By Xining Wang
Serverless and Service Mesh are two popular cloud-native technologies from which customers are exploring how to create more value. As we delve into these solutions with our customers, the problem often arises in the intersection between these two popular technologies and how they complement each other. Can we leverage Service Mesh to protect, observe, and release the Knative serverless applications?
This article attempts to explain how to support Knative-based serverless containers on a managed service mesh technology platform. It also supports traffic pattern-based auto-scaling capabilities, which can be replaced by managed service mesh to simplify the complexity of maintaining the underlying infrastructure for users, so that users can easily build their serverless platforms.
Before we begin, you should already have Alibaba Cloud Service Mesh and Container Service for Kubernetes services activated on your console.
• Create an Alibaba Cloud Service Mesh (ASM) instance whose Istio version is 1.12.4.50 or later. You can refer to this guide to get started with Service Mesh.
• Create a Container Service for Kubernetes (ACK) cluster. You can refer to this guide to get started with ACK.
• Add an ACK cluster to an ASM instance.
• ASM enables data plane KubeAPI access.
The following table describes the installation files included in Knative Serving:
| File | Description | Dependency Object |
| serving-crds.yaml | Required: Knative Serving Core CRD | none |
| serving-core.yaml | Required: Knative Serving core components | serving-crds.yaml |
In addition, Knative CLI (kn) provides a fast and simple plugin for creating Knative resources, such as Knative services and event sources. You do not need to directly create or modify YAML files. You can refer to this link for details on the installation.
1. Install the required custom resources by running the following command:
kubectl apply -f
https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/knative/v0.26/serving-crds.yaml2. Install the core components of Knative Serving by running the following command:
kubectl apply -f https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/knative/v0.26/serving-core.yamlIn managed mode, Alibaba Cloud Service Mesh (ASM) and Container Service for Kubernetes managed by ArgoCD are not in the same cluster environment. You need to enable the KubeAPI access capability of ASM to access the Istio resources in the ASM cluster just like the resources in the ACK cluster. In the ASM console, you can enable this capability by referring to this documentation
Install the Knative Istio controller by running the following command:
kubectl apply -f https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/knative/v0.26/net-istio.yamlObtain the external IP address by running the following command:
kubectl --namespace istio-system get service istio-ingressgatewaySave it for use in the Configuring DNS section below.
Monitor the Knative component until all components show a STATUSofRunning or Completed. You can do this by running the following command and checking the output:
kubectl get pods -n knative-servingSample output:
NAME READY STATUS RESTARTS AGE
activator-558bf66d75-svbgz 1/1 Running 0 94m
autoscaler-6fcd9d475-5kgmw 1/1 Running 0 94m
controller-5f98898db-d5zh4 1/1 Running 0 94m
domain-mapping-67d655f47d-wrzz7 1/1 Running 0 94m
domainmapping-webhook-9f59bb774-z792g 1/1 Running 0 94m
net-istio-controller-846c69dbb-qnchg 1/1 Running 0 94m
net-istio-webhook-86cf98b497-vmdqn 1/1 Running 0 94m
webhook-777c5d4548-6tzj6 1/1 Running 0 94m1. Deploy a Knative service. This service accepts the environment variable TARGET and prints Hello ${TARGET}!. Copy the following YAML to a file named hello.yaml:
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
spec:
template:
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/acs/helloworld-go:160e4dc8
ports:
- containerPort: 8080
env:
- name: TARGET
value: "World"2. Deploy the Knative service by running the following command:
kubectl apply -f hello.yaml3. View the Knative service list by running the following command:
If your curl is used to access the sample application or your Knative application and cannot use the "Magic DNS (sslip.io)" or "Real DNS" methods, there is a temporary method.
After starting the application, get the URL of the application:
kubectl get ksvcThe output should be similar to:
NAME URL LATESTCREATED LATESTREADY READY REASON
helloworld-go http://helloworld-go.default.example.com helloworld-go-00001 helloworld-go-00001 TrueSpecify the external IP address that the curl connects to the previously mentioned ingress gateway, and specify the host name of the Knative application using the -H "Host:" command line option. For example, if the Network Layer defines your external IP and port as http://39.97.65.87:80, and you want to access helloworld-go of the applications mentioned earlier, use:
curl -H "Host: helloworld-go.default.example.com" http://39.97.65.87:80For the helloworld-go sample application provided, the default configuration is used, and the output is:
Hello World!One of the powerful features of Knative Serving is the built-in auto-scaling, also known as auto-scaling. This means that your Knative service only starts your application to perform its work when needed (in this case, say "Hello world!"). Otherwise, it will scale to zero by rotating down and waiting for new requests to enter.
Re-run the above curl command to access the sample application. Now observe the pods to see how they scale to zero after traffic stops flowing to the URL. The output should be similar to:
kubectl get pod -l serving.knative.dev/service=helloworld-go -w
NAME READY STATUS RESTARTS AGE
helloworld-go-00001-deployment-6f8dfb548-nwfqc 3/3 Running 0 39s
helloworld-go-00001-deployment-6f8dfb548-nwfqc 3/3 Terminating 0 65s
helloworld-go-00001-deployment-6f8dfb548-nwfqc 0/3 Terminating 0 102s
helloworld-go-00001-deployment-6f8dfb548-nwfqc 0/3 Terminating 0 102s
helloworld-go-00001-deployment-6f8dfb548-nwfqc 0/3 Terminating 0 102sEach time you change the configuration of the Knative service, a new revision is created. When splitting traffic, Knative splits traffic between different versions of your Knative service.
Edit an existing hello.yaml file to include the following:
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
spec:
template:
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/acs/helloworld-go:160e4dc8
ports:
- containerPort: 8080
env:
- name: TARGET
value: "Knative"Deploy the updated version of the Knative service by running the following command:
kubectl apply -f hello.yamlPlease note that since we are updating the existing Knative Service hello, the URL will not change, but our new revision has the new name hello-00002.
Specify curl to connect to the external IP address of the previously mentioned ingress gateway and use the-H "Host:" command line option to specify the host name of the Knative application. For example, if the Network Layer defines your external IP and port as http://39.97.65.87:80, and you want to access helloworld-go of the applications mentioned earlier, use:
curl -H "Host: helloworld-go.default.example.com" http://39.97.65.87:80For the helloworld-go sample application provided, the default configuration is used, and the output is:
Hello World!View the revision list by running the following command:
kubectl get revisionsThe output should be similar to:
NAME CONFIG NAME K8S SERVICE NAME GENERATION READY REASON ACTUAL REPLICAS DESIRED REPLICAS
helloworld-go-00001 helloworld-go 1 True 0 0
helloworld-go-00002 helloworld-go 2 True 0 0Let's split the traffic between the two revisions and add the section to the bottom of the existing file traffic:
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
spec:
template:
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/acs/helloworld-go:160e4dc8
ports:
- containerPort: 8080
env:
- name: TARGET
value: "Knative"
traffic:
- latestRevision: true
percent: 50
- latestRevision: false
percent: 50
revisionName: hello-00001Apply YAML by running the following command:
kubectl apply -f hello.yamlTo verify that traffic splitting has been configured correctly, list the revisions again by running the following command:
kn revisions listThe output should be similar to:
NAME SERVICE TRAFFIC TAGS GENERATION AGE CONDITIONS READY REASON
helloworld-go-00002 helloworld-go 50% 2 59s 4 OK / 4 True
helloworld-go-00001 helloworld-go 50% 1 2m58s 4 OK / 4 TrueAccess the Knative service multiple times in a browser to view the different output provided by each revision. For example, the service URL can be accessed multiple times from a terminal to view the traffic split between revisions.
The output should be similar to:
Hello Knative!
Hello World!
Hello Knative!
Hello World!As the industry's first fully managed Istio-compatible service mesh, Alibaba Cloud Service Mesh (ASM) has maintained consistency with the community and industry trends from the beginning of the architecture. The components of the control plane are hosted on the Alibaba Cloud side and are independent of the user clusters on the data side. ASM is customized and implemented based on community Istio. They provide component capabilities for supporting refined traffic management and security management on the managed control surface side. The managed mode decouples the lifecycle management of Istio components from the managed K8s clusters, making the architecture more flexible and improving system scalability.
Through the preceding content, it can be seen that a managed service mesh technology platform supports Knative-based serverless containers. It can simplify the complexity of maintaining the underlying infrastructure and allow users to easily build their own Serverless platforms.
Serverless Application Programming Model in Cloud-Native Scenarios
The Definition of the New Service Mesh-Driven Scenario: AI Model Services - Model Mesh
166 posts | 30 followers
FollowAlibaba Cloud Native Community - July 6, 2022
Alibaba Cloud Native - November 3, 2022
Alibaba Clouder - July 31, 2018
Alibaba Container Service - September 14, 2022
Alibaba Clouder - May 18, 2021
Alibaba Clouder - August 25, 2020
166 posts | 30 followers
Follow
Serverless Workflow
Visualization, O&M-free orchestration, and Coordination of Stateful Application Scenarios
Learn More
Auto Scaling
Auto Scaling automatically adjusts computing resources based on your business cycle
Learn More
Serverless Application Engine
Serverless Application Engine (SAE) is the world's first application-oriented serverless PaaS, providing a cost-effective and highly efficient one-stop application hosting solution.
Learn More
Function Compute
Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.
Learn MoreMore Posts by Alibaba Container Service