This is the multi-page printable view of this section. Click here to print.
Networking
1 - Switch to another Kubernetes Gateway
You can switch to any gateway implementations that support Kubernetes Gateway API such as Contour, Istio, Apache APISIX, Envoy Gateway (in the future) and more in an easier and vendor-neutral way.
For example, you can choose to use Istio as the underlying Kubernetes Gateway like this:
- Install OpenFunction without
Contour:
helm install openfunction --set global.Contour.enabled=false openfunction/openfunction -n openfunction
- Install
Istioand then enable its Knative integration:
kubectl apply -l knative.dev/crd-install=true -f https://github.com/knative/net-istio/releases/download/knative-v1.3.0/istio.yaml
kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v1.3.0/istio.yaml
kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v1.3.0/net-istio.yaml
- Create a
GatewayClassnamedistio:
kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
name: istio
spec:
controllerName: istio.io/gateway-controller
description: The default Istio GatewayClass
EOF
- Create an
OpenFunction Gateway:
kubectl apply -f - <<EOF
apiVersion: networking.openfunction.io/v1alpha1
kind: Gateway
metadata:
name: custom-gateway
namespace: openfunction
spec:
domain: ofn.io
clusterDomain: cluster.local
hostTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}"
pathTemplate: "{{.Namespace}}/{{.Name}}"
gatewayDef:
namespace: openfunction
gatewayClassName: istio
gatewaySpec:
listeners:
- name: ofn-http-external
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: All
EOF
- Reference the custom
OpenFunction Gateway(Istio) in thegatewayReffield of aFunction:
kubectl apply -f - <<EOF
apiVersion: core.openfunction.io/v1beta2
kind: Function
metadata:
name: function-sample
spec:
version: "v1.0.0"
image: "openfunctiondev/v1beta1-http:latest"
serving:
template:
containers:
- name: function
imagePullPolicy: Always
triggers:
http:
route:
gatewayRef:
name: custom-gateway
namespace: openfunction
EOF
2 - Configure Local Domain
Configure Local Domain
By configuring the local domain, you can access functions from within a Kubernetes cluster through the function’s external address.
Configure CoreDNS based on Gateway.spec.domain
Assume you have a Gateway that defines this domain: *.ofn.io, you need to update CoreDNS configuration via following commands:
- Edit the
corednsconfigmap:
kubectl -n kube-system edit cm coredns -o yaml
- Add
rewrite stop name regex .*\.ofn\.io gateway.openfunction.svc.cluster.localto the configuration file in the.:53section, e.g:
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
rewrite stop name regex .*\.ofn\.io gateway.openfunction.svc.cluster.local
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
...
Configure nodelocaldns based on Gateway.spec.domain
If you are also using nodelocaldns like Kubesphere, you need to update nodelocaldns configuration by the following commands:
- Edit the
nodelocaldnsconfigmap:
kubectl -n kube-system edit cm nodelocaldns -o yaml
- Add
ofn.io:53section to the configuration file, e.g:
apiVersion: v1
data:
Corefile: |
ofn.io:53 {
errors
cache {
success 9984 30
denial 9984 5
}
reload
loop
bind 169.254.25.10
forward . 10.233.0.3 {
force_tcp
}
prometheus :9253
}
cluster.local:53 {
errors
cache {
success 9984 30
denial 9984 5
}
reload
loop
bind 169.254.25.10
forward . 10.233.0.3 {
force_tcp
}
prometheus :9253
health 169.254.25.10:9254
}
.:53 {
errors
cache 30
reload
loop
bind 169.254.25.10
forward . /etc/resolv.conf
prometheus :9253
}
...