Kourier

Kourier is an Ingress for Knative Serving. Kourier is a lightweight alternative for the Istio ingress as its deployment consists only of an Envoy proxy and a control plane for it.

Kourier is passing the knative serving e2e and conformance tests: Kourier Testgrid.

Getting started
Features
Development
License

Getting started

Install Knative Serving, ideally without Istio:

kubectl apply -f https://github.com/knative/serving/releases/download/v0.14.0/serving-crds.yaml
kubectl apply -f https://github.com/knative/serving/releases/download/v0.14.0/serving-core.yaml

Then install Kourier:

kubectl apply -f https://github.com/knative/net-kourier/releases/download/v0.14.0/kourier.yaml

Configure Knative Serving to use the proper "ingress.class":

kubectl patch configmap/config-network \
  -n knative-serving \
  --type merge \
  -p '{"data":{"ingress.class":"kourier.ingress.networking.knative.dev"}}'

(OPTIONAL) Set your desired domain (replace 127.0.0.1.nip.io to your prefered domain):

 kubectl patch configmap/config-domain \
  -n knative-serving \
  --type merge \
  -p '{"data":{"127.0.0.1.nip.io":""}}'

(OPTIONAL) Deploy a sample hello world app:

kubectl apply -f ./samples/helloworld-go.yaml

(OPTIONAL) For testing purposes, you can use port-forwarding to make requests to Kourier from your machine:

kubectl port-forward --namespace kourier-system $(kubectl get pod -n kourier-system -l "app=3scale-kourier-gateway" --output=jsonpath="{.items[0].metadata.name}") 8080:8080 19000:19000 8443:8443

curl -v -H "Host: helloworld-go.default.127.0.0.1.nip.io" http://localhost:8080

Features

Traffic splitting between Knative revisions.
Automatic update of endpoints as they are scaled.
Support for gRPC services.
Timeouts and retries.
TLS
External Authorization support.

Setup TLS certificate

Create a secret containing your TLS certificate and Private key:

kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}

Add the following env vars to 3scale-Kourier in the "kourier" container :

CERTS_SECRET_NAMESPACE: ${NAMESPACES_WHERE_THE_SECRET_HAS_BEEN_CREATED}
CERTS_SECRET_NAME: ${CERT_NAME}

External Authorization Configuration

If you want to enable the external authorization support you can set these ENV vars in the 3scale-kourier-control deployment:

KOURIER_EXTAUTHZ_HOST*: The external authorization service and port, my-auth:2222
KOURIER_EXTAUTHZ_FAILUREMODEALLOW*: Allow traffic to go through if the ext auth service is down. Accepts true/false
KOURIER_EXTAUTHZ_MAXREQUESTBYTES: Max request bytes, if not set, defaults to 8192 Bytes. More info Envoy Docs
KOURIER_EXTAUTHZ_TIMEOUT: Max time in ms to wait for the ext authz service. Defaults to 2s.

* Required

Development

Run the test suite:

make test

Run only the unit or the integration tests:

make test-unit
make test-integration

Set up a local environment with Knative running on top of k3s:

make local-setup

Run make help for the complete list of make targets available.

License

Apache 2.0 License

laashub-soa / net-kourier Goto Github PK

net-kourier's Introduction

Kourier

Getting started

Features

Setup TLS certificate

External Authorization Configuration

Development

License

net-kourier's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent