nuclio kubernetes 部署

一张参考架构图：

从图中可以看到nuclio可以运行到docker 以及kubernetes中 提供了kubernetes 部署的脚本

安装

• 创建命名空间

kubectl create namespace nuclio

• rbac 创建

kubectl apply -f https://raw.githubusercontent.com/nuclio/nuclio/master/hack/k8s/resources/nuclio-rbac.yaml

• 部署nuclio组件

  说明 yaml 文件运行起来有点问题，多了一个description 字段,修改如下,nuclio是通过crd 运行在k8s 中

# Copyright 2017 The Nuclio Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---

# Define a "function" custom resource definition - extending the k8s API to allow management of "function" resources
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: functions.nuclio.io
spec:
  group: nuclio.io
  names:
    kind: Function
    plural: functions
    singular: function
  scope: Namespaced
  version: v1beta1

---

# Define a "project" custom resource definition - extending the k8s API to allow management of "project" resources
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: projects.nuclio.io
spec:
  group: nuclio.io
  names:
    kind: Project
    plural: projects
    singular: project
  scope: Namespaced
  version: v1beta1

---

# Define a "functionevent" custom resource definition - extending the k8s API to allow management of "functionevent" resources
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: functionevents.nuclio.io
spec:
  group: nuclio.io
  names:
    kind: FunctionEvent
    plural: functionevents
    singular: functionevent
  scope: Namespaced
  version: v1beta1

---

# All Nuclio services are bound to the "nuclio" service account. In RBAC enabled setups, this service account is
# bound to specific roles limiting what the services can do
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nuclio
  namespace: nuclio

---

# The nuclio controller listens for changes on the function CRD and creates the proper deployment, service, etc
# for the function
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: nuclio-controller
  namespace: nuclio
spec:
  replicas: 1
  template:
    metadata:
      labels:
        nuclio.io/env: test
        nuclio.io/app: controller
        nuclio.io/class: service
      annotations:
        nuclio.io/version: 0.5.11
    spec:
      containers:
      - name: nuclio-controller
        image: nuclio/controller:0.5.11-amd64
        env:
        - name: NUCLIO_CONTROLLER_IMAGE_PULL_SECRETS
          value: registry-credentials
      serviceAccountName: nuclio

---

# The Nuclio dashboard offers a UI to manage functions
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: nuclio-dashboard
  namespace: nuclio
spec:
  replicas: 1
  template:
    metadata:
      labels:
        nuclio.io/env: test
        nuclio.io/app: dashboard
        nuclio.io/class: service
      annotations:
        nuclio.io/version: 0.5.11
    spec:
      containers:
      - name: nuclio-dashboard
        image: nuclio/dashboard:0.5.11-amd64
        ports:
        - containerPort: 8070
        volumeMounts:
        - mountPath: /var/run/docker.sock
          name: docker-sock
        - name: registry-credentials
          mountPath: "/etc/nuclio/dashboard/registry-credentials"
          readOnly: true
      volumes:
      - name: docker-sock
        hostPath:
          path: /var/run/docker.sock
      - name: registry-credentials
        secret:
          secretName: registry-credentials
          optional: true
      serviceAccountName: nuclio
---
apiVersion: v1
kind: Service
metadata:
  name: nuclio-dashboard
  namespace: nuclio
spec:
  type: NodePort
  selector:
    nuclio.io/app: dashboard
  ports:
  - name: admin
    port: 8070
    protocol: TCP

效果

界面

几个问题

• 私服

  目前UI 界面不是很好，不支持自定义配置，如果使用dockerhub 是没有问题的，私服需要结合UI以及yaml 文件

创建secret 
kubectl create secret docker-registry registry-credentials --namespace nuclio \
    --docker-username admin \
    --docker-password   password \
    --docker-server  docker-image-server \
    --docker-email 1141591465@qq.com

• 修改function 定义

  主要是添加registry 定义

spec:
  ...
  build:
    registry: docker-image-server/username| harbor projectname
  ...

• 通过ingress 调用

  是通过使用trigger方式调用的

参考配置：
https://github.com/nuclio/nuclio/blob/master/docs/concepts/k8s/function-ingress.md

apiVersion: "nuclio.io/v1"
kind: "Function"
spec:
  runtime: "golang"
  triggers:
    http:
      maxWorkers: 8
      kind: http
      attributes:
        ingresses:
          first:
            paths:
            - /first/path
            - /second/path
          second:
            host: my.host.com
            paths:
            - /first/from/host

参考资料

https://github.com/nuclio/nuclio/blob/master/docs/concepts/k8s/function-ingress.md
https://github.com/nuclio/nuclio
https://github.com/nuclio/nuclio/blob/master/docs/setup/k8s/getting-started-k8s.md