红帽全球峰会This documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.第 12 章 Networking
12.1. Using Service Mesh with OpenShift Serverless
Using Service Mesh with OpenShift Serverless enables developers to configure additional networking and routing options that are not supported when using OpenShift Serverless with the default Kourier implementation. These options include setting custom domains, using TLS certificates, and using JSON Web Token authentication.
Prerequisites
- Install the OpenShift Serverless Operator and Knative Serving.
- Install Red Hat OpenShift Service Mesh.
Procedure
Add the
defaultnamespace to the ServiceMeshMemberRoll as a member:Copy to Clipboard Copied! Toggle word wrap Toggle overflow 重要Adding sidecar injection to Pods in system namespaces such as
knative-servingandknative-serving-ingressis not supported.Create a network policy that permits traffic flow from Knative system pods to Knative services:
Add the
serving.knative.openshift.io/system-namespace=truelabel to theknative-servingnamespace:oc label namespace knative-serving serving.knative.openshift.io/system-namespace=true
$ oc label namespace knative-serving serving.knative.openshift.io/system-namespace=trueCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add the
serving.knative.openshift.io/system-namespace=truelabel to theknative-serving-ingressnamespace:oc label namespace knative-serving-ingress serving.knative.openshift.io/system-namespace=true
$ oc label namespace knative-serving-ingress serving.knative.openshift.io/system-namespace=trueCopy to Clipboard Copied! Toggle word wrap Toggle overflow Copy the following
NetworkPolicyresource into a YAML file:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Apply the
NetworkPolicyresource:oc apply -f <filename>
$ oc apply -f <filename>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
12.1.1. Enabling sidecar injection for a Knative service
You can add an annotation to the Service resource YAML file to enable sidecar injection for a Knative service.
Procedure
Add the
sidecar.istio.io/inject="true"annotation to theServiceresource:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - 1
- Add the
sidecar.istio.io/inject="true"annotation.
Apply the
Serviceresource YAML file:oc apply -f <filename>
$ oc apply -f <filename>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
12.1.2. Additional resources
- For more information about Red Hat OpenShift Service Mesh, see Red Hat OpenShift Service Mesh architecture.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}