This repository contains Knative Build Templates along with modified versions of their respective OpenWhisk Action Runtimes that can be used to Build and Serve Knative compatible applications (i.e., OpenWhisk Actions) on Kubernetes.
The general pre-requisites are as follows:
Specifically, for development and testing on Mac OS, the following components and versions were used:
brew install kubernetes-cli
)Under the Docker Desktop menu select “Preferences”->“Advanced” and set these values to at least these minimums:
Under the Docker Desktop Kubernetes tab, please assure that Kubernetes is enabled and running.
Use the following command to verify the Kubernetes Server Version indicates version 1.13:
$ kubectl version Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.2", GitCommit:"cff46ab41ff0bb44d8584413b598ad8360ec1def", GitTreeState:"clean", BuildDate:"2019-01-13T23:15:13Z", GoVersion:"go1.11.4", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.0", GitCommit:"ddf47ac13c1a9483ea035a79cd7c10005ff21a6d", GitTreeState:"clean", BuildDate:"2018-12-03T20:56:12Z", GoVersion:"go1.11.2", Compiler:"gc", Platform:"linux/amd64"}
The Server Version
is the version for the Kubernetes service; the Client Version
is for the Kubernetes CLI (i.e., kubectl
).
$ kubectl get nodes NAME STATUS ROLES AGE VERSION docker-desktop Ready master 4d22h v1.13.0
$ kubectl get pods --namespace kube-system
NAME READY STATUS RESTARTS AGE coredns-86c58d9df4-ms8qs 1/1 Running 0 4d22h coredns-86c58d9df4-x29vt 1/1 Running 0 4d22h etcd-docker-desktop 1/1 Running 1 4d22h kube-apiserver-docker-desktop 1/1 Running 1 4d22h kube-controller-manager-docker-desktop 1/1 Running 3 4d22h kube-proxy-mltsm 1/1 Running 0 4d22h kube-scheduler-docker-desktop 1/1 Running 3 4d22h
The following instructions were used to install Knative: Knative Install on a Kubernetes Cluster
These instructions take you through the installation of
$ kubectl get pods --namespace istio-system
NAME READY STATUS RESTARTS AGE cluster-local-gateway-547467ccf6-p8n72 1/1 Running 1 4d21h istio-citadel-7d64db8bcf-m7gsj 1/1 Running 0 4d21h istio-cleanup-secrets-8lzj4 0/1 Completed 0 4d21h istio-egressgateway-6ddf4c8bd6-2dxhc 1/1 Running 1 4d21h istio-galley-7dd996474-pdd6h 1/1 Running 1 4d21h istio-ingressgateway-84b89d647f-cxrwx 1/1 Running 1 4d21h istio-pilot-86bb4fcbbd-5ns5q 2/2 Running 0 4d21h istio-pilot-86bb4fcbbd-vd2xr 2/2 Running 0 4d21h istio-pilot-86bb4fcbbd-zstrw 2/2 Running 0 4d21h istio-policy-5c4d9ff96b-559db 2/2 Running 1 4d21h istio-sidecar-injector-6977b5cf5b-94hj5 1/1 Running 0 4d21h istio-statsd-prom-bridge-b44b96d7b-kzkzc 1/1 Running 0 4d21h istio-telemetry-7676df547f-jp952 2/2 Running 1 4d21h knative-ingressgateway-75644679c7-c2kxj 1/1 Running 1 4d21h
Check the default
namespace has the label istio-injection and it is set to enabled:
$ kubectl get namespace default -o yaml
Example output:
apiVersion: v1 kind: Namespace metadata: creationTimestamp: 2019-01-29T19:30:44Z labels: istio-injection: enabled name: default resourceVersion: "3928" selfLink: /api/v1/namespaces/default uid: 5ecb1bb0-23fc-11e9-bed6-025000000001 spec: finalizers: - kubernetes status: phase: Active
Note: If you do not see the istio-injection label, verify you issued the ‘kubectl’ command to set this label to the default namespace. See Troubleshooting section for more information.
All OpenWhisk Runtime Build Templates require a valid Kubernetes Service Account with access to a Kubernetes Secret that containst base64 encoded versions of your Docker Hub username and password. This credential will be used as part of the Knative Build process to “push” your Knative application image containing your OpenWhisk Action to Docker Hub.
$ git clone https://github.com/apache/incubator-openwhisk-devtools.git $ cd incubator-openwhisk-devtools/knative-build
Use the following commands to generate base64 encoded values of your Docker Hub username and password required to register a new secret in Kubernetes.
$ export DOCKERHUB_USERNAME_PLAIN_TEXT=<your docker hub username> $ export DOCKERHUB_PASSWORD_PLAIN_TEXT=<your docker hub password> $ export DOCKERHUB_USERNAME_BASE64_ENCODED=`echo -n "${DOCKERHUB_USERNAME_PLAIN_TEXT}" | base64 -b 0` # make sure that DOCKERHUB_USERNAME_BASE64_ENCODEDE is set to something similar to abcqWeRTy2gZApB== $ export DOCKERHUB_PASSWORD_BASE64_ENCODED=`echo -n "${DOCKERHUB_PASSWORD_PLAIN_TEXT}" | base64 -b 0` # make sure that DOCKERHUB_PASSWORD_BASE64_ENCODED is set to something similar to t80szzToPshrpDr3sdMn==
Use the following sed
command which will generate a docker-secrets.yaml
file from the file docker-secret.yaml.tmpl and replace the username and password values with the base64 encoded versions of your Docker Hub username and password from the environment variables you exported above:
sed -e 's/${DOCKERHUB_USERNAME_BASE64_ENCODED}/'"$DOCKERHUB_USERNAME_BASE64_ENCODED"'/' -e 's/${DOCKERHUB_PASSWORD_BASE64_ENCODED}/'"$DOCKERHUB_PASSWORD_BASE64_ENCODED"'/' docker-secret.yaml.tmpl > docker-secret.yaml
Apply the Secret resource manifest for Docker Hub:
$ kubectl apply -f docker-secret.yaml secret/dockerhub-user-pass created
Verify Secret exists:
$ kubectl get secret NAME TYPE DATA AGE dockerhub-user-pass kubernetes.io/basic-auth 2 21s
Knative requires a valid ServiceAccount resource that will be used when building and serving OpenWhisk Serverless Actions using the OpenWhisk runtimes. For convenience, all Knative builds for all runtimes are configured to use the same ServiceAccount as defined in service-account.yaml.
$ kubectl apply -f service-account.yaml serviceaccount/openwhisk-runtime-builder created
Verify the Service account has 2 secrets (i.e., username and password):
$ kubectl get serviceaccount/openwhisk-runtime-builder NAME SECRETS AGE openwhisk-runtime-builder 2 3m46s
At this point, you have completed all the pre-reqs to build and run OpenWhisk runtimes on Knative. In order to actually build and run them, you will need to continue following the instructions on the READMEs for the respective language runtimes listed below:
If the default
namespace does not have this value under the metadata
section, you may have forgotton to issue the following command as part of the Knative setup:
$ kubectl label namespace default istio-injection=enabled namespace "default" labeled
clusterrole "knative-build-admin" created serviceaccount "build-controller" created clusterrolebinding "build-controller-admin" created customresourcedefinition "builds.build.knative.dev" created customresourcedefinition "buildtemplates.build.knative.dev" created customresourcedefinition "clusterbuildtemplates.build.knative.dev" created customresourcedefinition "images.caching.internal.knative.dev" created service "build-controller" created service "build-webhook" created image "creds-init" created image "git-init" created ... rolebinding "prometheus-system" created rolebinding "prometheus-system" created rolebinding "prometheus-system" created rolebinding "prometheus-system" created clusterrolebinding "prometheus-system" created service "prometheus-system-np" created statefulset "prometheus-system" created
Init:1/4
Check the GitHub revision is set to right branch within your build.yaml
file:
source: git: url: <repo> revision: <branch>