4.8. 配置 Kourier

Kourier 是 Knative Serving 的轻量级 Kubernetes 原生 Ingress。Kourier 作为 Knative 的网关，将 HTTP 流量路由到 Knative 服务。

4.8.1. 访问当前的 Envoy bootstrap 配置
复制链接

Kourier 中的 Envoy 代理组件处理 Knative 服务的入站和出站 HTTP 流量。默认情况下，Kourier 在 knative-serving-ingress 命名空间中的 kourier-bootstrap 配置映射中包含 Envoy bootstrap 配置。

流程

要获取当前的 Envoy bootstrap 配置，请运行以下命令：

示例命令

oc get cm kourier-bootstrap -n knative-serving-ingress -o yaml

$ oc get cm kourier-bootstrap -n knative-serving-ingress -o yaml

Copy to Clipboard

Toggle word wrap

例如，在默认配置中，example 命令会生成包含以下摘录的输出：

输出示例

Name:         kourier-bootstrap
Namespace:    knative-serving-ingress
Labels:       app.kubernetes.io/component=net-kourier
              app.kubernetes.io/name=knative-serving
              app.kubernetes.io/version=release-v1.10
              networking.knative.dev/ingress-provider=kourier
              serving.knative.openshift.io/ownerName=knative-serving
              serving.knative.openshift.io/ownerNamespace=knative-serving
Annotations:  manifestival: new

Name:         kourier-bootstrap
Namespace:    knative-serving-ingress
Labels:       app.kubernetes.io/component=net-kourier
              app.kubernetes.io/name=knative-serving
              app.kubernetes.io/version=release-v1.10
              networking.knative.dev/ingress-provider=kourier
              serving.knative.openshift.io/ownerName=knative-serving
              serving.knative.openshift.io/ownerNamespace=knative-serving
Annotations:  manifestival: new

Copy to Clipboard

Toggle word wrap

数据 输出示例

dynamic_resources:
  ads_config:
    transport_api_version: V3
    api_type: GRPC
    rate_limit_settings: {}
    grpc_services:
    - envoy_grpc: {cluster_name: xds_cluster}
  cds_config:
    resource_api_version: V3
    ads: {}
  lds_config:
    resource_api_version: V3
    ads: {}
node:
  cluster: kourier-knative
  id: 3scale-kourier-gateway
static_resources:
  listeners:
    - name: stats_listener
      address:
        socket_address:
          address: 0.0.0.0
          port_value: 9000
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                stat_prefix: stats_server
                http_filters:
                  - name: envoy.filters.http.router
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
                route_config:
                  virtual_hosts:
                    - name: admin_interface
                      domains:
                        - "*"
                      routes:
                        - match:
                            safe_regex:
                              regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?'
                            headers:
                              - name: ':method'
                                string_match:
                                  exact: GET
                          route:
                            cluster: service_stats
  clusters:
    - name: service_stats
      connect_timeout: 0.250s
      type: static
      load_assignment:
        cluster_name: service_stats
        endpoints:
          lb_endpoints:
            endpoint:
              address:
                pipe:
                  path: /tmp/envoy.admin
    - name: xds_cluster
      # This keepalive is recommended by envoy docs.
      # https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol
      typed_extension_protocol_options:
        envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
          "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
          explicit_http_config:
            http2_protocol_options:
              connection_keepalive:
                interval: 30s
                timeout: 5s
      connect_timeout: 1s
      load_assignment:
        cluster_name: xds_cluster
        endpoints:
          lb_endpoints:
            endpoint:
              address:
                socket_address:
                  address: "net-kourier-controller.knative-serving-ingress.svc.cluster.local."
                  port_value: 18000
      type: STRICT_DNS
admin:
  access_log:
  - name: envoy.access_loggers.stdout
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
  address:
    pipe:
      path: /tmp/envoy.admin
layered_runtime:
  layers:
    - name: static-layer
      static_layer:
        envoy.reloadable_features.override_request_timeout_by_gateway_timeout: false

dynamic_resources:
  ads_config:
    transport_api_version: V3
    api_type: GRPC
    rate_limit_settings: {}
    grpc_services:
    - envoy_grpc: {cluster_name: xds_cluster}
  cds_config:
    resource_api_version: V3
    ads: {}
  lds_config:
    resource_api_version: V3
    ads: {}
node:
  cluster: kourier-knative
  id: 3scale-kourier-gateway
static_resources:
  listeners:
    - name: stats_listener
      address:
        socket_address:
          address: 0.0.0.0
          port_value: 9000
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                stat_prefix: stats_server
                http_filters:
                  - name: envoy.filters.http.router
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
                route_config:
                  virtual_hosts:
                    - name: admin_interface
                      domains:
                        - "*"
                      routes:
                        - match:
                            safe_regex:
                              regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?'
                            headers:
                              - name: ':method'
                                string_match:
                                  exact: GET
                          route:
                            cluster: service_stats
  clusters:
    - name: service_stats
      connect_timeout: 0.250s
      type: static
      load_assignment:
        cluster_name: service_stats
        endpoints:
          lb_endpoints:
            endpoint:
              address:
                pipe:
                  path: /tmp/envoy.admin
    - name: xds_cluster
      # This keepalive is recommended by envoy docs.
      # https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol
      typed_extension_protocol_options:
        envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
          "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
          explicit_http_config:
            http2_protocol_options:
              connection_keepalive:
                interval: 30s
                timeout: 5s
      connect_timeout: 1s
      load_assignment:
        cluster_name: xds_cluster
        endpoints:
          lb_endpoints:
            endpoint:
              address:
                socket_address:
                  address: "net-kourier-controller.knative-serving-ingress.svc.cluster.local."
                  port_value: 18000
      type: STRICT_DNS
admin:
  access_log:
  - name: envoy.access_loggers.stdout
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
  address:
    pipe:
      path: /tmp/envoy.admin
layered_runtime:
  layers:
    - name: static-layer
      static_layer:
        envoy.reloadable_features.override_request_timeout_by_gateway_timeout: false

Copy to Clipboard

Toggle word wrap

BinaryData 输出示例

Events:  <none>

Events:  <none>

Copy to Clipboard

Toggle word wrap

4.8.2. 为 Kourier getaways 自定义 kourier-bootstrap
复制链接

Kourier 中的 Envoy 代理组件处理 Knative 服务的入站和出站 HTTP 流量。默认情况下，Kourier 在 knative-serving-ingress 命名空间中的 kourier-bootstrap 配置映射中包含 Envoy bootstrap 配置。您可以将此配置映射更改为自定义映射。

先决条件

安装了 OpenShift Serverless Operator 和 Knative Serving。
在 OpenShift Container Platform 上具有集群管理员权限，或者具有 Red Hat OpenShift Service on AWS 或 OpenShift Dedicated 的集群或专用管理员权限。

流程

通过更改 KnativeServing 自定义资源(CR)中的 spec.ingress.kourier.bootstrap-configmap 字段来指定自定义 bootstrap 配置映射：

KnativeServing CR 示例

apiVersion: operator.knative.dev/v1beta1
kind: KnativeServing
metadata:
  name: knative-serving
  namespace: knative-serving
spec:
  config:
    network:
      ingress-class: kourier.ingress.networking.knative.dev
  ingress:
    kourier:
      bootstrap-configmap: my-configmap
      enabled: true
# ...

apiVersion: operator.knative.dev/v1beta1
kind: KnativeServing
metadata:
  name: knative-serving
  namespace: knative-serving
spec:
  config:
    network:
      ingress-class: kourier.ingress.networking.knative.dev
  ingress:
    kourier:
      bootstrap-configmap: my-configmap
      enabled: true
# ...

Copy to Clipboard

Toggle word wrap

4.8.3. 启用管理员接口访问权限
复制链接

您可以更改 envoy bootstrap 配置来启用对管理界面的访问。

重要

此流程假设足够了解 Knative，因为更改 envoy bootstrap 配置可能会导致 Knative 失败。红帽不支持在产品中没有测试或附带的自定义配置。

先决条件

安装了 OpenShift Serverless Operator 和 Knative Serving。
在 OpenShift Container Platform 上具有集群管理员权限，或者具有 Red Hat OpenShift Service on AWS 或 OpenShift Dedicated 的集群或专用管理员权限。

流程

要启用管理员接口访问权限，请在 bootstrap 配置映射中找到此配置：
```
pipe:
  path: /tmp/envoy.admin
```
```
pipe:
  path: /tmp/envoy.admin
```
Copy to Clipboard Toggle word wrap
使用以下配置替换它：
```
socket_address: 
  address: 127.0.0.1
  port_value: 9901
```
```
socket_address: 
```
1
```
  address: 127.0.0.1
  port_value: 9901
```
Copy to Clipboard Toggle word wrap
1
此配置支持访问 loopback 地址(127.0.0.1)和端口 9901 上的 Envoy admin 接口。

在 service_stats 集群配置和 admin 配置中应用 socket_address 配置：

第一个位于 service_stats 集群配置中：

clusters:
  - name: service_stats
    connect_timeout: 0.250s
    type: static
    load_assignment:
      cluster_name: service_stats
      endpoints:
        lb_endpoints:
          endpoint:
            address:
              socket_address:
                address: 127.0.0.1
                port_value: 9901

clusters:
  - name: service_stats
    connect_timeout: 0.250s
    type: static
    load_assignment:
      cluster_name: service_stats
      endpoints:
        lb_endpoints:
          endpoint:
            address:
              socket_address:
                address: 127.0.0.1
                port_value: 9901

Copy to Clipboard

Toggle word wrap

第二个位于 admin 配置中：

admin:
  access_log:
    - name: envoy.access_loggers.stdout
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
  address:
    socket_address:
      address: 127.0.0.1
      port_value: 9901

admin:
  access_log:
    - name: envoy.access_loggers.stdout
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
  address:
    socket_address:
      address: 127.0.0.1
      port_value: 9901

Copy to Clipboard

Toggle word wrap

返回顶部

4.8. 配置 Kourier

4.8.1. 访问当前的 Envoy bootstrap 配置
复制链接

4.8.2. 为 Kourier getaways 自定义 kourier-bootstrap
复制链接

4.8.3. 启用管理员接口访问权限
复制链接

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

4.8. 配置 Kourier

4.8.1. 访问当前的 Envoy bootstrap 配置复制链接链接已复制到粘贴板!

4.8.2. 为 Kourier getaways 自定义 kourier-bootstrap复制链接链接已复制到粘贴板!

4.8.3. 启用管理员接口访问权限复制链接链接已复制到粘贴板!

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

4.8.1. 访问当前的 Envoy bootstrap 配置
复制链接

4.8.2. 为 Kourier getaways 自定义 kourier-bootstrap
复制链接

4.8.3. 启用管理员接口访问权限
复制链接