All Products
Search
Document Center

Container Service for Kubernetes:Use the Kourier gateway in Knative

Last Updated:Nov 19, 2024

The Kourier gateway is a lightweight gateway that is based on the Envoy project and is an open-source gateway provided by the Knative community. You can use the Kourier gateway to distribute traffic across Knative revisions and configure gRPC services, timeouts and retries, Transport Layer Security (TLS) certificates, and external authorization services.

Prerequisites

Knative is deployed in your cluster. For more information, see Deploy Knative.

Step 1: Deploy a Kourier gateway

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose Applications > Knative.

  3. In the Add-on Component section of the Components tab, find Kourier and click Deploy in the Actions column. In the message that appears, click Confirm.

    If the Status column of the Kourier component displays Deployed, the component is deployed.

Step 2: Use the Kourier gateway to access a Service

In this section, a Knative Service named helloworld-go is created to show how to use the Kourier gateway to access a Knative Service over HTTP or HTTPS.

Use the Kourier gateway to access a Knative Service over HTTP

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose Applications > Knative.

  3. On the Services tab of the Knative page, set Namespace to default, click Create from Template, copy the following YAML content to the template editor, and then click Create.

    The template creates a Service named helloworld-go.

    apiVersion: serving.knative.dev/v1
    kind: Service
    metadata:
      name: helloworld-go
    spec:
      template:
        spec:
          containers:
          - image: registry.cn-hangzhou.aliyuncs.com/knative-sample/helloworld-go:73fbdd56
            env:
            - name: TARGET
              value: "Knative"

    If the Status column of the Service displays Created, the Service is deployed.

  4. On the Services page, record the domain name and gateway IP address of the helloworld-go Service in the Default Domain and Gateway columns, respectively.

  5. Run the following command to access the Service named helloworld-go:

    curl -H "host: helloworld-go.default.example.com" http://8.141.XX.XX # Specify the actual gateway IP address and domain name that you obtained.

    Expected output:

    Hello Knative!

    The output indicates that the Knative Service can be accessed over HTTP.

Use the Kourier gateway to access the Knative Service over HTTPS

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose Applications > Knative.

  3. On the Services tab of the Knative page, set Namespace to default, click Create from Template, copy the following YAML content to the template editor, and then click Create.

    The template creates a Service named helloworld-go.

    apiVersion: serving.knative.dev/v1
    kind: Service
    metadata:
      name: helloworld-go
    spec:
      template:
        spec:
          containers:
          - image: registry.cn-hangzhou.aliyuncs.com/knative-sample/helloworld-go:73fbdd56
            env:
            - name: TARGET
              value: "Knative"

    If the Status column of the Service displays Created, the Service is deployed.

  4. Create a certificate.

    1. Run the following command to generate a TLS certificate:

      openssl genrsa -out tls.key 4096
      openssl req -subj "/CN=*.example.com/L=*.example.com" -sha256  -new -key tls.key -out tls.csr
      echo subjectAltName = DNS:helloworld-go.default.example.com,DNS:helloworld-go.default.example.cn > extfile.cnf
      openssl x509 -req -days 3650 -sha256 -in tls.csr -signkey tls.key -out tls.crt -extfile extfile.cnf
    2. Run the following command to create a Secret in the cluster based on the TLS certificate that you generated:

      kubectl -n knative-serving create secret tls kourier-cert --key tls.key --cert tls.crt
  5. Run the following command to check whether a Deployment named net-kourier-controller exists in the knative-serving namespace:

    kubectl get deployments -n knative-serving
  6. Run the following command to configure the certificate:

    kubectl -n knative-serving edit deployment net-kourier-controller

    On the net-kourier-controller configuration page, specify the following parameters:

    • CERTS_SECRET_NAMESPACE: Set the value to the namespace to which the Secret that you created belongs.

    • CERTS_SECRET_NAME: Set the value to the name of the Secret that you created.

    ...
       spec:
          containers:
          - env:
            - name: CERTS_SECRET_NAMESPACE
              value: knative-serving 
            - name: CERTS_SECRET_NAME
              value: kourier-cert
    ...

    After the configuration is complete, run the following command to check the status of net-kourier-controller:

    kubectl -n knative-serving get po

    Expected output:

    NAME                               READY   STATUS    RESTARTS   AGE
    net-kourier-controller-******   1/1     Running   0          10s
  7. Run the following command to access the Knative Service over HTTPS:

    curl -H "host: helloworld-go.default.example.com" -k --cert tls.crt --key tls.key //8.141.XX.XX # Specify the actual gateway IP address and domain name that you obtained.

    Expected output:

    Hello Knative!

    The output indicates that the Knative Service can be accessed over HTTPS.

(Optional) Step 3: View the Knative monitoring dashboard

Knative provides out-of-the-box monitoring features. On the Knative page, click the Monitoring Dashboards tab to view the monitoring data of the specified Service. For more information about how to enable the Knative monitoring dashboard, see View the Knative monitoring dashboard.

References