Knative Serving

Kubernetes | 2020. 3. 9. 23:51

https://bcho.tistory.com/1322

서버리스 오픈소스 - knative #1 소개 & Serving

Serveless를 위한 오픈소스 KNative 조대협(http://bcho.tistory.com) 배경 근래에 들어서 컨테이너를 사용한 워크로드 관리는 쿠버네티스 de-facto 표준이 되어가고 있는데, 쿠버네티스 자체가 안정되어가고 있지..

bcho.tistory.com

https://gruuuuu.github.io/cloud/knative-hands-on/#

Knative를 다뤄보자! (Serving, Eventing 실습)

OverviewKnative의 Serving기능과 Eventing기능을 실습을 통해 더 자세히 알아보겠습니다.

gruuuuu.github.io

사전 준비

이전버전 Istio 삭제

$ istioctl manifest generate --set profile=demo | kubectl delete -f -

이전 bookinfo 서비스 삭제

$ kubectl delete -f samples/bookinfo/platform/kube/bookinfo.yaml

이전 tomcat 서비스 삭제

$ kubectl delete deployment terry-tomcat

$ kubectl delete service terry-tomcat

Download Istio for Kanative

https://knative.dev/docs/install/installing-istio/

설치할 Knative v0.13 을 위해서는 Istio v1.3.6 이 필요하다.

$ export ISTIO_VERSION=1.3.6

$ curl -L https://git.io/getLatestIstio | sh -

$ export PATH="/root/istio/istio-1.3.6/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"

Install Istio for Kanative

Istio CRD 생성

$ cd istio-${ISTIO_VERSION}

$ for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done

Istio 네임스페이스 생성

$ cat <<EOF | kubectl apply -f -

apiVersion: v1
kind: Namespace
metadata:
  name: istio-system
  labels:
    istio-injection: disabled
EOF

$ kubectl get ns istio-system --show-labels

NAME STATUS AGE LABELS
istio-system Active 44s istio-injection=disabled

Istio without sidecar injection

: Istio Ingress Gateway와 Istio Pilot만 설치한다.

$ helm template --namespace=istio-system \
  --set prometheus.enabled=false \
  --set mixer.enabled=false \
  --set mixer.policy.enabled=false \
  --set mixer.telemetry.enabled=false \
  `# Pilot doesn't need a sidecar.` \
  --set pilot.sidecar=false \
  --set pilot.resources.requests.memory=128Mi \
  `# Disable galley (and things requiring galley).` \
  --set galley.enabled=false \
  --set global.useMCP=false \
  `# Disable security / policy.` \
  --set security.enabled=false \
  --set global.disablePolicyChecks=true \
  `# Disable sidecar injection.` \
  --set sidecarInjectorWebhook.enabled=false \
  --set global.proxy.autoInject=disabled \
  --set global.omitSidecarInjectorConfigMap=true \
  --set gateways.istio-ingressgateway.autoscaleMin=1 \
  --set gateways.istio-ingressgateway.autoscaleMax=2 \
  `# Set pilot trace sampling to 100%` \
  --set pilot.traceSampling=100 \
  --set global.mtls.auto=false \
  install/kubernetes/helm/istio \
  > ./istio-lean.yaml

$ kubectl apply -f istio-lean.yaml

poddisruptionbudget.policy/istio-ingressgateway created
poddisruptionbudget.policy/istio-pilot created
serviceaccount/istio-ingressgateway-service-account created
serviceaccount/istio-pilot-service-account created
serviceaccount/istio-multi created
configmap/istio created
clusterrole.rbac.authorization.k8s.io/istio-pilot-istio-system created
clusterrole.rbac.authorization.k8s.io/istio-reader created
clusterrolebinding.rbac.authorization.k8s.io/istio-pilot-istio-system created
clusterrolebinding.rbac.authorization.k8s.io/istio-multi created
role.rbac.authorization.k8s.io/istio-ingressgateway-sds created
rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds created
service/istio-ingressgateway created
service/istio-pilot created
deployment.apps/istio-ingressgateway created
deployment.apps/istio-pilot created
horizontalpodautoscaler.autoscaling/istio-ingressgateway created
horizontalpodautoscaler.autoscaling/istio-pilot created

$ kubectl get pods --namespace istio-system

NAME                                    READY   STATUS    RESTARTS   AGE
istio-ingressgateway-758cb5645c-7dwjx   1/1     Running   0          5m26s
istio-pilot-b7b8f9475-8czxf             1/1     Running   0          5m26s

$ kubectl get service -n istio-system

NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                                                                                      AGE
istio-ingressgateway   LoadBalancer   10.101.187.136 <pending> 15020:30991/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:31937/TCP,15030:30136/TCP,15031:30971/TCP,15032:30636/TCP,15443:30831/TCP   7m46s
istio-pilot            ClusterIP      10.99.77.217 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP

HomeCloud에는 L4가 없으므로, istio-ingressgateway의 NodePort를 삭제하고, ExternalIP를 설정한다.

$ kubectl edit service istio-ingressgateway -n istio-system

spec:
  clusterIP: 10.101.187.136
  externalIPs:
  - 192.168.19.128
  externalTrafficPolicy: Cluster
  ports:
  - name: status-port
    ~~nodePort: 30991~~
    port: 15020
    protocol: TCP
    targetPort: 15020
  - name: http2
    ~~nodePort: 31380~~
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    ~~nodePort: 31390~~
    port: 443
    protocol: TCP
    targetPort: 443
  - name: tcp
    ~~nodePort: 31400~~
    port: 31400
    protocol: TCP
    targetPort: 31400
  - name: https-kiali
    ~~nodePort: 31937~~
    port: 15029
    protocol: TCP
    targetPort: 15029
  - name: https-prometheus
    ~~nodePort: 30136~~
    port: 15030
    protocol: TCP
    targetPort: 15030

  - name: https-grafana
    ~~nodePort: 30971~~
    port: 15031
    protocol: TCP
    targetPort: 15031
  - name: https-tracing
    ~~nodePort: 30636~~
    port: 15032
    protocol: TCP
    targetPort: 15032
  - name: tls
    ~~nodePort: 30831~~
    port: 15443
    protocol: TCP
    targetPort: 15443
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
    release: RELEASE-NAME
  sessionAffinity: None
  type: ~~LoadBalancer~~ => ClusterIP

https://knative.dev/docs/install/any-kubernetes-cluster/

Knative CRD 생성

$ kubectl apply --filename https://github.com/knative/serving/releases/download/v0.13.0/serving-crds.yaml

Knative Serving Core 설치

$ kubectl apply --filename https://github.com/knative/serving/releases/download/v0.13.0/serving-core.yaml

Knative Istio Controller 설치

$ kubectl apply --filename https://github.com/knative/serving/releases/download/v0.13.0/serving-istio.yaml

clusterrole.rbac.authorization.k8s.io/knative-serving-istio created
gateway.networking.istio.io/knative-ingress-gateway created
gateway.networking.istio.io/cluster-local-gateway created
configmap/config-istio created
deployment.apps/networking-istio created

설치된 object 확인

$ kubectl get pod -n knative-serving

NAME                               READY   STATUS      RESTARTS   AGE
activator-74bd6ddcf9-vjzxp         1/1     Running     0          99m
autoscaler-78584fb9df-nxvkd        1/1     Running     0          99m
controller-565d657675-kmcgp        1/1     Running     0          99m
networking-istio-59674f7cc-4qb6t   1/1     Running     0          96m
webhook-58c6b74779-48f59           1/1     Running     0          99m

$ kubectl get gateway -n knative-serving

NAME                      AGE
cluster-local-gateway     100m
knative-ingress-gateway   100m

Magic DNS 설정

$ kubectl apply --filename https://github.com/knative/serving/releases/download/v0.13.0/serving-default-domain.yaml

job.batch/default-domain created
service/default-domain-service created

Config Domain 수정

_example 부분을 삭제하고, terrycloud.com: "" 추가

$ kubectl edit cm config-domain --namespace knative-serving

data:
terrycloud.com: ""

  ~~_example: |~~
    ~~example.com: |~~
    ~~example.org: |~~
      ~~selector:~~
        ~~app: nonprofit~~
    ~~svc.cluster.local: |~~
      ~~selector:~~
        ~~app: secret~~

Deploy Sample Application

https://knative.dev/docs/serving/getting-started-knative-app/

"helloworld-go" Knative Servie 생성

$ vi service.yaml

apiVersion: serving.knative.dev/v1 # Current version of Knative
kind: Service
metadata:
  name: helloworld-go # The name of the app
  namespace: default # The namespace the app will use
spec:
  template:
    spec:
      containers:
        - image: gcr.io/knative-samples/helloworld-go # The URL to the image of the app
          env:
            - name: TARGET # The environment variable printed out by the sample app
              value: "Go Sample v1"

$ kubectl apply -f service.yaml

service.serving.knative.dev/helloworld-go created

$ kubectl get ksvc helloworld-go

NAME URL LATESTCREATED LATESTREADY READY
helloworld-go http://helloworld-go.default.terrycloud.com helloworld-go-2q4rd helloworld-go-2q4rd True

deployment, service, 등 필요한 kubernetes object들이 자동으로 생성됨.

$ kubectl get all | grep helloworld-go

service/helloworld-go                 ExternalName             cluster-local-gateway.istio-system.svc.cluster.local                                 20m
service/helloworld-go-2q4rd           ClusterIP      10.103.36.122                                                    80/TCP                              21m
service/helloworld-go-2q4rd-private   ClusterIP      10.100.47.143                                                    80/TCP,9090/TCP,9091/TCP,8022/TCP   21m
deployment.apps/helloworld-go-2q4rd-deployment   0/0     0            0           21m
replicaset.apps/helloworld-go-2q4rd-deployment-8f8f9bc99   0         0         0       21m
configuration.serving.knative.dev/helloworld-go   helloworld-go-2q4rd   helloworld-go-2q4rd   True
service.serving.knative.dev/helloworld-go   http://helloworld-go.default.terrycloud.com   helloworld-go-2q4rd   helloworld-go-2q4rd   True
revision.serving.knative.dev/helloworld-go-2q4rd   helloworld-go   helloworld-go-2q4rd   1            True
route.serving.knative.dev/helloworld-go   http://helloworld-go.default.terrycloud.com   True

로컬 hosts파일에 추가

192.168.19.128 helloworld-go.default.terrycloud.com

http://helloworld-go.default.terrycloud.com

Helloworld-go 어플리케이션 삭제는

$ kubectl delete --filename service.yaml

'Kubernetes' 카테고리의 다른 글

Docker (0)	2020.03.21
KF Serving (1)	2020.03.13
Istio Networking (0)	2020.03.09
Istio Service Mesh (0)	2020.03.08
Create Sample Pod (0)	2020.03.07

클라우드 아키텍처