knative v0.10安裝

本文使用了當前最新版本的knative，k8s版本1.16。安裝的步驟全部參考了官方文檔。

安裝knative前的準備

1. k8s，版本要求大於1.14。
2. istio
3. helm

安裝無sidecar版的istio

參考：https://knative.dev/docs/install/installing-istio/#installing-istio-without-sidecar-injection

[root@k8s-1 ~]# export ISTIO_VERSION=1.1.7
[root@k8s-1 ~]# curl -L https://git.io/getLatestIstio | sh -
[root@k8s-1 ~]# cd istio-${ISTIO_VERSION}

[root@k8s-1 istio-1.1.7]# for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done

[root@k8s-1 istio-1.1.7]# helm template --namespace=istio-system \
  --set prometheus.enabled=false \
  --set mixer.enabled=false \
  --set mixer.policy.enabled=false \
  --set mixer.telemetry.enabled=false \
  `# Pilot doesn't need a sidecar.` \
  --set pilot.sidecar=false \
  --set pilot.resources.requests.memory=128Mi \
  `# Disable galley (and things requiring galley).` \
  --set galley.enabled=false \
  --set global.useMCP=false \
  `# Disable security / policy.` \
  --set security.enabled=false \
  --set global.disablePolicyChecks=true \
  `# Disable sidecar injection.` \
  --set sidecarInjectorWebhook.enabled=false \
  --set global.proxy.autoInject=disabled \
  --set global.omitSidecarInjectorConfigMap=true \
  --set gateways.istio-ingressgateway.autoscaleMin=1 \
  --set gateways.istio-ingressgateway.autoscaleMax=2 \
  `# Set pilot trace sampling to 100%` \
  --set pilot.traceSampling=100 \
  install/kubernetes/helm/istio \
  > ./istio-lean.yaml

[root@k8s-1 istio-1.1.7]# kubectl apply -f istio-lean.yaml

[root@k8s-1 istio-1.1.7]# helm template --namespace=istio-system \
  --set gateways.custom-gateway.autoscaleMin=1 \
  --set gateways.custom-gateway.autoscaleMax=2 \
  --set gateways.custom-gateway.cpu.targetAverageUtilization=60 \
  --set gateways.custom-gateway.labels.app='cluster-local-gateway' \
  --set gateways.custom-gateway.labels.istio='cluster-local-gateway' \
  --set gateways.custom-gateway.type='ClusterIP' \
  --set gateways.istio-ingressgateway.enabled=false \
  --set gateways.istio-egressgateway.enabled=false \
  --set gateways.istio-ilbgateway.enabled=false \
  install/kubernetes/helm/istio \
  -f install/kubernetes/helm/istio/example-values/values-istio-gateways.yaml \
  | sed -e "s/custom-gateway/cluster-local-gateway/g" -e "s/customgateway/clusterlocalgateway/g" \
  > ./istio-local-gateway.yaml

[root@k8s-1 istio-1.1.7]# kubectl apply -f istio-local-gateway.yaml

[root@k8s-1 istio-1.1.7]# kubectl get po -n istio-system -owide
NAME                                    READY   STATUS    RESTARTS   AGE     IP                NODE    NOMINATED NODE   READINESS GATES
cluster-local-gateway-f84696648-rdkvx   1/1     Running   0          7m      192.138.200.232   k8s-2   <none>           <none>
istio-ingressgateway-84d7d87d5d-jnpz6   1/1     Running   0          3h10m   192.138.200.210   k8s-2   <none>           <none>
istio-pilot-7b9b666c45-cv4cx            1/1     Running   0          19h     192.138.200.225   k8s-2   <none>           <none>
zipkin-758f8689c5-kg68r                 1/1     Running   0          19h     192.138.200.230   k8s-2   <none>           <none>

[root@k8s-1 istio-1.1.7]# kubectl get svc -n istio-system
NAME                    TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                                                                                      AGE
cluster-local-gateway   ClusterIP      10.96.66.250    <none>        80/TCP,443/TCP,31400/TCP,15011/TCP,8060/TCP,15029/TCP,15030/TCP,15031/TCP,15032/TCP                                                          40m
istio-ingressgateway    LoadBalancer   10.96.253.243   <pending>     15020:32433/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:31698/TCP,15030:31382/TCP,15031:30862/TCP,15032:31643/TCP,15443:31381/TCP   6d17h
istio-pilot             ClusterIP      10.96.36.80     <none>        15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       6d17h
zipkin                  ClusterIP      10.96.218.126   <none>        9411/TCP 

這裏安裝了2個gateway，cluster-local-gateway爲集羣內的訪問提供服務，istio-ingressgateway爲集羣外訪問提供服務。

安裝knative

kubectl apply --selector knative.dev/crd-install=true \
--filename https://github.com/knative/serving/releases/download/v0.10.0/serving.yaml \
--filename https://github.com/knative/eventing/releases/download/v0.10.0/release.yaml \
--filename https://github.com/knative/serving/releases/download/v0.10.0/monitoring.yaml

kubectl apply --filename https://github.com/knative/serving/releases/download/v0.10.0/serving.yaml \
--filename https://github.com/knative/eventing/releases/download/v0.10.0/release.yaml \
--filename https://github.com/knative/serving/releases/download/v0.10.0/monitoring.yaml

查看狀態
kubectl get pods --namespace knative-serving
kubectl get pods --namespace knative-eventing
kubectl get pods --namespace knative-monitoring

部署應用

參考：https://knative.dev/docs/serving/getting-started-knative-app/

vi service.yaml

apiVersion: serving.knative.dev/v1 # Current version of Knative
kind: Service
metadata:
  name: helloworld-go # The name of the app
  namespace: default # The namespace the app will use
spec:
  template:
    spec:
      containers:
        - image: gcr.io/knative-samples/helloworld-go # The URL to the image of the app
          env:
            - name: TARGET # The environment variable printed out by the sample app
              value: "Go Sample v1"
kubectl apply --filename service.yaml

訪問knative service

helloworld創建好後，如果沒有接受到訪問，pod數量會自動降爲0。

kubectl get ksvc helloworld-go
NAME            URL                                                LATESTCREATED         LATESTREADY           READY   REASON
helloworld-go   http://helloworld-go.default.example.com   helloworld-go-hn7vt   helloworld-go-hn7vt   True

創建的service默認是通過集羣外訪問，可以看到一個非公網域名。

雖然我的環境不支持lb類型svc，但是可以通過istio-ingressgateway的nodeport對helloworld進行訪問，所以執行了：

[root@k8s-1 ~]#  curl -I -v -HHOST:helloworld-go.default.example.com http://192.168.48.128:31380/
[root@k8s-1 istio-1.1.7]# curl -I -v -HHOST:helloworld-go-external.default.example.com http://192.168.48.128:31380/
* About to connect() to 192.168.48.128 port 31380 (#0)
*   Trying 192.168.48.128...
* Connected to 192.168.48.128 (192.168.48.128) port 31380 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Accept: */*
> HOST:helloworld-go.default.example.com
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< content-length: 20
content-length: 20
< content-type: text/plain; charset=utf-8
content-type: text/plain; charset=utf-8
< date: Fri, 06 Dec 2019 06:44:56 GMT
date: Fri, 06 Dec 2019 06:44:56 GMT
< x-envoy-upstream-service-time: 2851
x-envoy-upstream-service-time: 2851
< server: istio-envoy
server: istio-envoy

<
* Connection #0 to host 192.168.48.128 left intact

此時的service是面向外部訪問的，也可以生成一個面向集羣訪問的service

[root@k8s-1 ~]#kubectl label kservice helloworld-go serving.knative.dev/visibility=cluster-local
[root@k8s-1 ~]#kubectl label route helloworld-go serving.knative.dev/visibility=cluster-local

此時service變爲內部訪問，url也發生了變化。
[root@k8s-1 ~]# kubectl get ksvc helloworld-go
NAME            URL                                              LATESTCREATED         LATESTREADY           READY   REASON
helloworld-go   http://helloworld-go.default.svc.cluster.local   helloworld-go-hn7vt   helloworld-go-hn7vt   True

此時在容器中對service訪問：

[root@k8s-1 ~]# kubectl exec -it istio-ingressgateway-84d7d87d5d-jnpz6 -n istio-system sh
# curl http://helloworld-go.default.svc.cluster.local
Hello Go Sample v1!

[root@k8s-1 ~]# kubectl get po
NAME                                              READY   STATUS    RESTARTS   AGE
helloworld-go-hn7vt-deployment-546cc6cd64-gvtk4   2/2     Running   0          36s