导航

k8s 1.28 安装配置 knative-serving v1.15.2 + cert-manager v1.16.1

Posted on 2024-10-14 10:24  Morya  阅读(21)  评论(0编辑  收藏  举报

安装配置knative-serving

配置基础组件

# 考虑 image 可能存在拉取问题,可以使用 https://github.com/DaoCloud/public-image-mirror 方法替换
kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.15.2/serving-crds.yaml
kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.15.2/serving-core.yaml

配置 Install a networking layer

这3个模块,是3选一,官方建议,如果了解不深刻,就盲选 Kourier(因为它简单,够用)

  • Kourier (Choose this if you are not sure)
  • Istio
  • Contour
kubectl apply -f https://github.com/knative/net-kourier/releases/download/knative-v1.15.1/kourier.yaml
kubectl patch configmap/config-network \
  --namespace knative-serving \
  --type merge \
  --patch '{"data":{"ingress-class":"kourier.ingress.networking.knative.dev"}}'

安装 cert-manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.yaml

更新 knative-serving 各种配置

  1. 配置使用自定义域名
kubectl patch configmap/config-domain \
  --namespace knative-serving \
  --type merge \
  --patch '{"data":{"kn.demo.com":""}}'
  1. 更新dns
  2. 配置自动https证书
    • 每个服务独立证书
    • 每个namespace复用1套证书

cert-manager issuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-issuer
spec:
  acme:
    email: demo@qq.com
    privateKeySecretRef:
      name: example-issuer-account-key
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          ingressClassName: kourier.ingress.networking.knative.dev

更新dns

比如, *.ok.com 范域名指向 通过 kubectl --namespace kourier-system get service kourier 获取到的公网IP。

更新

kubectl edit configmap config-certmanager -n knative-serving



apiVersion: v1
kind: ConfigMap
metadata:
  name: config-certmanager
  namespace: knative-serving
  labels:
    networking.knative.dev/certificate-provider: cert-manager
data:
  issuerRef: |
    kind: ClusterIssuer
    name: letsencrypt-issuer
  clusterLocalIssuerRef: |
    kind: ClusterIssuer
    name: knative-selfsigned-issuer
  systemInternalIssuerRef: |
    kind: ClusterIssuer
    name: knative-selfsigned-issuer

更新 knative-configmap

kubectl edit configmap config-network -n knative-serving

关键信息

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-network
  namespace: knative-serving
data:
   ...
   external-domain-tls: Enabled

重启 knative

kubectl rollout restart deploy/controller -n knative-serving