Knative Serving 安装
部署 Serving
示例参考
# 1. 安装 CRDs
kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.7.0/serving-crds.yaml
# 2. 安装 Serving 核心组件
curl -Lfs -o serving-core.yaml https://github.com/knative/serving/releases/download/knative-v1.7.0/serving-core.yaml
# 原始镜像被墙,使用mirrors源
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/webhook#gcrioknative/serving-webhook#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/activator#gcrioknative/serving-activator#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook#gcrioknative/serving-domain-mapping-webhook#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping#gcrioknative/serving-domain-mapping#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/controller#gcrioknative/serving-controller#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler#gcrioknative/serving-autoscaler#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/queue#gcrioknative/serving-queue#g' -i *.yaml
# 替换镜像版本
sed "s#@sha256:.*#:v1.7.0#g" -i serving-core.yaml
# 测试环境限制集群规模
sed 's#maxReplicas: 20#maxReplicas: 1#g' -i serving-core.yaml
sed 's#maxReplicas: 5#maxReplicas: 1#g' -i serving-core.yaml
# 安装
kubectl apply -f serving-core.yaml
说明:
Serving 安装日志
root@k8s-master:~/knative# kubectl apply -f serving-crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificates.networking.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/configurations.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/clusterdomainclaims.networking.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/domainmappings.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/ingresses.networking.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/metrics.autoscaling.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/podautoscalers.autoscaling.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/revisions.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/routes.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/serverlessservices.networking.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/services.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev created
root@k8s-master:~/knative# kubectl apply -f serving-core.yaml
namespace/knative-serving created
clusterrole.rbac.authorization.k8s.io/knative-serving-aggregated-addressable-resolver unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-addressable-resolver unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-admin unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-edit unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-view unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-core unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-podspecable-binding unchanged
serviceaccount/controller created
clusterrole.rbac.authorization.k8s.io/knative-serving-admin unchanged
clusterrolebinding.rbac.authorization.k8s.io/knative-serving-controller-admin unchanged
clusterrolebinding.rbac.authorization.k8s.io/knative-serving-controller-addressable-resolver unchanged
customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/certificates.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/configurations.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/clusterdomainclaims.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/domainmappings.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/ingresses.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/metrics.autoscaling.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/podautoscalers.autoscaling.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/revisions.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/routes.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/serverlessservices.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/services.serving.knative.dev unchanged
secret/serving-certs-ctrl-ca created
secret/knative-serving-certs created
image.caching.internal.knative.dev/queue-proxy created
configmap/config-autoscaler created
configmap/config-defaults created
configmap/config-deployment created
configmap/config-domain created
configmap/config-features created
configmap/config-gc created
configmap/config-leader-election created
configmap/config-logging created
configmap/config-network created
configmap/config-observability created
configmap/config-tracing created
Warning: autoscaling/v2beta2 HorizontalPodAutoscaler is deprecated in v1.23+, unavailable in v1.26+; use autoscaling/v2 HorizontalPodAutoscaler
horizontalpodautoscaler.autoscaling/activator created
poddisruptionbudget.policy/activator-pdb created
deployment.apps/activator created
service/activator-service created
deployment.apps/autoscaler created
service/autoscaler created
deployment.apps/controller created
service/controller created
deployment.apps/domain-mapping created
deployment.apps/domainmapping-webhook created
service/domainmapping-webhook created
horizontalpodautoscaler.autoscaling/webhook created
poddisruptionbudget.policy/webhook-pdb created
deployment.apps/webhook created
service/webhook created
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.serving.knative.dev unchanged
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.serving.knative.dev unchanged
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.domainmapping.serving.knative.dev created
secret/domainmapping-webhook-certs created
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.domainmapping.serving.knative.dev created
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.serving.knative.dev unchanged
secret/webhook-certs created
root@k8s-master:~/knative# kubectl -n knative-serving get all
NAME READY STATUS RESTARTS AGE
pod/activator-84cbcd7bd-njnpt 1/1 Running 0 13m
pod/autoscaler-75965477fd-vd5rf 1/1 Running 0 13m
pod/controller-76dd96d457-mw6rz 1/1 Running 0 13m
pod/domain-mapping-ccdcfcd89-d6v9v 1/1 Running 0 13m
pod/domainmapping-webhook-79f6f4f9d6-xgxzq 1/1 Running 0 13m
pod/webhook-5448865f65-km9ps 1/1 Running 0 2m5s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/activator-service ClusterIP 10.101.163.40 <none> 9090/TCP,8008/TCP,80/TCP,81/TCP,443/TCP 13m
service/autoscaler ClusterIP 10.106.240.43 <none> 9090/TCP,8008/TCP,8080/TCP 13m
service/autoscaler-bucket-00-of-01 ClusterIP 10.100.252.215 <none> 8080/TCP 9m39s
service/controller ClusterIP 10.99.107.3 <none> 9090/TCP,8008/TCP 13m
service/domainmapping-webhook ClusterIP 10.111.72.172 <none> 9090/TCP,8008/TCP,443/TCP 13m
service/webhook ClusterIP 10.107.149.240 <none> 9090/TCP,8008/TCP,443/TCP 13m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/activator 1/1 1 1 13m
deployment.apps/autoscaler 1/1 1 1 13m
deployment.apps/controller 1/1 1 1 13m
deployment.apps/domain-mapping 1/1 1 1 13m
deployment.apps/domainmapping-webhook 1/1 1 1 13m
deployment.apps/webhook 1/1 1 1 13m
NAME DESIRED CURRENT READY AGE
replicaset.apps/activator-84cbcd7bd 1 1 1 13m
replicaset.apps/autoscaler-75965477fd 1 1 1 13m
replicaset.apps/controller-76dd96d457 1 1 1 13m
replicaset.apps/domain-mapping-ccdcfcd89 1 1 1 13m
replicaset.apps/domainmapping-webhook-79f6f4f9d6 1 1 1 13m
replicaset.apps/webhook-5448865f65 1 1 1 2m5s
replicaset.apps/webhook-6bf7d47fc6 0 0 0 13m
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/activator Deployment/activator <unknown>/100% 1 1 1 13m
horizontalpodautoscaler.autoscaling/webhook Deployment/webhook <unknown>/100% 1 1 1 13m
root@k8s-master:~/knative# kubectl api-resources | grep -i knative
metrics autoscaling.internal.knative.dev/v1alpha1 true Metric
podautoscalers kpa,pa autoscaling.internal.knative.dev/v1alpha1 true PodAutoscaler
images caching.internal.knative.dev/v1alpha1 true Image
certificates kcert networking.internal.knative.dev/v1alpha1 true Certificate
clusterdomainclaims cdc networking.internal.knative.dev/v1alpha1 false ClusterDomainClaim
ingresses kingress,king networking.internal.knative.dev/v1alpha1 true Ingress
serverlessservices sks networking.internal.knative.dev/v1alpha1 true ServerlessService
configurations config,cfg serving.knative.dev/v1 true Configuration
domainmappings dm serving.knative.dev/v1beta1 true DomainMapping
revisions rev serving.knative.dev/v1 true Revision
routes rt serving.knative.dev/v1 true Route
services kservice,ksvc serving.knative.dev/v1 true Service
部署网络层组件
Istio
# 0. 准备
curl -Lfs -o istio.yaml https://github.com/knative/net-istio/releases/download/knative-v1.7.0/istio.yaml
# 根据版本不同,一些 API 不兼容,升级下配置文件的版本即可,kubectl api-resources |grep PodDisruptionBudget
sed 's#policy/v1beta1#policy/v1#g' -i istio.yaml
sed 's#maxReplicas: 10#maxReplicas: 2#g' -i istio.yaml
sed 's#minReplicas: 3#minReplicas: 1#g' -i istio.yaml
# 1. 安装 CRDs
kubectl apply -l knative.dev/crd-install=true -f istio.yaml
# 2. 安装 Istio 插件
kubectl apply -f istio.yaml
# 3. 安装 Knative Istio controller
curl -LfS -o net-istio.yaml https://github.com/knative/net-istio/releases/download/knative-v1.7.0/net-istio.yaml
sed 's#gcr.io/knative-releases/knative.dev/net-istio/cmd/controller#gcrioknative/net-istio-controller#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook#gcrioknative/net-istio-webhook#g' -i *.yaml
# 替换镜像版本
sed "s#@sha256:.*#:v1.7.0#g" -i net-istio.yaml
kubectl apply -f net-istio.yaml
# 4. 查看 istio ingressgateway svc 信息
root@k8s-master:~/knative# kubectl --namespace istio-system get service istio-ingressgateway
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway NodePort 10.96.242.187 <none> 15021:30455/TCP,80:30999/TCP,443:32324/TCP 36h
root@k8s-master:~/knative# kubectl apply -l knative.dev/crd-install=true -f istio.yaml
customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io created
customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io created
customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io created
customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io created
customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io created
customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io created
customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io created
root@k8s-master:~/knative# kubectl apply -f istio.yaml
namespace/istio-system unchanged
serviceaccount/istio-ingressgateway-service-account unchanged
serviceaccount/istio-reader-service-account unchanged
serviceaccount/istiod unchanged
serviceaccount/istiod-service-account unchanged
clusterrole.rbac.authorization.k8s.io/istio-reader-clusterrole-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istio-reader-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istiod-clusterrole-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istiod-gateway-controller-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istiod-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istio-reader-clusterrole-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istio-reader-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istiod-clusterrole-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istiod-gateway-controller-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istiod-istio-system unchanged
role.rbac.authorization.k8s.io/istio-ingressgateway-sds unchanged
role.rbac.authorization.k8s.io/istiod unchanged
role.rbac.authorization.k8s.io/istiod-istio-system unchanged
rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds unchanged
rolebinding.rbac.authorization.k8s.io/istiod unchanged
rolebinding.rbac.authorization.k8s.io/istiod-istio-system unchanged
customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io unchanged
configmap/istio unchanged
configmap/istio-sidecar-injector unchanged
deployment.apps/istio-ingressgateway configured
deployment.apps/istiod configured
service/istio-ingressgateway unchanged
service/istiod unchanged
Warning: autoscaling/v2beta2 HorizontalPodAutoscaler is deprecated in v1.23+, unavailable in v1.26+; use autoscaling/v2 HorizontalPodAutoscaler
horizontalpodautoscaler.autoscaling/istiod unchanged
poddisruptionbudget.policy/istio-ingressgateway configured
poddisruptionbudget.policy/istiod configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/istio-sidecar-injector configured
validatingwebhookconfiguration.admissionregistration.k8s.io/istio-validator-istio-system configured
envoyfilter.networking.istio.io/stats-filter-1.11 created
envoyfilter.networking.istio.io/stats-filter-1.12 created
envoyfilter.networking.istio.io/stats-filter-1.13 created
envoyfilter.networking.istio.io/stats-filter-1.14 created
envoyfilter.networking.istio.io/stats-filter-1.15 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.11 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.12 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.13 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.14 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.15 created
root@k8s-master:~/knative# kubectl apply -f net-istio.yaml
clusterrole.rbac.authorization.k8s.io/knative-serving-istio created
gateway.networking.istio.io/knative-ingress-gateway created
gateway.networking.istio.io/knative-local-gateway created
service/knative-local-gateway created
configmap/config-istio created
peerauthentication.security.istio.io/webhook created
peerauthentication.security.istio.io/domainmapping-webhook created
peerauthentication.security.istio.io/net-istio-webhook created
deployment.apps/net-istio-controller created
deployment.apps/net-istio-webhook created
secret/net-istio-webhook-certs created
service/net-istio-webhook created
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.istio.networking.internal.knative.dev created
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.istio.networking.internal.knative.dev created
^Croot@k8s-master:~/knative# kubectl -n knative-serving get pod
NAME READY STATUS RESTARTS AGE
activator-84cbcd7bd-njnpt 1/1 Running 0 51m
autoscaler-75965477fd-vd5rf 1/1 Running 0 51m
controller-76dd96d457-mw6rz 1/1 Running 0 51m
domain-mapping-ccdcfcd89-d6v9v 1/1 Running 0 51m
domainmapping-webhook-79f6f4f9d6-xgxzq 1/1 Running 0 51m
net-istio-controller-6899897874-nkfss 1/1 Running 0 5m11s
net-istio-webhook-7679886d7-97dbh 1/1 Running 0 5m11s
webhook-5448865f65-km9ps 1/1 Running 0 40m
root@k8s-master:~/knative# kubectl -n istio-system get pod
NAME READY STATUS RESTARTS AGE
istio-egressgateway-579dc4df64-dtwms 1/1 Running 0 36h
istio-ingressgateway-6849fc894d-759lj 1/1 Running 0 28m
istio-ingressgateway-6849fc894d-c95np 1/1 Running 0 28m
istio-ingressgateway-6849fc894d-rfpzx 1/1 Running 0 28m
istiod-9c5b49645-2jp49 1/1 Running 0 28m
istiod-9c5b49645-vjghz 0/1 Pending 0 27m