Shulou(Shulou.com)06/02 Report--

How to carry out Knative practice, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

At this year's Google Cloud Next conference, Google released Knative, an open source Serverless tool component jointly launched by cloud vendors such as Google, Pivotal, Redhat and IBM. Together with Istio,Kubernetes, it forms the troika of open source Serverless services.

This paper comes from the practice of Andy, a senior technical expert of the American team in the middleware division of Alibaba, in Knative. Andy has long been concerned about the field of Service Mesh technology and has rich practice and development experience in Cloud Foundry,Kubernetes,Envoy. Join the Service Mesh developer group, Wechat add "zjjxg2018", and note the company-city information.

What's interesting is that these companies compete with each other, but can contribute their expertise to the same open source project. Another interesting thing is the change in the definition of Serverless. In the past, when it comes to Serverless, people are equated with FaaS, so it feels like all you have to do is submit the function code and then define event trigger. Now Knative has transformed the concept of Serverless into free operation and maintenance: users still need to have server, but it is easier for operation and maintenance than to manage a Kubernetes cluster, and they do not have to pay for server resources when they are not in use. In addition, the application scenario of FaaS is very small, and only small and fast functions can be easily deployed. Knative is deployed in a self-service way, with a wider range of application scenarios, and general applications can be deployed as Serverless.

According to the documentation provided by Knative, a complete Serverless is divided into _ _ Build__,__Serve__ and _ _ Eventing__. In this article, we will follow the Knative github installation guidelines on Ali Cloud step by step to implement a Knative application.

Prepare for

Create Kubernetes cluster

To create a Kubernetes cluster on Aliyun, use the default settings of the system, but make sure you have Admin permissions. If you use an existing cluster, please make sure that the version of Kubernetes is above 1.10.

Install Knative

This process is divided into two steps:

Install Istio:

Knative's Istio has some self-defined resources, so don't use the default installation of the Istio website. However, the existing Knative guidelines have not been updated, still 0.8, a bit old. What I use is 1.0:

Curl https://raw.githubusercontent.com/knative/serving/master/third_party/istio-1.0.0/istio.yaml

This installation will take some time, but it is necessary. Because Knative relies on Istio to join Serverless, rather than directly through Kubernetes. After all the installations are complete, we need to turn on Istio automatic injection:

Kubectl label namespace default istio-injection=enabled

one

Install the Knative components:

Execute the following command:

Kubectl apply-f https://github.com/knative/serving/releases/download/v0.1.1/release.yaml

Wait a while after installation and confirm:

Kubectl get pods-n knative-serving-w

Kubectl get pods-n knative-build-w

Careful students will find that there are only two parts installed here: Build and Serving, what about Eventing? It needs to be installed separately.

Kubectl apply-f https://storage.googleapis.com/knative-releases/eventing/latest/release.yaml

Similarly, run this command to confirm:

Kubectl get pods-n knative-eventing-w

one

Build

Build is currently the most informative part of the Knative project. Because Pivotal took out the packing treasure build packs to join Knative. Google, who worked as an app engine for many years before, has accumulated a lot of experience in this area.

In implementation, Build is a Kubernetes Custom Resource Definition (CRD). Like other Kubernetes CRD, the way it is defined is through YAML, and the way it is called is API. Users can choose different build template, such as Google's kaniko,Pivotal 's build pack, and so on. In this article, we choose kaniko build.

Install Kaniko Build Template first:

Kubectl apply-f https://raw.githubusercontent.com/knative/build-templates/master/kaniko/kaniko.yaml

The biggest difference between Kaniko build template and Docker build template is that users do not need to install Docker engine locally. Kaniko moves the code to the cloud to generate Image. The source code can be located on a remote server and the corresponding Dockerfile is specified.

However, there is a problem: how does Kaniko access the user's docker account? Therefore, we need to create a secret that stores the user's docker username and password in it. Then, you need a service account to bind the secret.

Vim secret.yaml

ApiVersion: v1

Kind: Secret

Metadata:

Name: docker-user-pass

Annotations:

Build.knative.dev/docker-0: https://index.docker.io/v1/

Type: kubernetes.io/basic-auth

StringData:

Username:

Password:

Replace the username and password here with your own account information, and then save it.

Kubectl apply-f secret.yaml

Vim service-account.yaml

ApiVersion: v1

Kind: ServiceAccount

Metadata:

Name: build-bot

Secrets:

-name: docker-user-pass

Execute after saving:

Kubectl apply-f service-account.yaml

Then we create Kubernetes manifest vim build.yaml:

ApiVersion: build.knative.dev/v1alpha1

Kind: Build

Metadata:

Name: docker-build

Spec:

ServiceAccountName: build-bot # service account created above

Source:

Git:

Revision: master

Url: "https://github.com/szihai/hello-go.git"

Steps:

-

Args:

"--dockerfile=/workspace/Dockerfile"

"--destination=docker.io/xxx/helloworld-go"

Image: "gcr.io/kaniko-project/executor:v0.1.0"

Name: build-and-push

The sample app used in this article is fork from Knative repo. (example)

Here, we specify that template uses Kaniko. Then you can see that we referenced the previous ServiceAccount to access secret. Before using this, replace the destination in it with your own docker id, save it and execute it with kubectl apply-f build.yaml.

So, how do you know if the remote Kaniko is done or not? Kubernetes creates a job for kind: Build. Use kubectl get pods to find a pod for docker-build-xxxx. Then run: kubectl-n default logs docker-build-xxxx-c build-step-build-and-push to observe the situation of build.

We can also look directly at Kubetnetes build objects: kubectl describe builds. The information you are looking for is:

Of course, the most direct way is to find the Image on your own Docker hub.

Serving

This section is not much different from a normal Kubetnetes service release. First define a service: vim service.yaml

ApiVersion: serving.knative.dev/v1alpha1

Kind: Service

Metadata:

Name: helloworld-go

Namespace: default

Spec:

RunLatest:

Configuration:

RevisionTemplate:

Spec:

Container:

Image: docker.io/ {username} / helloworld-go

Env:

-name: TARGET

Value: "Go Sample v1"

Run kubectl apply-f service.yaml. It is important to note that we use serving.knative.dev 's API here. So it's different from other deployments: no deployment.yaml is required. This can be understood as that deployment is arranged by knative. If you run kubectl get deployments, you can see helloworld-go-xxxx-deployment.

The next question is, how to access this service? At this point, Istio came out. Usually we have to create our own Ingress or LB, but now knative does it for us through Istio. First, we get the IP address of Ingress Gateway:

Kubectl get svc knative-ingressgateway-n istio-system

Find EXTERNAL-IP here. Then we find Domain name:

Kubectl get service.serving.knative.dev helloworld-go-obliquely customized columns. Metadata.namememe DOMAINVR .status.domain

one

Then run:

Curl-H "Host: {DOMAIN}" http://{EXTERNAL-IP}

one

The result should be: Hello World: Go Sample v1!

If you haven't accessed the service for a while, you'll find that when you run kubectl get pods, these helloworld-go pod are missing. That's when knative reduced the number of replica to zero.

Eventing

For FaaS, Eventing is the mechanism that triggers the function. Above, we use curl to access the service, in fact, just for testing. In the real deployment process, the function should be triggered by an event.

Eventing is the main function of traditional FaaS, and it is the only part that is really relevant to developers except the source code. Because of this, other FaaS, such as Lambda, Openshift, etc., can interface with Knative through this layer.

The Eventing designed by Knative includes three main concepts:

Source: this is the origin of the event, which can be understood as an interface with other systems. Currently supported include K8seventsGitHub and GCP PubSub.

Buses: the path through which events are transmitted. Currently, Stub,Kafka and GCP PubSub are supported.

Flows: defines the reaction to events. This can be a chain reaction rather than a single one.

So, all we have to do is pick a Source, pick a Bus, and then define a Flow, and that's it.

In this article, we choose K8events and Stub ClusterBus. Put them on first:

Kubectl apply-f https://storage.googleapis.com/knative-releases/eventing/latest/release-clusterbus-stub.yaml

Kubectl apply-f https://storage.googleapis.com/knative-releases/eventing/latest/release-source-k8sevents.yaml

Before generating flow, there is a small problem: K8 event is generated internally by Kubernetes, and if you want to receive it, you must authorize it through a Service Account. This is the requirement of Kubernetes and is not the focus of this article. As before, execute after saving:

ApiVersion: v1

Kind: ServiceAccount

Metadata:

Name: feed-sa

Namespace: default

-

ApiVersion: rbac.authorization.k8s.io/v1

Kind: Role

Metadata:

Name: create-deployment

Namespace: default

Rules:

-apiGroups: ["apps"]

Resources: ["deployments"]

Verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]

-

# This enables the feed-sa to deploy the receive adapter.

ApiVersion: rbac.authorization.k8s.io/v1

Kind: RoleBinding

Metadata:

Name: feed-sa-deploy

Namespace: default

Subjects:

-kind: ServiceAccount

Name: feed-sa

Namespace: default

RoleRef:

Kind: Role

Name: create-deployment

ApiGroup: rbac.authorization.k8s.io

-

# This enables reading k8s events from all namespaces.

ApiVersion: rbac.authorization.k8s.io/v1

Kind: ClusterRoleBinding

Metadata:

Name: feed-admin

Subjects:

-kind: ServiceAccount

Name: feed-sa

Namespace: default

RoleRef:

Kind: ClusterRole

Name: view

ApiGroup: rbac.authorization.k8s.io

The next major step is to create the flow:vim flow.yaml:

ApiVersion: flows.knative.dev/v1alpha1

Kind: Flow

Metadata:

Name: k8s-event-flow

Namespace: default

Spec:

ServiceAccountName: feed-sa

Trigger:

EventType: dev.knative.k8s.event

Resource: k8sevents/dev.knative.k8s.event

Service: k8sevents

Parameters:

Namespace: default

Action:

Target:

Kind: Route

ApiVersion: serving.knative.dev/v1alpha1

Name: helloworld-go

Then run kubectl apply-f flow.yaml.

Let's see if it's really working. Run after a while:

Kubectl get pods will see that k8s-event-flow-xxx 's job is running out. Then helloworld-go 's pod is activated. Let's take a look at the log: kubectl logs helloworld-go-xxxxx user-container, and we will see the following result:

Hello world received a request.

Hello world received a request.

Hello world received a request.

Hello world received a request.

...

This shows that the link is working. So what does this definition of flow say? The first is to use the service account just defined. Then define in trigger what kind of event can meet the criteria, here we say that all k8events in default namespace are met. We define how to handle it in action, and in this case we call helloworld-go service directly.

Conclusion

Knative is one of the latest evolution directions of cloud computing this year. Aliyun supports Kubernetes and can successfully run applications such as Knative and Istio. You can also experience it on Aliyun!

Of course, as a new and high-profile project, Knative will also experience its growing pains. We will continue to follow up and provide sharing related to Knative, but not limited to practice, please look forward to it.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.