nuclio kubernetes 部署
一张参考架构图:
从图中可以看到nuclio可以运行到docker 以及kubernetes中 提供了kubernetes 部署的脚本
安装
- 创建命名空间
kubectl create namespace nuclio
- rbac 创建
kubectl apply -f https://raw.githubusercontent.com/nuclio/nuclio/master/hack/k8s/resources/nuclio-rbac.yaml
- 部署nuclio组件
说明 yaml 文件运行起来有点问题,多了一个description 字段,修改如下,nuclio是通过crd 运行在k8s 中
# Copyright 2017 The Nuclio Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Define a "function" custom resource definition - extending the k8s API to allow management of "function" resources
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: functions.nuclio.io
spec:
group: nuclio.io
names:
kind: Function
plural: functions
singular: function
scope: Namespaced
version: v1beta1
---
# Define a "project" custom resource definition - extending the k8s API to allow management of "project" resources
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: projects.nuclio.io
spec:
group: nuclio.io
names:
kind: Project
plural: projects
singular: project
scope: Namespaced
version: v1beta1
---
# Define a "functionevent" custom resource definition - extending the k8s API to allow management of "functionevent" resources
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: functionevents.nuclio.io
spec:
group: nuclio.io
names:
kind: FunctionEvent
plural: functionevents
singular: functionevent
scope: Namespaced
version: v1beta1
---
# All Nuclio services are bound to the "nuclio" service account. In RBAC enabled setups, this service account is
# bound to specific roles limiting what the services can do
apiVersion: v1
kind: ServiceAccount
metadata:
name: nuclio
namespace: nuclio
---
# The nuclio controller listens for changes on the function CRD and creates the proper deployment, service, etc
# for the function
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: nuclio-controller
namespace: nuclio
spec:
replicas: 1
template:
metadata:
labels:
nuclio.io/env: test
nuclio.io/app: controller
nuclio.io/class: service
annotations:
nuclio.io/version: 0.5.11
spec:
containers:
- name: nuclio-controller
image: nuclio/controller:0.5.11-amd64
env:
- name: NUCLIO_CONTROLLER_IMAGE_PULL_SECRETS
value: registry-credentials
serviceAccountName: nuclio
---
# The Nuclio dashboard offers a UI to manage functions
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: nuclio-dashboard
namespace: nuclio
spec:
replicas: 1
template:
metadata:
labels:
nuclio.io/env: test
nuclio.io/app: dashboard
nuclio.io/class: service
annotations:
nuclio.io/version: 0.5.11
spec:
containers:
- name: nuclio-dashboard
image: nuclio/dashboard:0.5.11-amd64
ports:
- containerPort: 8070
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-sock
- name: registry-credentials
mountPath: "/etc/nuclio/dashboard/registry-credentials"
readOnly: true
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
- name: registry-credentials
secret:
secretName: registry-credentials
optional: true
serviceAccountName: nuclio
---
apiVersion: v1
kind: Service
metadata:
name: nuclio-dashboard
namespace: nuclio
spec:
type: NodePort
selector:
nuclio.io/app: dashboard
ports:
- name: admin
port: 8070
protocol: TCP
效果
界面
几个问题
- 私服
目前UI 界面不是很好,不支持自定义配置,如果使用dockerhub 是没有问题的,私服需要结合UI以及yaml 文件
创建secret
kubectl create secret docker-registry registry-credentials --namespace nuclio \
--docker-username admin \
--docker-password password \
--docker-server docker-image-server \
--docker-email 1141591465@qq.com
- 修改function 定义
主要是添加registry 定义
spec:
...
build:
registry: docker-image-server/username| harbor projectname
...
- 通过ingress 调用
是通过使用trigger方式调用的
参考配置:
https://github.com/nuclio/nuclio/blob/master/docs/concepts/k8s/function-ingress.md
apiVersion: "nuclio.io/v1"
kind: "Function"
spec:
runtime: "golang"
triggers:
http:
maxWorkers: 8
kind: http
attributes:
ingresses:
first:
paths:
- /first/path
- /second/path
second:
host: my.host.com
paths:
- /first/from/host
参考资料
https://github.com/nuclio/nuclio/blob/master/docs/concepts/k8s/function-ingress.md
https://github.com/nuclio/nuclio
https://github.com/nuclio/nuclio/blob/master/docs/setup/k8s/getting-started-k8s.md