Serving a knative function on the root
source link: https://willschenk.com/articles/2021/serving_a_knative_function_on_the_root/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Published December 1, 2021 #kubernetes, #knative, #kourier
I want to deploy everything as a knative service, including the root of the domain.
Update: I found an easyier way.
Easy way
Turn on auto-tls
and autocreate-cluster-domain-claims
:
kubectl patch configmap config-network --namespace knative-serving -p '{"data":{"auto-tls":"Enabled","autocreate-cluster-domain-claims":"true"}}'
kn domain create gitgratitude.com --ref=homepage
That's it.
Hardway
Left here for the record.
Add ingress-nginx
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
Configure letsencrypt
Make sure to change your email address
nginx-certs.yml:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod-nginx
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: [email protected]
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: prod-issuer-account-key-nginx
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
kubectl apply -f nginx-certs.yaml
Find the ip
kubectl --namespace ingress-nginx get service ingress-nginx-controller -o json| jq ".status.loadBalancer.ingress[0].ip"
"137.184.240.185"
Create DNS entry
doctl compute domain records create gitgratitude.com --record-type A --record-data 137.184.240.185 --record-name \@
ID Type Name Data Priority Port TTL Weight 280663245 A @ 137.184.240.185 0 0 1800 0
Add a simple knative service
We are setting the min scale to 1 so there's no startup time for this service.
kubectl service create homepage --image gcr.io/knative-samples/homepage --scale-min 1
Which will result in this being deployed internally as http://homepage.default.svc.cluster.local
Simple reverse proxy service
This is available on https://github.com/wschenk/proxy
const http = require('http');
const httpProxy = require('http-proxy');
const remote = process.env.REMOTE_TARGET || "http://homepage.default.svc.cluster.local";
console.log( "Proxy starting up on port 3000" );
console.log( `Proxing to ${remote}` );
httpProxy.createProxyServer({
target: remote,
changeOrigin: true
}).listen(3000);
I'm packaging this up at ghcr.io/wschenk/proxy
Setup the proxy service
kind: Deployment
apiVersion: apps/v1
metadata:
name: homepage-proxy
spec:
replicas: 1
selector:
matchLabels:
app: homepage-proxy
template:
metadata:
labels:
app: homepage-proxy
spec:
containers:
- name: homepage-proxy
image: ghcr.io/wschenk/proxy
imagePullPolicy: Always
ports:
- containerPort: 3000
name: http
env:
- name: REMOTE_TARGET
value: http://homepage.default.svc.cluster.local
---
apiVersion: v1
kind: Service
metadata:
name: homepage-proxy
spec:
ports:
- protocol: TCP
port: 80
targetPort: http
selector:
app: homepage-proxy
kubectl apply -f proxy.yaml
deployment.apps/homepage-proxy configured service/homepage-proxy unchanged
Create ingress.yaml
ingress.yaml
:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitgratitude-root
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: letsencrypt-prod-nginx
kubernetes.io/tls-acme: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- gitgratitude.com
secretName: gratitude-root-tls
rules:
- host: gitgratitude.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: homepage-proxy
port:
number: 80
kubectl apply -f ingress.yaml
ingress.networking.k8s.io/gitgratitude-root configured
Testing
kn service update helloworld-go --env TARGET="World"
curl https://gitgratitude.com
Hello World!
kn service update helloworld-go --env TARGET="from knative"
curl https://gitgratitude.com
Hello from knative!
Conclusion
The reverse proxy is a little bit weird, since we are proxying through a couple of different layers, but this allows us to deploy everything as a knative service.
References
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK