Serverless- Knative的初始化
文档说明:自建K8S,只记录关键地方;
k8s 版本 > 1.24.7
CRI 使用 containerd
实验环境: linux debian 11
目标:serverless 使用实践
安装native-Serving 文档
Knative Istio controller
因为安装ingress-istio 时,istio相关配置已经完成,因此这一步配置并不多
https://github.com/knative/net-istio/releases/download/knative-v1.8.0/net-istio.yaml
# kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v1.8.0/net-istio.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: knative-ingress-gateway
namespace: knative-serving
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.8.0"
networking.knative.dev/ingress-provider: istio
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*.xiaoshuogeng.com'
port:
name: http
number: 80
protocol: HTTP
tls:
httpsRedirect: true
- hosts:
- '*.xiaoshuogeng.com'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: com-xiaoshuogeng-tls-cert-secret
mode: SIMPLE
设置TLS域名证书
#!/bin/sh
set +exu
kubectl -n istio-system delete secret com-xiaoshuogeng-tls-cert-secret
set -exu
kubectl create -n istio-system secret tls com-xiaoshuogeng-tls-cert-secret \
--key=/data/tls/wildcard.xiaoshuogeng.com.key.pem \
--cert=/data/tls/wildcard.xiaoshuogeng.com.fullchain.pem
kubectl --namespace istio-system get service istio-ingressgateway
Configure DNS
kubectl patch configmap/config-domain \
--namespace knative-serving \
--type merge \
--patch '{"data":{"knative.xiaoshuogeng.com":""}}'
查看pod 运行情况
kubectl get pods -n knative-serving
kubectl get pods -n knative-serving
kubectl get pod -n kn
kubectl get ksvc -n kn
kubectl get pods --namespace istio-system
kubectl get svc -n istio-system
kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "serving.knative.dev/release"}}'
参考文档
- Serverless简介
- knative-serving
- Installing Knative
- Installing Knative Serving using YAML files
- ingress-istio配置服务
- 使用acme.sh自助签发Let's Encrypt 的SSL证书
