Serverless-knative安装
Knative基础
Knative项目简介
◼ 读音为“kay-nay-tiv”,由Google于2018年7月正式发布
◼ Kubernetes平台的原生扩展组件,让其能够轻松地部署、运行和管理Serverless类型的云原生应用
◼ 由RedHat、Google和IBM等公司,以及各种初创公司组成的开源社区共同维护
◼ 目标在于Serverless技术标准化
Knative的组件
◼ Serving
◆部署、管理及扩展无状态应用
◆支持由请求驱动计算
◆支持缩容至0
◼ Eventing
◆以声明的方式创建对事件源的订阅,并将事件路由到目标端点
◆事件订阅、传递和处理
◆基于pub/sub模型连接Knative的工作负载
◼ Build
◆从源代码构建出应用镜像
◆已经由独立的Tekton项目取代
Knative Serving 架构
相关的资源API定义在“serving.knative.dev”群组中
主要包括四个CRD
◼ Service
◆对自动编排Serverless类型应用的功能的抽象,负责自动管理工作负载的整个生命周期
◆它能自动控制下面三个类型的资源对象的管理
◼ Configuration
◆反映了Service当前期望状态(Spec)的配置
◆Service对象的更新,也将导致Configuration的更新
◼ Revision
◆Service的每次代码或配置变更都会生成一个Revision
◆快照型数据,不可变
◼ Route
◆将请求流量路由到目标Revision
◆支持将流量按比例切分并路由到多个Revision
事件与Knative Eventing
关于“事件”
◼ 事件是一个不可变的小段数据,记录了系统在特定时间内的特定行为,或状态的转变
◼ 通过读取系统的事件流(序列),可以重建系统的运行历史
◼ 事件的格式
◆事件的格式完全可由开发者自行决定
◆CNCF的CloudEvents规范至力于事件格式的标准化
◆目前,众多云服务商都开始支持该规范
关于“事件驱动”
◼ 不存在一个规范、严格的定义,任何使用事件通知范式(pub/sub)的系统都是事件驱动的系统
◼ 事件驱动的系统大体分为两类
◆响应式(reactive):本质上是非同步性质的函数调用(或HTTP RESTful/RPC调用)
◆流处理(stream processing):密集式、面向数据式使用事件,订阅者通常是流处理器,它从事件流中提取状态,并将状态传递给相关方
关于“事件源(Event Sourcing)”
◼ 事件数据的持久化模式
◼ 通常基于事件日志保存不可变的事件信息
◼ 负责为事件的生产和消费提供基础设施,可将事件从生产者路由到目标消费者,从而让开发人员能够使用事件驱动架构
◼ 各资源者是松散耦合关系,可分别独立开发和部署
◼ 遵循CloudEvents规范
Event Source | Knative Eventing | Knative Serving
kafka | Event Source Broker Trigger | Function
◆ Event Source: 负责读取集群外部产生的事件,并转换为CloudEvents格式
◆ Broker:负责接收事件,并将他们转发给由一个或多个触发器匹配到的订阅者;
◆ Trigger:定义基于事件属性的过滤器;
Knative是FaaS解决方案吗?
◼ Knative并未提供FaaS
◼ 用户可在Knative和Kubernetes之上,借助于第三方项目自行构建FaaS系统,例如Kyma Project
Knative为Kubernetes扩展出的功能
◼ Serving
◆替代Deployment控制器,负责编排运行基于HTTP协议的无状态应用
◆额外提供的功能特性
⚫ Knative的Service对象,相当于Kubernetes上的 Service+Deployment 的功能
⚫ 基于单个请求进行负载均衡
⚫ 基于请求的快速、自动化扩缩容,并支持收缩至0实例
⚫ 通过在Pod扩展时缓冲请求来削峰填谷
⚫ 流量切分
⚫ ……
◼ Eventing
◆声明式事件配置接口
Serving的子组件
Serving依赖于几个关键的组件协同其管理能力
◼ Activator:Revision中的Pod数量收缩至0时,activator负责接收并缓存相关的请求,同时报告指标数据给Autoscaler,并在Autoscaler在Revision上扩展出必要的Pod后,再将请求路由至相应的Revision;
◼ Autoscaler:Knative通过注入一个称为queue-proxy容器的sidecar代理来了解它部署的Pod上的请求,而Autoscaler会为每个服务使用“每秒请求数”来自动缩放其Revision上的Pod;
◼ Controller:负责监视Serving CRD(KService、Configuration、Route和Revision)相关的API对象并管理它们的生命周期,是Serving声明式API的关键保障;
◼ Webhook:为Kubernetes提供的外置Admission Controller,兼具Validation和Mutation的功能,主要作用于Serving专有的几个API资源类型之上,以及相关的ConfigMap资源上;
◼ Domain-mapping:将指定的域名映射至Service、KService,甚至是Knative Route之上,从而使用自定义域名访问特定的服务;
◼ Domainmapping-Webhook:Domain-mapping专用的Admission Controller
◼ net-certmanager-controller:与Cert Manager协同时使用的专用的控制器;
◼ net-istio-controller:与Istio协同时使用的专用控制器
部署knative
https://knative.dev/docs/install/serving/install-serving-with-yaml/#prerequisites
版本 V1.2
k8s 最低 1.21-1.23
git clone https://github.com/iKubernetes/knative-in-practise.git
root@master03:~/knative# cat a.sh #!/bin/bash docker load -i activator.tar.gz docker load -i autoscaler.tar.gz docker load -i controller.tar.gz docker load -i domain-mapping-webhook.tar.gz docker load -i domain-mapping.tar.gz docker load -i helloworld-go.tar.gz docker load -i knative-autoscaler-hpa.tar.gz docker load -i net-istio-controller.tar.gz docker load -i net-istio-webhook.tar.gz docker load -i queue.tar.gz docker load -i webhook.tar.gz root@master03:~/knative# cat b.sh #!/bin/bash docker tag 818e6fca2a38 gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping:lates docker tag 0ab46b1399f7 gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook:lates docker tag c6353e866d44 gcr.io/knative-releases/knative.dev/serving/cmd/webhook:lates docker tag ec86e162aa5a gcr.io/knative-releases/knative.dev/serving/cmd/queue:lates docker tag f69f2fd04eb8 gcr.io/knative-releases/knative.dev/serving/cmd/activator:lates docker tag f871244aa201 gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler:lates docker tag 9ec663418a9b gcr.io/knative-releases/knative.dev/serving/cmd/controller:lates docker tag 03f6877f903c gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa:lates docker tag e14dc948c159 gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook:lates imagePullPolicy: IfNotPresent #不能latest结尾
activator 8012
kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.2.0/serving-crds.yaml
root@master02:/opt/knative-in-practise/knative-deploy-v1.2/serving# kubectl apply -f serving-crds.yaml
root@master01:/opt# kubectl api-versions |grep knative autoscaling.internal.knative.dev/v1alpha1 caching.internal.knative.dev/v1alpha1 networking.internal.knative.dev/v1alpha1 serving.knative.dev/v1 serving.knative.dev/v1alpha1 serving.knative.dev/v1beta1
root@master01:/opt# kubectl api-resources --api-group=serving.knative.dev NAME SHORTNAMES APIVERSION NAMESPACED KIND configurations config,cfg serving.knative.dev/v1 true Configuration domainmappings dm serving.knative.dev/v1beta1 true DomainMapping revisions rev serving.knative.dev/v1 true Revision routes rt serving.knative.dev/v1 true Route services kservice,ksvc serving.knative.dev/v1 true Service
root@master01:/opt# kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.2.0/serving-core.yaml
root@master02:/opt/knative-in-practise/knative-deploy-v1.2/serving# kubectl apply -f serving-core.yaml
imagePullPolicy:
description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' #更改镜像为非lates,镜像策略为IfNotPresent
image: gcr.io/knative-releases/knative.dev/serving/cmd/queue:lates # TODO: switch to 'queue-sidecar-image' after 0.27 # Maximum time allowed for an image's digests to be resolved. image: gcr.io/knative-releases/knative.dev/serving/cmd/activator:lates image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler:lates image: gcr.io/knative-releases/knative.dev/serving/cmd/controller:lates image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping:lates image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook:lates image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook:lates
[root@yisu-621245f591dc7 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping <none> 818e6fca2a38 3 weeks ago 49.4 MB gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook <none> 0ab46b1399f7 3 weeks ago 47.7 MB gcr.io/knative-releases/knative.dev/serving/cmd/webhook <none> c6353e866d44 3 weeks ago 49.5 MB gcr.io/knative-releases/knative.dev/serving/cmd/queue <none> ec86e162aa5a 3 weeks ago 28.1 MB gcr.io/knative-releases/knative.dev/serving/cmd/activator <none> f69f2fd04eb8 3 weeks ago 50.4 MB gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler <none> f871244aa201 3 weeks ago 50.9 MB gcr.io/knative-releases/knative.dev/serving/cmd/controller <none> 9ec663418a9b 3 weeks ago 56.4 MB
root@master01:~/knative# kubectl get po -nknative-serving NAME READY STATUS RESTARTS AGE activator-5fbccc4648-qlhk8 1/1 Running 0 3m51s autoscaler-778b5c8b8b-jfxv6 1/1 Running 0 3m51s controller-77459586fc-7cpvb 1/1 Running 0 3m51s domain-mapping-85fddf7b7-6kffn 1/1 Running 0 3m50s domainmapping-webhook-dd99749fb-j6w6w 1/1 Running 0 3m50s webhook-8594d4bfb5-7r4ft 1/1 Running 0 3m50s
链接:https://pan.baidu.com/s/18auE8LZpv2SezkYg4kui2w
Install a networking layey / Istio
kubectl apply -l knative.dev/crd-install=true -f https://github.com/knative/net-istio/releases/download/knative-v1.2.0/istio.yaml kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v1.2.0/istio.yaml
root@master01:/opt/knative-in-practise/knative-deploy-v1.2/istio# kubectl apply -l knative.dev/crd-install=true -f istio.yaml #1
root@master01:/opt/knative-in-practise/knative-deploy-v1.2/istio# kubectl apply -f istio.yaml #2
istio-system istio-egressgateway-7f4864f59c-ghc6v 1/1 Running 5 10d istio-system istio-ingressgateway-fbb76f5df-4pbgt 1/1 Running 2 20m istio-system istio-ingressgateway-fbb76f5df-8bxx2 1/1 Running 0 20m istio-system istio-ingressgateway-fbb76f5df-swznk 1/1 Running 2 20m istio-system istiod-6fb996b56-58j6s 1/1 Running 2 20m istio-system istiod-6fb996b56-hdqln 1/1 Running 1 20m istio-system istiod-6fb996b56-jz7md 1/1 Running 1 20m
root@master01:~# kubectl edit svc istio-ingressgateway -nistio-system spec: clusterIP: 10.100.43.136 clusterIPs: - 10.100.43.136 externalIPs: # - 192.168.80.251 #
root@master01:~# kubectl get svc -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-egressgateway ClusterIP 10.100.141.15 <none> 80/TCP,443/TCP 10d istio-ingressgateway LoadBalancer 10.100.43.136 192.168.80.251 15021:36049/TCP,80:29931/TCP,443:25555/TCP 10d
[root@yisu-621245f591dc7 ~]# docker images |grep istio gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook <none> e14dc948c159 3 weeks ago 47.7 MB gcr.io/knative-releases/knative.dev/net-istio/cmd/controller <none> 8b2ff194e33a 3 weeks ago 53.1 MB
root@master01:/opt/knative-in-practise/knative-deploy-v1.2/istio# cat net-istio.yaml |grep image image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:f253b82941c2220181cee80d7488fe1cefce9d49ab30bdb54bcb8c76515f7a26 image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:a705c1ea8e9e556f860314fe055082fbe3cde6a924c29291955f98d979f8185e
root@master01:/opt/knative-in-practise/knative-deploy-v1.2/istio# kubectl apply -f net-istio.yaml
[root@master istio]# cat net-istio.yaml |grep image image: gexuchuan123/net-istio-cmd-controller:v1 image: gexuchuan123/net-istio-cmd-webhook:v1
Install optional Serving extensions
[root@yisu-621245f591dc7 a]# docker images |grep hpa gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa <none> 03f6877f903c 3 weeks ago 50 MB
docker tag gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:e3db964edf76abb4a53927039a8d3ddafb983e894c51e98b51dd0c3ebb260ccd gexuchuan123/knative-releases-knative.dev-serving-cmd-autoscaler-hpa:lates
root@master01:/opt/knative-in-practise/knative-deploy-v1.2/serving-extensions# kubectl apply -f serving-hpa.yaml
knative-serving autoscaler-hpa-7474ddcb8f-75s8l 1/1 Running 0 51s
Install the kn CLI
Using a binary
https://github.com/knative/client/releases/
root@master01:~/knative# cp kn-linux-amd64 /usr/bin/
mv kn-linux-amd64 kn
root@master01:~/knative# kn version Version: v1.2.0
root@master01:~/knative# kn service --help
root@master01:~/knative# kubectl api-resources --api-group serving.knative.dev NAME SHORTNAMES APIVERSION NAMESPACED KIND configurations config,cfg serving.knative.dev/v1 true Configuration domainmappings dm serving.knative.dev/v1beta1 true DomainMapping revisions rev serving.knative.dev/v1 true Revision routes rt serving.knative.dev/v1 true Route services kservice,ksvc serving.knative.dev/v1 true Service root@master01:~/knative# kubectl get kservice No resources found in default namespace. root@master01:~/knative# kubectl get ksvc No resources found in default namespace.
