Deploying OpenFaaS on Kubernetes — Azure AKS (OpenFaaS on AKS 1/2)

Eric Stoekl
Feb 4, 2018 · 6 min read

Check out Part 2 of this post, which is about how to enable SSL ingress:

Today we’ll be deploying OpenFaaS on Azure AKS. Microsoft has created a managed Kubernetes service on the Azure cloud platform called AKS, which allows you to easily deploy publicly available Kubernetes clusters without worrying about (or even paying for) master nodes. This post will give step-by-step instructions for deploying OpenFaaS on AKS, giving you a resilient OpenFaaS deployment, and showing you the best practices along the way.

If you are interested in deploying OpenFaaS on AWS, check out my blog post here:

The high level overview is:

  1. Create a Resource Group, Service Principal, and AKS Cluster
  2. Get command line access to your cluster
  3. Initialize Helm on your cluster
  4. Deploy OpenFaaS with Helm
  5. (Optional) Secure ingress to OpenFaaS with username/password

Let’s get started.

1. Provision resources on Azure

Note — I will be using East US for this demonstration. According to Microsoft, West Europe and Central US are also available.

Next you can run the following command to create the AKS cluster directly from the Azure Cloud Shell. Open the shell up in the Web Portal, and use the following command to create your cluster

az aks create -g <YOUR_RG> -n <NEW_AKS_CLUSTER_NAME> --generate-ssh-keys --node-vm-size Standard_A2_v2 --node-count 1 --kubernetes-version 1.8.1

Use the name of the Resource Group you just created for <YOUR_RG>, and use any unique name for <NEW_AKS_CLUSTER_NAME>. Use the flag --generate-ssh-keys , which will create the file for you (in your AZ Cloud Shell Environment) and link it to your AKS cluster.

I like to use Standard_A2_v2 as the VM size because it’s the cheapest non-burstable instance I could find, but you can use something larger or go cheaper with “B”-instances. I recommend using K8s version 1.8.1, but you can experiment. You can increase the count of nodes, but 1 is enough to run OpenFaaS.

2. Get Command-Line Access to Your Cluster

az aks get-credentials -g <YOUR_RG> -n <YOUR_AKS_CLUSTER_NAME>

If all goes well, you should see something like this:

Merged "eric-aks1" as current context in /home/eric/.kube/config

Run kubectl get all -n kube-system to make sure that you have access to your AKS cluster. If you see something like this screenshot, congrats, the hardest part is now done!

Note — it may take a few minutes before all your pods are at 100% replication status, and are all “Running”. Give it some time until you are at 100% before continuing.

3. Initialize Helm on your cluster

Once Helm is installed, initialize the AKS cluster with the Helm server container which is called tiller . To achieve this, run this command in your Azure Cloud Shell:

$ helm init --upgrade

Now run kubectl get pods -n kube-system and make sure that the tiller pod is at 1/1 and Running status before moving on to the next step.

4. Deploy OpenFaaS with Helm

Clone the official faas-netes repo from github, which is the Kubernetes backend for OpenFaaS. Don’t worry because the Azure Cloud Shell has git installed already.

$ git clone 
$ cd faas-netes

Finally, run these commands to deploy OpenFaaS on your AKS cluster:

$ kubectl create ns openfaas
$ kubectl create ns openfaas-fn
$ helm upgrade --install --namespace openfaas --set functionNamespace=openfaas-fn --set async=true --set rbac=false --set serviceType=LoadBalancer openfaas chart/openfaas

If all goes well, you should be able to run kubectl get all -n openfaas and see something like this after a minute or two:

Note that the gateway-external and prometheus-external services may have a <pending> External IP for a while. I have found that this IP can take 10 minutes or more to show up.

Once it does show up, take the External IP specified for the gateway-external service and navigate to it in your web browser with port 8080. You should see the OpenFaaS Web Portal, from which you can easily deploy functions from the built-in OpenFaaS Store.

Here I have deployed “figlet” from the OpenFaaS Store on my OpenFaaS-On-AKS Deployment.

5. (Optional) Secure ingress to OpenFaaS with username/password

First go to your Azure Cloud Shell and use the following kubectl command to create a username and password:

kubectl -n openfaas create secret generic basic-auth \
--from-literal=user=<YOUR_USERNAME> \

Next, use the following command to apply Caddy, which is used here as an Ingress Controller for our deployment:

kubectl apply -f

Wait a few minutes, then run the following command to get your Caddy IP.

kubectl -n openfaas describe service caddy-lb | grep Ingress | awk '{ print $NF }'

You can use this IP with port 80 to log in to your cluster like so:

Note that this does not enable TLS — there are a few extra steps for that which Stefan’s blog post can give more guidance on.

Note that you can now also access your deployment using the faas-cli command line tool, after you login using the following command. (This tool is not installed by default on the Azure Cloud Shell)

faas login -u <YOUR_USERNAME> -p <YOUR_PASSWORD> --gateway

Enabling SSL

Cleaning up

helm delete --purge openfaas

When you are done with your cluster, delete it by deleting the whole Resource Group that contains your AKS cluster.


Eric Stoekl

Written by

Fan of Open Source and DevOps. OpenFaaS contributor.