1 - 网络
1.1 - 切换到其他 Kubernetes Gateway 实现
您可以以更简单、厂商中立的方式切换到任何支持 Kubernetes Gateway API 的 网关实现,如 Contour、Istio、Apache APISIX、Envoy Gateway(未来)等。
例如,您可以选择使用 Istio 作为底层的 Kubernetes Gateway,如下所示:
- 安装 OpenFunction,但不包括
Contour:
helm install openfunction --set global.Contour.enabled=false openfunction/openfunction -n openfunction
- 安装
Istio,然后启用其 Knative 集成:
kubectl apply -l knative.dev/crd-install=true -f https://github.com/knative/net-istio/releases/download/knative-v1.3.0/istio.yaml
kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v1.3.0/istio.yaml
kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v1.3.0/net-istio.yaml
- 创建一个名为
istio的GatewayClass:
kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
name: istio
spec:
controllerName: istio.io/gateway-controller
description: The default Istio GatewayClass
EOF
- 创建一个
OpenFunction Gateway:
kubectl apply -f - <<EOF
apiVersion: networking.openfunction.io/v1alpha1
kind: Gateway
metadata:
name: custom-gateway
namespace: openfunction
spec:
domain: ofn.io
clusterDomain: cluster.local
hostTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}"
pathTemplate: "{{.Namespace}}/{{.Name}}"
gatewayDef:
namespace: openfunction
gatewayClassName: istio
gatewaySpec:
listeners:
- name: ofn-http-external
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: All
EOF
- 在
Function的gatewayRef字段中引用自定义的OpenFunction Gateway(Istio):
kubectl apply -f - <<EOF
apiVersion: core.openfunction.io/v1beta2
kind: Function
metadata:
name: function-sample
spec:
version: "v1.0.0"
image: "openfunctiondev/v1beta1-http:latest"
serving:
template:
containers:
- name: function
imagePullPolicy: Always
triggers:
http:
route:
gatewayRef:
name: custom-gateway
namespace: openfunction
EOF
1.2 - 配置本地域名
配置本地域名
通过配置本地域名,您可以通过函数的外部地址从 Kubernetes 集群内部访问函数。
基于 Gateway.spec.domain 配置 CoreDNS
假设您有一个定义了此 domain:*.ofn.io 的 Gateway,您需要通过以下命令更新 CoreDNS 配置:
- 编辑
coredns配置映射:
kubectl -n kube-system edit cm coredns -o yaml
- 在
.:53部分的配置文件中添加rewrite stop name regex .*\.ofn\.io gateway.openfunction.svc.cluster.local,例如:
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
rewrite stop name regex .*\.ofn\.io gateway.openfunction.svc.cluster.local
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
...
基于 Gateway.spec.domain 配置 nodelocaldns
如果您也在使用 nodelocaldns,如 Kubesphere,您需要通过以下命令更新 nodelocaldns 配置:
- 编辑
nodelocaldns配置映射:
kubectl -n kube-system edit cm nodelocaldns -o yaml
- 在配置文件中添加
ofn.io:53部分,例如:
apiVersion: v1
data:
Corefile: |
ofn.io:53 {
errors
cache {
success 9984 30
denial 9984 5
}
reload
loop
bind 169.254.25.10
forward . 10.233.0.3 {
force_tcp
}
prometheus :9253
}
cluster.local:53 {
errors
cache {
success 9984 30
denial 9984 5
}
reload
loop
bind 169.254.25.10
forward . 10.233.0.3 {
force_tcp
}
prometheus :9253
health 169.254.25.10:9254
}
.:53 {
errors
cache 30
reload
loop
bind 169.254.25.10
forward . /etc/resolv.conf
prometheus :9253
}
...