Stop Paying the "Lambda Tax": Self-Hosted FaaS Architecture

Let’s be honest. The promise of "Serverless" was beautiful: write code, push deployment, and never worry about infrastructure again. But for anyone who has run a high-throughput event processing pipeline on the big three public clouds, the reality hit hard around the time the first invoice arrived. You aren't just paying for compute; you are paying a premium for abstraction.

I recall a project last year for a fintech client in Oslo. They migrated a simple transaction verification microservice to AWS Lambda. It worked flawed—until Black Friday. The concurrency limits hit, the cold starts spiked to 2 seconds, and the bill for that month cost more than their entire previous yearly hosting budget. We migrated them back to a high-density Kubernetes cluster on bare-metal capable VPS instances within a week.

Serverless is a developer experience, not a requirement to use proprietary cloud APIs. By 2025, the tooling is mature enough that running your own Functions-as-a-Service (FaaS) platform is not only viable but often performant superior. Here is how we build a battle-hardened, low-latency FaaS platform using K3s and OpenFaaS on CoolVDS.

The Architecture: Why KVM and NVMe are Non-Negotiable

When you run serverless on your own metal (or virtual metal), the bottleneck shifts. It's no longer about API gateways; it's about Disk I/O and Container Runtime speed. Kubernetes—even the lightweight K3s distribution—relies heavily on etcd. If your storage latency fluctuates, your cluster stability evaporates.

This is where the hardware underneath matters. Standard SSDs often choke under the random write pressure of high-churn container environments. For this setup, we rely on CoolVDS NVMe instances because the I/O throughput is consistent. We need low latency access to /var/lib/rancher/k3s and /var/lib/containerd.

The Stack

• OS: Debian 12 (Bookworm) - Stability over bleeding edge.
• Orchestrator: K3s - No bloat, perfect for single-node or small cluster VPS setups.
• FaaS Framework: OpenFaaS - The standard for container-native serverless.
• Ingress: Traefik (bundled with K3s).

Step 1: Kernel Prep & Security Nuances

Before installing anything, we need to tune the Linux kernel. Default settings are too conservative for the high density of short-lived containers typical in serverless patterns. Since we are operating under Norwegian jurisdictions, we also want to ensure our logs aren't leaking where they shouldn't.

Run these sysctl modifications to prevent neighbor table overflows and allow more memory mapping:

cat <> /etc/sysctl.conf
# Increase max user watches for FaaS scale-up
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_instances = 8192

# Network tuning for high-frequency requests
net.core.somaxconn = 4096
net.ipv4.tcp_max_syn_backlog = 4096
vm.max_map_count = 262144
EOF

sysctl -p

Step 2: Deploying K3s (The Right Way)

Don't just pipe the script to sh without flags. We want to disable the default servicelb if we plan to use a proper Load Balancer later, but for a standalone high-power VPS, we'll keep it simple. However, we must force the use of the snapshotter for performance.

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --write-kubeconfig-mode 644 --snapshotter=native" sh -

Verify the node is ready. On a CoolVDS 4 vCPU instance, this usually takes about 15 seconds.

k3s kubectl get nodes
# NAME          STATUS   ROLES                  AGE   VERSION
# coolvds-no1   Ready    control-plane,master   22s   v1.31.1+k3s1

Step 3: Installing OpenFaaS

We use arkade, a tool developed by Alex Ellis, which simplifies the Helm chart management for OpenFaaS. It remains the fastest way to bootstrap in 2025.

# Install arkade
curl -sLS https://get.arkade.dev | sudo sh

# Install OpenFaaS to the cluster
arkade install openfaas`

Once installed, you need to extract the admin password. This is your gateway key.

kubectl -n openfaas get secret basic-auth -o jsonpath="{.data.basic-auth-password}" | base64 --decode; echo

Step 4: The Performance Config (The "Secret Sauce")

Here is where generic tutorials fail. Out of the box, OpenFaaS scales nicely, but to handle sudden bursts (the whole point of serverless), you need to tune the Gateway and the Queue Worker.

We need to edit the deployment to allow for higher in-flight requests and adjust the timeouts. If your function takes 30 seconds to process a heavy image, the default timeout will kill it.

kubectl -n openfaas set env deployment/gateway read_timeout=65s
kubectl -n openfaas set env deployment/gateway write_timeout=65s
kubectl -n openfaas set env deployment/gateway upstream_timeout=60s

Pro Tip: If you are processing sensitive data covered by GDPR or banking regulations, ensure your function invocations are strictly internal or protected by mTLS. On CoolVDS, you can leverage Private Networking to keep the inter-node traffic off the public internet entirely, satisfying strict compliance requirements from Datatilsynet.

Why Hosting Location Matters: The Oslo Factor

Latency is the silent killer of serverless. If your database is in a data center in Oslo, but your Cloud Functions are firing from Frankfurt or Stockholm, you are adding 15-30ms of round-trip time (RTT) to every single database query your function makes. In a chatty microservice, that adds up to seconds of delay.

By hosting your K3s OpenFaaS cluster on CoolVDS in our Oslo facility, you achieve sub-millisecond latency to local NIX (Norwegian Internet Exchange) peers. Data sovereignty isn't just a legal checkbox; it's a performance feature.

Deployment Example: A Python Image Resizer

Let's deploy a function. First, install the CLI:

curl -sL https://cli.openfaas.com | sudo sh

Pull a template and deploy. Note the use of the `of-watchdog`. This component marshals HTTP requests to your process via STDIN/STDOUT or HTTP, keeping the overhead incredibly low.

faas-cli new --lang python3-http image-resize
# Edit handler.py with your logic...

# Build and Deploy
faas-cli up -f image-resize.yml

On a CoolVDS NVMe instance, the "cold start" for this container (pulling from cache to Ready state) is often under 400ms. Compare that to the unpredictable cold starts of public cloud heavily-oversubscribed hosts.

Conclusion: Control Your Compute

Serverless architectures are powerful patterns for decoupling workloads. But decoupling your code shouldn't mean decoupling your budget from reality. By running OpenFaaS on high-performance KVM VPS, you get the developer velocity of serverless with the predictable, flat-rate pricing of a VPS.

You keep the data in Norway. You keep the latency low. And you keep the money in your pocket.

Ready to build? Deploy a Debian 12 NVMe instance on CoolVDS today and have your own FaaS platform running in under 10 minutes. Start your instance here.