerd
You can follow this installation guide to install containerd and this setup guide to setup containerd for Kubernetes.
First, edit the configuration /etc/containerd/config.toml
, add the following section to setup crun runtime, make sure the BinaryName equal to your crun binary path
# Add crun runtime here
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun]
runtime_type = "io.containerd.runc.v2"
pod_annotations = ["*.wasm.*", "wasm.*", "module.wasm.image/*", "*.module.wasm.image", "module.wasm.image/variant.*"]
privileged_without_host_devices = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun.options]
BinaryName = "/usr/local/bin/crun"
Next, restart containerd service:
sudo systemctl restart containerd
Option 2: CRI-O
You can follow this installation guide to install CRI-O and this setup guide to setup CRI-O for Kubernetes.
CRI-O uses the runc runtime by default and we need to configure it to use crun instead. That is done by adding to two configuration files.
First, create a /etc/crio/crio.conf
file and add the following lines as its content. It tells CRI-O to use crun by default.
[crio.runtime]
default_runtime = "crun"
The crun runtime is in turn defined in the /etc/crio/crio.conf.d/01-crio-runc.conf
file.
[crio.runtime.runtimes.runc]
runtime_path = "/usr/lib/cri-o-runc/sbin/runc"
runtime_type = "oci"
runtime_root = "/run/runc"
# The above is the original content
# Add crun runtime here
[crio.runtime.runtimes.crun]
runtime_path = "/usr/local/bin/crun"
runtime_type = "oci"
runtime_root = "/run/crun"
Next, restart CRI-O to apply the configuration changes.
systemctl restart crio
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.