I'm in the process of trying to set up a Kubernetes cluster as a home lab for personal use. Resources are a concern for me due to using lightweight hardware for energy savings. I was thinking about using serverless as a way to scale applications up and down as needed.
I'm looking at the frameworks mentioned in this post:
https://winderresearch.com/a-comparison-of-serverless-frameworks-for-kubernetes-openfaas-openwhisk-fission-kubeless-and-more/
I'm trying to pick one of these frameworks.
Which one do you use? Which one would you recommend the most? How easy is it to set up? What kind of guides/resources are there to learn the framework?
Top comments (6)
Hi, I have no experience with serverless frameworks. Do you want to use them because you need Lambdas or because your concern is resources?
It's a little bit of both. I have concern with resource constraints, but I also want to build experience building serverless applications.
I have an experience building bare metal k8s cluster. I wanted my cluster to be fully functional and it wasn't easy to build the first one. I had to deal with ingress-nginx installation to get the Ingress to work.
If I would build a home lab I would take a look at Intel NUC 10
I find helpful using helm to install applications to my k8s clusters.
Also I would install next helm charts:
ingress-nginx
external-dns
cert-manager
After that it would be easy to install openfaas and openwhisk to play with.
As it stands I'm running my k8s cluster using k3s and ingress-nginx.
I like the idea of openwhisk and openfaas because they seem widely supported.
In some of my services, I'm looking to have them accessible via ingress with user authentication protection (keycloak, oidc, oauth2). Would that be possible with any of these frameworks. I know openFaaS has it, but unfortunately oauth2 is behind a pay-wall.
Also, how is intra-service messaging handled? Is there a messaging bus service a-la-kafka or rabbitmq i can use? Do these frameworks have a custom message bus?
You can protect your services with a oauth2_proxy. Take a look at this article.
And I don't know anything about messaging bus in these frameworks.
Probably not the ideal way to protect openfaas, but I managed to set up the gateway using oauth2_proxy as recommended.
Using the helm chart, I had to disable basic authentication and the generation of the authentication password.
I used annotations to configure the ingress routing rules to pass through oauth2_proxy before reaching the openfaas gateway
This setup is demonstrated in the Ansible role I've created within my cluster initialization playbook:
github.com/mikeyGlitz/k3s-home-clu...