README
¶
Kourier
Kourier is an Ingress for Knative Serving. Kourier is a lightweight alternative for the Istio ingress as its deployment consists only of an Envoy proxy and a control plane for it.
Kourier is passing the knative serving e2e and conformance tests: Kourier Testgrid.
Getting started
- Install Knative Serving, ideally without Istio:
kubectl apply -f https://github.com/knative/serving/releases/latest/download/serving-crds.yaml
kubectl apply -f https://github.com/knative/serving/releases/latest/download/serving-core.yaml
- Then install Kourier:
kubectl apply -f https://github.com/knative/net-kourier/releases/latest/download/kourier.yaml
- Configure Knative Serving to use the proper "ingress.class":
kubectl patch configmap/config-network \
-n knative-serving \
--type merge \
-p '{"data":{"ingress.class":"kourier.ingress.networking.knative.dev"}}'
- (OPTIONAL) Set your desired domain (replace 127.0.0.1.nip.io to your preferred domain):
kubectl patch configmap/config-domain \
-n knative-serving \
--type merge \
-p '{"data":{"127.0.0.1.nip.io":""}}'
- (OPTIONAL) Deploy a sample hello world app:
cat <<-EOF | kubectl apply -f -
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
spec:
template:
spec:
containers:
- image: gcr.io/knative-samples/helloworld-go
env:
- name: TARGET
value: Go Sample v1
EOF
- (OPTIONAL) For testing purposes, you can use port-forwarding to make requests to Kourier from your machine:
kubectl port-forward --namespace kourier-system $(kubectl get pod -n kourier-system -l "app=3scale-kourier-gateway" --output=jsonpath="{.items[0].metadata.name}") 8080:8080 19000:19000 8443:8443
curl -v -H "Host: helloworld-go.default.127.0.0.1.nip.io" http://localhost:8080
Deployment
By default, the deployment of the Kourier components is split between two different namespaces:
- Kourier control is deployed in the
knative-servingnamespace - The kourier gateways are deployed in the
kourier-systemnamespace
To change the Kourier gateway namespace, you will need to:
- Modify the files in
config/and replace all the namespaces fields that havekourier-systemwith the desired namespace. - Set the
KOURIER_GATEWAY_NAMESPACEenv var in the kourier-control deployment to the new namespace.
Features
- Traffic splitting between Knative revisions.
- Automatic update of endpoints as they are scaled.
- Support for gRPC services.
- Timeouts and retries.
- TLS
- External Authorization support.
Setup TLS certificate
Create a secret containing your TLS certificate and Private key:
kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
Add the following env vars to 3scale-Kourier in the "kourier" container :
CERTS_SECRET_NAMESPACE: ${NAMESPACES_WHERE_THE_SECRET_HAS_BEEN_CREATED}
CERTS_SECRET_NAME: ${CERT_NAME}
External Authorization Configuration
If you want to enable the external authorization support you can set these ENV
vars in the net-kourier-controller deployment:
KOURIER_EXTAUTHZ_HOST*: The external authorization service and port, my-auth:2222KOURIER_EXTAUTHZ_FAILUREMODEALLOW*: Allow traffic to go through if the ext auth service is down. Accepts true/falseKOURIER_EXTAUTHZ_MAXREQUESTBYTES: Max request bytes, if not set, defaults to 8192 Bytes. More info Envoy DocsKOURIER_EXTAUTHZ_TIMEOUT: Max time in ms to wait for the ext authz service. Defaults to 2s.
* Required
License
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
Package config is a placeholder that allows us to pull in config files via go mod vendor.
|
Package config is a placeholder that allows us to pull in config files via go mod vendor. |
|
pkg
|
|
|
test
|
|
Click to show internal directories.
Click to hide internal directories.