alexellis · March 14, 2021 18:57 · Feb 25, 2021
diff --git a/OpenFaaS-libkrun-Fedora33.md b/OpenFaaS-libkrun-Fedora33.md
@@ -0,0 +1,78 @@
+# Installing OpenFaaS with libkrun-based isolation on Fedora 33
+
+## Setting up the system
+
+### Revert to cgroup v1
+
+The version of `containerd` that `OpenFaaS` will download during the
+installation doesn't support cgroup v2, so we need to configure
+`systemd` to avoid using the Unified cgroup Hierarchy, and reboot the
+system:
+
+```
+sudo dnf install -y grubby
+sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
+sudo systemctl reboot
+```
+
+### Install required packages
+
+```
+sudo dnf install -y iptables golang git make perl-Digest-SHA
+```
+
+## Install OpenFaaS
+
+### Use OpenFaaS automated installation script
+
+```
+git clone https://github.com/slp/faasd
+cd faasd
+./hack/install.sh
+```
+
+### Build and install the patched binary
+
+```
+git checkout faasd-libkrun
+make local
+sudo mv /usr/local/bin/faasd /usr/local/bin/faasd.bak
+sudo cp bin/faasd /usr/local/bin/faasd
+sudo systemctl reboot
+```
+
+## Install libkrun
+
+### Install libkrun and crun-krun packages from COPR
+
+```
+sudo dnf copr enable -y slp/libkrunfw
+sudo dnf copr enable -y slp/libkrun
+sudo dnf copr enable -y slp/crun-krun
+sudo dnf install -y crun-krun
+```
+
+### Replace runc with crun-krun
+
+```
+sudo mv /usr/bin/runc /usr/bin/runc.bak
+sudo cp /usr/bin/crun-krun /usr/bin/runc
+```
+
+### Enable DNS resolution via TCP
+
+libkrun TSI-based networking only supports AF_INET streams at the
+moment, so we need to do DNS resolution via TCP:
+
+```
+printf '\noptions use-vc' | sudo tee -a /var/lib/faasd/resolv.conf
+printf '\noptions use-vc' | sudo tee -a /var/lib/faasd-provider/resolv.conf
+```
+
+## Test the installation
+
+```
+sudo cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s
+faas-cli store deploy "ASCII Cows"
+curl http://127.0.0.1:8080/function/cows
+```
No results found