Conversation
knative-prow
bot
added
the
size/XXL
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: kahirokunn The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
![knative-prow[bot]](https://avatars.githubusercontent.com/in/183726?s=60&v=4){kind=small}
There was a problem hiding this comment.
@kahirokunn: 0 warnings.
Details
In response to this:
/lint
Fixes #1285
Proposed Changes
- Add Gateway API (
net-gateway-api) as a new ingress provider option.Usage
apiVersion: operator.knative.dev/v1beta1 kind: KnativeServing metadata: name: knative-serving namespace: knative-serving spec: ingress: gateway-api: enabled: trueThe
config-gatewayConfigMap can be customized viaspec.config["config-gateway"]to configure external/local gateways for your environment.End-to-End Walkthrough: Envoy Gateway Integration
Below is a complete guide to running Knative Services using this PR's net-gateway-api support with Envoy Gateway as the Gateway API implementation.
Prerequisites
- kind
- kubectl
- helm
- cloud-provider-kind (for LoadBalancer support)
go install sigs.k8s.io/cloud-provider-kind@latest1. Create a kind Cluster
kind create cluster2. Install Envoy Gateway
Install Envoy Gateway via Helm. We use
GatewayNamespacemode so that Envoy is deployed in a separate namespace for each Gateway.cat <<'EOF' > /tmp/values-eg.yaml config: envoyGateway: provider: type: Kubernetes kubernetes: deploy: type: GatewayNamespace EOF export ENVOY_GATEWAY_VERSION=v1.7.0 helm install eg oci://docker.io/envoyproxy/gateway-helm \ --version $ENVOY_GATEWAY_VERSION \ -n envoy-gateway-system --create-namespace \ -f /tmp/values-eg.yamlAfter installing Envoy Gateway, start cloud-provider-kind in a separate terminal:
sudo cloud-provider-kind3. Create Gateway API Resources
Create GatewayClass and Gateway resources for both external traffic and internal (cluster-local) traffic.
External
cat <<'EOF' | kubectl apply -f - apiVersion: v1 kind: Namespace metadata: name: eg-external --- apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: name: knative-external-config namespace: envoy-gateway-system spec: provider: type: Kubernetes kubernetes: envoyService: name: knative-external --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: eg-external spec: controllerName: gateway.envoyproxy.io/gatewayclass-controller parametersRef: group: gateway.envoyproxy.io kind: EnvoyProxy name: knative-external-config namespace: envoy-gateway-system --- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: eg-external namespace: eg-external spec: gatewayClassName: eg-external listeners: - name: http port: 80 protocol: HTTP allowedRoutes: namespaces: from: All - name: tls port: 443 protocol: TLS tls: mode: Passthrough allowedRoutes: namespaces: from: All EOFInternal
The internal Gateway uses the
ClusterIPservice type, so it is not accessible from outside the cluster.cat <<'EOF' | kubectl apply -f - apiVersion: v1 kind: Namespace metadata: name: eg-internal --- apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: name: knative-internal-config namespace: envoy-gateway-system spec: provider: type: Kubernetes kubernetes: envoyService: type: ClusterIP name: knative-internal --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: eg-internal spec: controllerName: gateway.envoyproxy.io/gatewayclass-controller parametersRef: group: gateway.envoyproxy.io kind: EnvoyProxy name: knative-internal-config namespace: envoy-gateway-system --- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: eg-internal namespace: eg-internal spec: gatewayClassName: eg-internal listeners: - name: http port: 80 protocol: HTTP allowedRoutes: namespaces: from: All EOF4. Build and Install the Knative Operator
Build and deploy the Operator locally, including the changes from this PR.
cd /path/to/knative/operator export KO_DOCKER_REPO=kind.local ko apply -f config/5. Apply the KnativeServing CR
This is where the Operator really shines. A single CR lets you declaratively manage the Knative Serving installation, enable Gateway API, and configure config-gateway, config-network, and config-domain all in one place.
apiVersion: operator.knative.dev/v1beta1 kind: KnativeServing metadata: name: knative-serving namespace: knative-serving spec: ingress: gateway-api: enabled: true config: config-gateway: external-gateways: | - class: eg-external gateway: eg-external/eg-external service: eg-external/knative-external supported-features: - HTTPRouteRequestTimeout local-gateways: | - class: eg-internal gateway: eg-internal/eg-internal service: eg-internal/knative-internal supported-features: - HTTPRouteRequestTimeout network: ingress.class: gateway-api.ingress.networking.knative.dev domain: example.com: ""6. Deploy a Sample Application
cat <<'EOF' | kubectl apply -f - apiVersion: serving.knative.dev/v1 kind: Service metadata: name: helloworld-go spec: template: spec: containers: - image: gcr.io/knative-samples/helloworld-go env: - name: TARGET value: Go Sample v1 EOF7. Verify It Works
Get the LoadBalancer IP of the external Gateway and send a request:
export LB_IP=$(kubectl -n eg-external get svc knative-external \ -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo "$LB_IP helloworld-go.default.example.com" | sudo tee -a /etc/hosts curl http://helloworld-go.default.example.comHello Go Sample v1!Release Note
Add support for Gateway API (net-gateway-api) as an ingress provider. Users can enable it by setting `spec.ingress.gateway-api.enabled: true` in the KnativeServing CR.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2251 +/- ##
==========================================
+ Coverage 63.45% 63.58% +0.13%
==========================================
Files 49 50 +1
Lines 1899 1906 +7
==========================================
+ Hits 1205 1212 +7
Misses 600 600
Partials 94 94 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
kahirokunn
force-pushed
the
add-gateway-api-ingress-support
branch
2 times, most recently
from
c25d418 to
ec92622
Compare
|
I also prepared a walkthrough for a Shared Gateway pattern (single Gateway for both external and cluster-local traffic) as a simpler alternative. If it's helpful, feel free to reference it. 1. Create a kind Clusterkind create cluster2. Install Envoy GatewayInstall Envoy Gateway via Helm. We use cat <<'EOF' > /tmp/values-eg.yaml
config:
envoyGateway:
provider:
type: Kubernetes
kubernetes:
deploy:
type: GatewayNamespace
EOF
export ENVOY_GATEWAY_VERSION=v1.7.0
helm upgrade --install eg oci://docker.io/envoyproxy/gateway-helm \
--version $ENVOY_GATEWAY_VERSION \
-n envoy-gateway-system --create-namespace \
-f /tmp/values-eg.yamlAfter installing Envoy Gateway, start cloud-provider-kind in a separate terminal: sudo cloud-provider-kind3. Create Gateway API ResourcesCreate a single set of GatewayClass and Gateway resources that handle both external and cluster-local traffic. cat <<'EOF' | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: eg
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
name: envoy-gateway-config
namespace: envoy-gateway-system
spec:
provider:
type: Kubernetes
kubernetes:
envoyService:
name: eg
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: envoy-gateway
spec:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
parametersRef:
group: gateway.envoyproxy.io
kind: EnvoyProxy
name: envoy-gateway-config
namespace: envoy-gateway-system
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: eg
namespace: eg
spec:
gatewayClassName: envoy-gateway
listeners:
- name: http
port: 80
protocol: HTTP
allowedRoutes:
namespaces:
from: All
- name: tls
port: 443
protocol: TLS
tls:
mode: Passthrough
allowedRoutes:
namespaces:
from: All
EOF
4. Build and Install the Knative OperatorBuild and deploy the Operator locally, including the changes from this PR. cd /path/to/knative/operator
export KO_DOCKER_REPO=kind.local
ko apply -f config/5. Apply the KnativeServing CRA single CR lets you declaratively manage the Knative Serving installation, enable Gateway API, and configure config-gateway, config-network, and config-domain all in one place. kubectl create ns knative-serving
cat <<'EOF' | kubectl apply -f -
apiVersion: operator.knative.dev/v1beta1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
ingress:
gateway-api:
enabled: true
config:
config-gateway:
external-gateways: |
- class: envoy-gateway
gateway: eg/eg
service: eg/eg
supported-features:
- HTTPRouteRequestTimeout
local-gateways: |
- class: envoy-gateway
gateway: eg/eg
service: eg/eg
supported-features:
- HTTPRouteRequestTimeout
network:
ingress.class: gateway-api.ingress.networking.knative.dev
domain:
example.com: ""
EOF6. Deploy a Sample Applicationcat <<'EOF' | kubectl apply -f -
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
spec:
template:
spec:
containers:
- image: gcr.io/knative-samples/helloworld-go
env:
- name: TARGET
value: Go Sample v1
EOF7. Verify It WorksGet the LoadBalancer IP of the Gateway and send a request: export LB_IP=$(kubectl -n eg get svc eg \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "$LB_IP helloworld-go.default.example.com" | sudo tee -a /etc/hosts
curl http://helloworld-go.default.example.comYou can also verify from inside the cluster using a curl container: kubectl run curl --rm -it --image=curlimages/curl --restart=Never -- \
curl -H "Host: helloworld-go.default.example.com" http://eg.eg.svc.cluster.local |
Signed-off-by: kahirokunn <okinakahiro@gmail.com>
kahirokunn
force-pushed
the
add-gateway-api-ingress-support
branch
from
ec92622 to
18f5aaa
Compare
|
/assign @dprotaso @houshengbo |
3 participants
/lint
Fixes #1285
Proposed Changes
net-gateway-api) as a new ingress provider option.Usage
The
config-gatewayConfigMap can be customized viaspec.config["config-gateway"]to configure external/local gateways for your environment.End-to-End Walkthrough: Envoy Gateway Integration
Below is a complete guide to running Knative Services using this PR's net-gateway-api support with Envoy Gateway as the Gateway API implementation.
Prerequisites
1. Create a kind Cluster
2. Install Envoy Gateway
Install Envoy Gateway via Helm. We use
GatewayNamespacemode so that Envoy is deployed in a separate namespace for each Gateway.After installing Envoy Gateway, start cloud-provider-kind in a separate terminal:
3. Create Gateway API Resources
Create GatewayClass and Gateway resources for both external traffic and internal (cluster-local) traffic.
External
Internal
The internal Gateway uses the
ClusterIPservice type, so it is not accessible from outside the cluster.4. Build and Install the Knative Operator
Build and deploy the Operator locally, including the changes from this PR.
5. Apply the KnativeServing CR
This is where the Operator really shines. A single CR lets you declaratively manage the Knative Serving installation, enable Gateway API, and configure config-gateway, config-network, and config-domain all in one place.
6. Deploy a Sample Application
7. Verify It Works
Get the LoadBalancer IP of the external Gateway and send a request:
Release Note
Manual testing
It is functioning normally when verified locally.