当前位置:网站首页>knative初探

knative初探

2020-12-08 13:45:08 杰仪

  • knative是较流行的serverless框架,目前参与的公司主要是 Google、Pivotal、IBM、Red Hat,目前迭代很快
  • knative 是建立在 kubernetes 和 istio 平台之上的,使用 kubernetes 提供的容器管理能力(deployment、replicaset、和 pods等),以及 istio 提供的网络管理功能(ingress、LB、dynamic route等)
  • 对比kubeless,knative发展更快,大公司支持多
  • 安装环境 kubernetes-1.19.* knative-0.19 istio-1.7.5
  • 安装knative https://knative.dev/docs/install/any-kubernetes-cluster/
kubectl apply --filename https://github.com/knative/serving/releases/download/v0.19.0/serving-crds.yaml
kubectl apply --filename https://github.com/knative/serving/releases/download/v0.19.0/serving-core.yaml
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.7.5 TARGET_ARCH=x86_64 sh -
cd istio-1.7.5
export PATH=$PWD/bin:$PATH
  • 通过Istio Operator来安装
cat << EOF > ./istio-minimal-operator.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  values:
    global:
      proxy:
        autoInject: disabled
      useMCP: false
      # The third-party-jwt is not enabled on all k8s.
      # See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens
      jwtPolicy: first-party-jwt

  addonComponents:
    pilot:
      enabled: true
    prometheus:
      enabled: false

  components:
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
      - name: cluster-local-gateway
        enabled: true
        label:
          istio: cluster-local-gateway
          app: cluster-local-gateway
        k8s:
          service:
            type: ClusterIP
            ports:
            - port: 15020
              name: status-port
            - port: 80
              targetPort: 8080
              name: http2
            - port: 443
              targetPort: 8443
              name: https
EOF

istioctl install -f istio-minimal-operator.yaml
  • Using Istio mTLS feature
kubectl create ns knative-serving
kubectl label namespace knative-serving istio-injection=enabled
  • Set PeerAuthentication to PERMISSIVE on knative-serving system namespace.
cat <<EOF | kubectl apply -f -
apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
  name: "default"
  namespace: "knative-serving"
spec:
  mtls:
    mode: PERMISSIVE
EOF
  • Install the Knative Istio controller
kubectl apply --filename https://github.com/knative/net-istio/releases/download/v0.19.0/release.yaml

-- 检测安装后的版本

kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "serving.knative.dev/release"}}'
kn service create helloworld-go --image gcr.io/knative-samples/helloworld-go --env TARGET="Go Sample v2"
kubectl edit cm config-domain --namespace knative-serving

改成如下

apiVersion: v1
data:
  mydomain.com: ""
kind: ConfigMap
[...]
  • 解析域名,添加*.default到A记录中
*.default.mydomain.com                   59     IN     A   35.237.28.44
  • 访问

版权声明
本文为[杰仪]所创,转载请带上原文链接,感谢
https://my.oschina.net/u/160697/blog/4780993