Knative Serving 安装

发布时间: 更新时间: 总字数:1059 阅读时间:3m 作者: IP上海 分享 网址

Knative Serving 安装

部署 Serving

示例参考

# 1. 安装 CRDs
kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.7.0/serving-crds.yaml

# 2. 安装 Serving 核心组件
curl -Lfs -o serving-core.yaml https://github.com/knative/serving/releases/download/knative-v1.7.0/serving-core.yaml

# 原始镜像被墙,使用mirrors源
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/webhook#gcrioknative/serving-webhook#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/activator#gcrioknative/serving-activator#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook#gcrioknative/serving-domain-mapping-webhook#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping#gcrioknative/serving-domain-mapping#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/controller#gcrioknative/serving-controller#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler#gcrioknative/serving-autoscaler#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/serving/cmd/queue#gcrioknative/serving-queue#g' -i *.yaml

# 替换镜像版本
sed "s#@sha256:.*#:v1.7.0#g" -i serving-core.yaml

# 测试环境限制集群规模
sed 's#maxReplicas: 20#maxReplicas: 1#g' -i serving-core.yaml
sed 's#maxReplicas: 5#maxReplicas: 1#g' -i serving-core.yaml

# 安装
kubectl apply -f serving-core.yaml

说明:

Serving 安装日志

Serving-install-log
root@k8s-master:~/knative# kubectl apply -f serving-crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificates.networking.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/configurations.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/clusterdomainclaims.networking.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/domainmappings.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/ingresses.networking.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/metrics.autoscaling.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/podautoscalers.autoscaling.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/revisions.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/routes.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/serverlessservices.networking.internal.knative.dev created
customresourcedefinition.apiextensions.k8s.io/services.serving.knative.dev created
customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev created
root@k8s-master:~/knative# kubectl apply -f serving-core.yaml
namespace/knative-serving created
clusterrole.rbac.authorization.k8s.io/knative-serving-aggregated-addressable-resolver unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-addressable-resolver unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-admin unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-edit unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-view unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-core unchanged
clusterrole.rbac.authorization.k8s.io/knative-serving-podspecable-binding unchanged
serviceaccount/controller created
clusterrole.rbac.authorization.k8s.io/knative-serving-admin unchanged
clusterrolebinding.rbac.authorization.k8s.io/knative-serving-controller-admin unchanged
clusterrolebinding.rbac.authorization.k8s.io/knative-serving-controller-addressable-resolver unchanged
customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/certificates.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/configurations.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/clusterdomainclaims.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/domainmappings.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/ingresses.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/metrics.autoscaling.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/podautoscalers.autoscaling.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/revisions.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/routes.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/serverlessservices.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/services.serving.knative.dev unchanged
secret/serving-certs-ctrl-ca created
secret/knative-serving-certs created
image.caching.internal.knative.dev/queue-proxy created
configmap/config-autoscaler created
configmap/config-defaults created
configmap/config-deployment created
configmap/config-domain created
configmap/config-features created
configmap/config-gc created
configmap/config-leader-election created
configmap/config-logging created
configmap/config-network created
configmap/config-observability created
configmap/config-tracing created
Warning: autoscaling/v2beta2 HorizontalPodAutoscaler is deprecated in v1.23+, unavailable in v1.26+; use autoscaling/v2 HorizontalPodAutoscaler
horizontalpodautoscaler.autoscaling/activator created
poddisruptionbudget.policy/activator-pdb created
deployment.apps/activator created
service/activator-service created
deployment.apps/autoscaler created
service/autoscaler created
deployment.apps/controller created
service/controller created
deployment.apps/domain-mapping created
deployment.apps/domainmapping-webhook created
service/domainmapping-webhook created
horizontalpodautoscaler.autoscaling/webhook created
poddisruptionbudget.policy/webhook-pdb created
deployment.apps/webhook created
service/webhook created
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.serving.knative.dev unchanged
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.serving.knative.dev unchanged
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.domainmapping.serving.knative.dev created
secret/domainmapping-webhook-certs created
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.domainmapping.serving.knative.dev created
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.serving.knative.dev unchanged
secret/webhook-certs created
root@k8s-master:~/knative# kubectl -n knative-serving get all
NAME                                         READY   STATUS    RESTARTS   AGE
pod/activator-84cbcd7bd-njnpt                1/1     Running   0          13m
pod/autoscaler-75965477fd-vd5rf              1/1     Running   0          13m
pod/controller-76dd96d457-mw6rz              1/1     Running   0          13m
pod/domain-mapping-ccdcfcd89-d6v9v           1/1     Running   0          13m
pod/domainmapping-webhook-79f6f4f9d6-xgxzq   1/1     Running   0          13m
pod/webhook-5448865f65-km9ps                 1/1     Running   0          2m5s

NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                   AGE
service/activator-service            ClusterIP   10.101.163.40    <none>        9090/TCP,8008/TCP,80/TCP,81/TCP,443/TCP   13m
service/autoscaler                   ClusterIP   10.106.240.43    <none>        9090/TCP,8008/TCP,8080/TCP                13m
service/autoscaler-bucket-00-of-01   ClusterIP   10.100.252.215   <none>        8080/TCP                                  9m39s
service/controller                   ClusterIP   10.99.107.3      <none>        9090/TCP,8008/TCP                         13m
service/domainmapping-webhook        ClusterIP   10.111.72.172    <none>        9090/TCP,8008/TCP,443/TCP                 13m
service/webhook                      ClusterIP   10.107.149.240   <none>        9090/TCP,8008/TCP,443/TCP                 13m

NAME                                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/activator               1/1     1            1           13m
deployment.apps/autoscaler              1/1     1            1           13m
deployment.apps/controller              1/1     1            1           13m
deployment.apps/domain-mapping          1/1     1            1           13m
deployment.apps/domainmapping-webhook   1/1     1            1           13m
deployment.apps/webhook                 1/1     1            1           13m

NAME                                               DESIRED   CURRENT   READY   AGE
replicaset.apps/activator-84cbcd7bd                1         1         1       13m
replicaset.apps/autoscaler-75965477fd              1         1         1       13m
replicaset.apps/controller-76dd96d457              1         1         1       13m
replicaset.apps/domain-mapping-ccdcfcd89           1         1         1       13m
replicaset.apps/domainmapping-webhook-79f6f4f9d6   1         1         1       13m
replicaset.apps/webhook-5448865f65                 1         1         1       2m5s
replicaset.apps/webhook-6bf7d47fc6                 0         0         0       13m

NAME                                            REFERENCE              TARGETS          MINPODS   MAXPODS   REPLICAS   AGE
horizontalpodautoscaler.autoscaling/activator   Deployment/activator   <unknown>/100%   1         1         1          13m
horizontalpodautoscaler.autoscaling/webhook     Deployment/webhook     <unknown>/100%   1         1         1          13m
root@k8s-master:~/knative# kubectl api-resources | grep -i knative
metrics                                           autoscaling.internal.knative.dev/v1alpha1   true         Metric
podautoscalers                    kpa,pa          autoscaling.internal.knative.dev/v1alpha1   true         PodAutoscaler
images                                            caching.internal.knative.dev/v1alpha1       true         Image
certificates                      kcert           networking.internal.knative.dev/v1alpha1    true         Certificate
clusterdomainclaims               cdc             networking.internal.knative.dev/v1alpha1    false        ClusterDomainClaim
ingresses                         kingress,king   networking.internal.knative.dev/v1alpha1    true         Ingress
serverlessservices                sks             networking.internal.knative.dev/v1alpha1    true         ServerlessService
configurations                    config,cfg      serving.knative.dev/v1                      true         Configuration
domainmappings                    dm              serving.knative.dev/v1beta1                 true         DomainMapping
revisions                         rev             serving.knative.dev/v1                      true         Revision
routes                            rt              serving.knative.dev/v1                      true         Route
services                          kservice,ksvc   serving.knative.dev/v1                      true         Service

部署网络层组件

Istio

# 0. 准备
curl -Lfs -o istio.yaml https://github.com/knative/net-istio/releases/download/knative-v1.7.0/istio.yaml

# 根据版本不同,一些 API 不兼容,升级下配置文件的版本即可,kubectl api-resources |grep PodDisruptionBudget
sed 's#policy/v1beta1#policy/v1#g' -i istio.yaml
sed 's#maxReplicas: 10#maxReplicas: 2#g' -i istio.yaml
sed 's#minReplicas: 3#minReplicas: 1#g' -i istio.yaml

# 1. 安装 CRDs
kubectl apply -l knative.dev/crd-install=true -f istio.yaml

# 2. 安装 Istio 插件
kubectl apply -f istio.yaml

# 3. 安装 Knative Istio controller
curl -LfS -o net-istio.yaml https://github.com/knative/net-istio/releases/download/knative-v1.7.0/net-istio.yaml

sed 's#gcr.io/knative-releases/knative.dev/net-istio/cmd/controller#gcrioknative/net-istio-controller#g' -i *.yaml
sed 's#gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook#gcrioknative/net-istio-webhook#g' -i *.yaml

# 替换镜像版本
sed "s#@sha256:.*#:v1.7.0#g" -i net-istio.yaml

kubectl apply -f net-istio.yaml

# 4. 查看 istio ingressgateway svc 信息
root@k8s-master:~/knative# kubectl --namespace istio-system get service istio-ingressgateway
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                                      AGE
istio-ingressgateway   NodePort   10.96.242.187   <none>        15021:30455/TCP,80:30999/TCP,443:32324/TCP   36h
  • 安装 istio-net 日志
knative-istio-net-install
root@k8s-master:~/knative# kubectl apply -l knative.dev/crd-install=true -f istio.yaml
customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io created
customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io created
customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io created
customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io created
customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io created
customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io created
customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io created
customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io created
root@k8s-master:~/knative# kubectl apply -f istio.yaml
namespace/istio-system unchanged
serviceaccount/istio-ingressgateway-service-account unchanged
serviceaccount/istio-reader-service-account unchanged
serviceaccount/istiod unchanged
serviceaccount/istiod-service-account unchanged
clusterrole.rbac.authorization.k8s.io/istio-reader-clusterrole-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istio-reader-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istiod-clusterrole-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istiod-gateway-controller-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istiod-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istio-reader-clusterrole-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istio-reader-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istiod-clusterrole-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istiod-gateway-controller-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istiod-istio-system unchanged
role.rbac.authorization.k8s.io/istio-ingressgateway-sds unchanged
role.rbac.authorization.k8s.io/istiod unchanged
role.rbac.authorization.k8s.io/istiod-istio-system unchanged
rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds unchanged
rolebinding.rbac.authorization.k8s.io/istiod unchanged
rolebinding.rbac.authorization.k8s.io/istiod-istio-system unchanged
customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io unchanged
configmap/istio unchanged
configmap/istio-sidecar-injector unchanged
deployment.apps/istio-ingressgateway configured
deployment.apps/istiod configured
service/istio-ingressgateway unchanged
service/istiod unchanged
Warning: autoscaling/v2beta2 HorizontalPodAutoscaler is deprecated in v1.23+, unavailable in v1.26+; use autoscaling/v2 HorizontalPodAutoscaler
horizontalpodautoscaler.autoscaling/istiod unchanged
poddisruptionbudget.policy/istio-ingressgateway configured
poddisruptionbudget.policy/istiod configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/istio-sidecar-injector configured
validatingwebhookconfiguration.admissionregistration.k8s.io/istio-validator-istio-system configured
envoyfilter.networking.istio.io/stats-filter-1.11 created
envoyfilter.networking.istio.io/stats-filter-1.12 created
envoyfilter.networking.istio.io/stats-filter-1.13 created
envoyfilter.networking.istio.io/stats-filter-1.14 created
envoyfilter.networking.istio.io/stats-filter-1.15 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.11 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.12 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.13 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.14 created
envoyfilter.networking.istio.io/tcp-stats-filter-1.15 created
root@k8s-master:~/knative# kubectl apply -f net-istio.yaml
clusterrole.rbac.authorization.k8s.io/knative-serving-istio created
gateway.networking.istio.io/knative-ingress-gateway created
gateway.networking.istio.io/knative-local-gateway created
service/knative-local-gateway created
configmap/config-istio created
peerauthentication.security.istio.io/webhook created
peerauthentication.security.istio.io/domainmapping-webhook created
peerauthentication.security.istio.io/net-istio-webhook created
deployment.apps/net-istio-controller created
deployment.apps/net-istio-webhook created
secret/net-istio-webhook-certs created
service/net-istio-webhook created
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.istio.networking.internal.knative.dev created
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.istio.networking.internal.knative.dev created
  • 操作后,检查资源情况如下:
^Croot@k8s-master:~/knative# kubectl -n knative-serving get pod
NAME                                     READY   STATUS    RESTARTS   AGE
activator-84cbcd7bd-njnpt                1/1     Running   0          51m
autoscaler-75965477fd-vd5rf              1/1     Running   0          51m
controller-76dd96d457-mw6rz              1/1     Running   0          51m
domain-mapping-ccdcfcd89-d6v9v           1/1     Running   0          51m
domainmapping-webhook-79f6f4f9d6-xgxzq   1/1     Running   0          51m
net-istio-controller-6899897874-nkfss    1/1     Running   0          5m11s
net-istio-webhook-7679886d7-97dbh        1/1     Running   0          5m11s
webhook-5448865f65-km9ps                 1/1     Running   0          40m
root@k8s-master:~/knative# kubectl -n istio-system get pod
NAME                                    READY   STATUS    RESTARTS   AGE
istio-egressgateway-579dc4df64-dtwms    1/1     Running   0          36h
istio-ingressgateway-6849fc894d-759lj   1/1     Running   0          28m
istio-ingressgateway-6849fc894d-c95np   1/1     Running   0          28m
istio-ingressgateway-6849fc894d-rfpzx   1/1     Running   0          28m
istiod-9c5b49645-2jp49                  1/1     Running   0          28m
istiod-9c5b49645-vjghz                  0/1     Pending   0          27m
Home Archives Categories Tags Statistics
本文总阅读量 次 本站总访问量 次 本站总访客数