![\"\"](\"http:\/\/www.appservgrid.com\/paw93\/wp-content\/uploads\/2019\/03\/opensh-300x138.jpg\")
<\/p>\n<\/p>\n
In this tutorial we will install\u00a0OpenShift<\/a>\u00a0in a container using a new tool called\u00a0footloose<\/a>\u00a0by\u00a0Weaveworks<\/a>.<\/p>\n Footloose is a tool built by Weaveworks which builds and runs a container with systemd installed. It can be created in a similar way to a VM but without the overheads.<\/p><\/blockquote>\n I wrote this tutorial because I wanted a light-weight environment for testing the\u00a0OpenFaaS project<\/a>\u00a0on OpenShift Origin 3.10. An alternative distribution for testing is\u00a0Minishift<\/a>\u00a0which also allows you to run OpenShift locally, but in a much more heavy-weight VM.<\/p>\n You can use a Linux machine or MacOS host for this tutorial. ARM and Raspberry Pi are not supported.<\/p>\n Follow the instructions on the official website:<\/p>\n https:\/\/github.com\/weaveworks\/footloose<\/a><\/p>\n footloose.yaml<\/em><\/p>\n Note the additional ports 8443 and 53 used by OpenShift Origin and then 80 and 443 are bound for exposing your projects.<\/p>\n If you already have services bound to 80\/443 then you can comment out these lines.<\/p>\n Instructions from:\u00a0docker.com<\/a><\/p><\/blockquote>\n Find the subnet:<\/p>\n Find the latest URL from:\u00a0https:\/\/www.okd.io\/download.html<\/a><\/p>\n This will take a few minutes<\/p>\n If you see an error \/ timeout at\u00a0 When done you’ll see this output:<\/p>\n You can now install the\u00a0 Let’s install\u00a0OpenFaaS<\/a>\u00a0which makes Serverless Functions Simple through the user of Docker images and Kubernetes. OpenShift is effectively a distribution of Kubernetes, so with some testing and tweaking everything should work almost out of the box.<\/p>\n OpenFaaS supports microservices, functions, scale to zero, source to URL and much more. Today we’ll try out one of the sample functions from the Function Store to check when an SSL certificate will expire.<\/p>\n Now let’s create a route for the gateway:<\/p>\n Add an entry to \/etc\/hosts<\/p>\n Access the OpenFaaS UI at:\u00a0https:\/\/footloose-gateway.com\/<\/a><\/p>\n Once the function shows Ready in the OpenFaaS UI invoke it:<\/p>\n You can grant your “developer” user access to see the openfaas \/ openfaas-fn projects through the following command:<\/p>\n Here we are inspecting the Pod created by OpenFaaS for the certinfo function:<\/p>\n If you want to remove the OpenShift cluster you can run:\u00a0 We’ve installed a functional OpenShift Origin cluster into a container and run it on a machine where the only requirement is to have Docker present. It should have taken us around 5 minutes. Once complete we deployed a production-grade application and were able to test workloads.<\/p>\n Whether you use\u00a0minishift<\/a>,\u00a0Vagrant – tutorial by Liz Rice<\/a>\u00a0or footloose using this tutorial, testing your application on OpenShift hasn’t been easier than this.<\/p>\n I want to give acknowledgements to\u00a0Dale Bingham<\/a>\u00a0from Spalding Consulting and Michael Schendel from DESI for helping test and port OpenFaaS to OpenShift. This mainly involved a\u00a0small patch<\/a>\u00a0to add an emptyDir volume for Prometheus.<\/p>\n I’ll continue to work with Dale, Michael to create a\u00a0dedicated documentation page<\/a>\u00a0for installing OpenShift on OpenFaaS. We’ll also be testing the\u00a0helm chart<\/a>and all other OpenFaaS features on OpenShift Origin such as scale-to-zero and if there is interest – OpenFaaS Cloud.<\/p>\n Note: when using the helm chart authentication is enabled by default – just run\u00a0 Damien<\/a>\u00a0the author of Footloose is looking into how the Footloose tool could be used with a script or provisioning file to carry out all the steps of this tutorial in one single step. If you’d like to help him checkout his project at:\u00a0https:\/\/github.com\/weaveworks\/footloose<\/a><\/p>\n If you’re an OpenShift user, expert or just want to help out. Please\u00a0join us on Slack<\/a>.<\/p>\nInstall Footloose<\/h2>\n
\n
\n
cluster:\r\n name: cluster\r\n privateKey: cluster-key\r\nmachines:\r\n- count: 1\r\n spec:\r\n image: quay.io\/footloose\/centos7:0.3.0\r\n name: os%d\r\n privileged: true\r\n portMappings:\r\n - containerPort: 22\r\n - containerPort: 8443\r\n hostPort: 8443\r\n - containerPort: 53\r\n hostPort: 53\r\n - containerPort: 443\r\n hostPort: 443\r\n - containerPort: 80\r\n hostPort: 80\r\n volumes:\r\n - type: volume\r\n destination: \/var\/lib\/docker\r\n<\/code><\/pre>\n\n
footloose create\r\n<\/code><\/pre>\n\n
footloose ssh root@os0\r\n<\/code><\/pre>\nConfigure Docker<\/h3>\n
\n
yum check-update\r\ncurl -fsSL https:\/\/get.docker.com\/ | sh\r\n<\/code><\/pre>\n\n
# ifconfig eth0\r\neth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500\r\n inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255\r\n<\/code><\/pre>\n\n
\/etc\/docker\/daemon.json<\/code><\/li>\n<\/ul>\nmkdir -p \/etc\/docker\r\n\r\ncat > \/etc\/docker\/daemon.json <<EOF\r\n{\r\n \"insecure-registries\": [\r\n \"172.17.0.0\/16\"\r\n ]\r\n}\r\nEOF\r\n<\/code><\/pre>\n\n
systemctl daemon-reload \\\r\n && systemctl enable docker \\\r\n && systemctl start docker\r\n<\/code><\/pre>\nInstall OpenShift<\/h2>\n
\n
wget https:\/\/github.com\/openshift\/origin\/releases\/download\/v3.11.0\/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz \\\r\n && tar -xvf openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz \\\r\n && rm -rf openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz \\\r\n && mv open* openshift\r\n<\/code><\/pre>\n\n
oc<\/code>\u00a0available via\u00a0PATH<\/code><\/li>\n<\/ul>\nexport PATH=$PATH:`pwd`\/openshift\r\n<\/code><\/pre>\n\n
docker login\r\n<\/code><\/pre>\n\n
oc cluster up --skip-registry-check=true\r\n<\/code><\/pre>\nrun_self_hosted.go:181] Waiting for the kube-apiserver to be ready<\/code>then run the command again until it passes.<\/p>\n\r\nLogin to server ...\r\nCreating initial project \"myproject\" ...\r\n\r\nServer Information ...\r\nOpenShift server started.\r\n\r\nThe server is accessible via web console at:\r\n https:\/\/127.0.0.1:8443\r\n\r\nYou are logged in as:\r\n User: developer\r\n Password: <any value>\r\n\r\nTo login as administrator:\r\n oc login -u system:admin\r\n<\/code><\/pre>\noc<\/code>\u00a0tool on your host machine or access the portal through\u00a0https:\/\/127.0.0.1:8443<\/code>\u00a0on the host.<\/p>\n![\"portal\"](\"https:\/\/blog.alexellis.io\/content\/images\/2019\/03\/portal.png\")
<\/p>\nTest your OpenShift cluster<\/h2>\n
\n
oc login -u system:admin\r\n\r\noc adm new-project openfaas\r\noc adm new-project openfaas-fn\r\n\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/alertmanager-cfg.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/alertmanager-dep.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/alertmanager-svc.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/gateway-dep.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/gateway-svc.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/nats-dep.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/nats-svc.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/prometheus-cfg.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/prometheus-dep.yml\r\n\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/prometheus-rbac.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/prometheus-svc.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/queueworker-dep.yml\r\noc apply -f https:\/\/raw.githubusercontent.com\/openfaas\/faas-netes\/master\/yaml\/rbac.yml\r\n<\/code><\/pre>\ncat > route.yaml << EOF\r\napiVersion: route.openshift.io\/v1\r\nkind: Route\r\nmetadata:\r\n name: openfaas\r\n namespace: openfaas\r\nspec:\r\n host: footloose-gateway.com\r\n to:\r\n kind: Service\r\n name: gateway\r\n weight: 100\r\n wildcardPolicy: None\r\n tls:\r\n termination: edge\r\nEOF\r\n\r\noc apply -f route.yaml\r\n<\/code><\/pre>\n127.0.0.1 footloose-gateway.com\r\n<\/code><\/pre>\n![\"portal-of\"](\"https:\/\/blog.alexellis.io\/content\/images\/2019\/03\/portal-of.png\")
<\/p>\n\n
export OPENFAAS_URL=https:\/\/footloose-gateway.com\r\n\r\nfaas-cli store deploy --tls-no-verify certinfo\r\n\r\nDeployed. 202 Accepted.\r\nURL: https:\/\/footloose-gateway.com\/function\/certinfo\r\n<\/code><\/pre>\nexport OPENFAAS_URL=https:\/\/footloose-gateway.com\r\n\r\necho -n www.openfaas.com | faas-cli invoke --tls-no-verify certinfo\r\n\r\nHost 185.199.110.153\r\nPort 443\r\nIssuer Let's Encrypt Authority X3\r\nCommonName www.openfaas.com\r\nNotBefore 2019-03-21 12:21:00 +0000 UTC\r\nNotAfter 2019-06-19 12:21:00 +0000 UTC\r\nNotAfterUnix 1560946860\r\nSANs [www.openfaas.com]\r\nTimeRemaining 2 months from now\r\n<\/code><\/pre>\noc adm policy add-cluster-role-to-user cluster-reader developer\r\n<\/code><\/pre>\n![\"info-certinfo\"](\"https:\/\/blog.alexellis.io\/content\/images\/2019\/03\/info-certinfo.png\")
<\/p>\nTear-down<\/h3>\n
footloose delete<\/code>\u00a0in the directory on the host.<\/p>\nWrapping up<\/h2>\n
What’s next?<\/h3>\n
faas-cli login<\/code>.<\/p><\/blockquote>\n