安装配置knative-serving
配置基础组件
# 考虑 image 可能存在拉取问题,可以使用 https://github.com/DaoCloud/public-image-mirror 方法替换
kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.15.2/serving-crds.yaml
kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.15.2/serving-core.yaml
配置 Install a networking layer
这3个模块,是3选一,官方建议,如果了解不深刻,就盲选 Kourier(因为它简单,够用)
- Kourier (Choose this if you are not sure)
- Istio
- Contour
kubectl apply -f https://github.com/knative/net-kourier/releases/download/knative-v1.15.1/kourier.yaml
kubectl patch configmap/config-network \
--namespace knative-serving \
--type merge \
--patch '{"data":{"ingress-class":"kourier.ingress.networking.knative.dev"}}'
安装 cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.yaml
更新 knative-serving 各种配置
- 配置使用自定义域名
- 更新dns
- 配置自动https证书
- 每个服务独立证书
- 每个namespace复用1套证书
cert-manager issuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
spec:
acme:
email: [email protected]
privateKeySecretRef:
name: example-issuer-account-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: kourier.ingress.networking.knative.dev
更新dns
比如, *.ok.com 范域名指向 通过 kubectl --namespace kourier-system get service kourier 获取到的公网IP。
更新 knative-configmap
kubectl edit configmap config-network -n knative-serving
关键信息
apiVersion: v1
kind: ConfigMap
metadata:
name: config-network
namespace: knative-serving
data:
...
external-domain-tls: Enabled
重启 knative
kubectl rollout restart deploy/controller -n knative-serving