Serverless 网关增强:阿里云 Knative 与云产品 ALB 集成

2022-05-04 22:22:41

Knative 是基于Kubernetes之上提供的一款开源Serverless应用框架,帮助您部署和管理现代化的Serverless工作负载,打造企业级Serverless平台,当前阿里云容器服务已经集成 Knative。

ALB 是专门面向HTTP、HTTPS和QUIC等应用层负载场景的负载均衡服务,具备超强弹性及大规模七层流量处理能力,支持Header、Cookie灰度发布。

本文介绍如何在阿里云容器服务 Knative 集成 ALB。

容器服务 Knative 中网关使用现状

当前在容器服务 Knative 中已经支持社区的 Kourier 网关以及与SLB网关集成,但这 2 种网关在使用中还存在如下问题:

  • Knative 社区提供的 Kourier 网关,但使用原生网关存在如下问题:
  • 社区原生Kourier 网关,部署在用户集群,需要客户自行负责 Kourier 网关的运维,承担资源成本以及运维成本
  • 不支持Cookie灰度发布
  • Knative 已经集成了 SLB 网关,但该网关不支持Header、Cookie 灰度发布。

目标与收益

目标:在 Serverless Framework(Knative)中提供云产品 ALB 网关能力

收益:既带来 Serverless Framework 网关能力增强,又拓展了 ALB Ingress 应用场景。

对接 ALB 方案

基本思路:将 Knative Ingress 转换成 K8s Ingress, 然后通过 ALB Ingress Controller 创建ALB以及转发规则。架构图如下:

Serverless 网关增强:阿里云 Knative 与云产品 ALB 集成

关键设计

  • Knative Service、Knative Ingress与K8s Ingress对应关系
  • 一个 Knative Service 对应一个 Knative Ingress ,对应一个 K8s Ingress
  • vswitch 虚拟交换机配置

由于创建ALB需要指定vswitch,因此需要用户在 Knative 中配置vswitch id信息。

knative-serving 命名空间 config-network configmap中配置参数:

apiVersion: v1
kind: ConfigMap
metadata:
data:
  ingress.class: alb.ingress.networking.knative.dev
  vswitch-ids: vsw-2zeqgkyib34gw1fxxx,vsw-2zefv5qwao4prxxx
  ...
  • 公网/内网访问
  • 当创建 Knative Service 时, 开始创建ALB
  • 根据 Ingress 判断是否公网。默认创建公网ALB。如果只有内网访问的Ingress, 则创建内网ALB
  • 公网访问
  • 创建 Albconfig: knative-internet
  • 内网访问
  • 创建 Albconfig: knative-intranet
  • 灰度发布
  • 基于流量比例的灰度发布
  • Knative Ingress会将revision service的权重转换成 K8s Ingress 灰度权重
  • 基于Header和 Cookie灰度发布
  • Header:
  • Knative当前支持Header方式进行灰度,通过Knative-Serving-Tag: {revision-tag}实现。
    • 在Knative Service中通过注解方式指定 header 对应的 traffic revision
  • Cookie:在Knative Service中通过注解方式指定 cookie 对应的 traffic revision

关键实现

Knative 对接 ALB 实现,关键在于:基于Cookie、Header、权重比例的灰度发布。这里主要对灰度发布实现进行介绍。

基于流量比例的灰度发布

Knative Ingress会将 revision service 的权重转换成 K8s Ingress 灰度权重。

Knative Service 示例如下:

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: helloworld-go
spec:
  template:
    metadata:
      annotations:
        autoscaling.knative.dev/maxScale: "100"
        autoscaling.knative.dev/minScale: "0"
    spec:
      containers:
      - env:
        - name: TARGET
          value: Knative11
        image: registry-vpc.cn-beijing.aliyuncs.com/knative-sample/helloworld-go:73fbdd56
        name: user-container
        ports:
        - containerPort: 8080
          name: http1
          protocol: TCP
  traffic:
  - latestRevision: false
    percent: 50
    revisionName: helloworld-go-00002
  - latestRevision: false
    percent: 50
    revisionName: helloworld-go-00001

内部转换成 K8s Ingress 如下:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/actions.forward-default: '{"type":"ForwardGroup","forwardConfig":{"targetGroups":[{"serviceName":"helloworld-go-00002","servicePort":80,"weight":50},{"serviceName":"helloworld-go-00001","servicePort":80,"weight":50}]}}'
  labels:
    knative.aliyun.com/ingress: helloworld-go
  name: helloworld-go
  namespace: default
spec:
  ingressClassName: knative-alb-ingress-internet
  rules:
  - host: helloworld-go.default.example.com
    http:
      paths:
      - backend:
          service:
            name: forward-default
            port:
              name: use-annotation
        path: /
        pathType: Prefix
  - host: helloworld-go.default.svc.cluster.local
    http:
      paths:
      - backend:
          service:
            name: forward-default
            port:
              name: use-annotation
        path: /
        pathType: Prefix

服务访问:

$ curl ${INGRESS_DNS} -H "Host:helloworld-go.default.example.com"
Hello Knative!
Hello Knative 2!

基于 Cookie、Header 灰度发布

  • 社区基于 Header 灰度发布

当前通过Knative Service 配置 tag-header-based-routing 方式实现header灰度发布

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: helloworld-go
spec:
  template:
    metadata:
      annotations:
        autoscaling.knative.dev/maxScale: "100"
        autoscaling.knative.dev/minScale: "0"
    spec:
      containers:
      - env:
        - name: TARGET
          value: Knative11
        image: registry-vpc.cn-beijing.aliyuncs.com/knative-sample/helloworld-go:73fbdd56
        name: user-container
        ports:
        - containerPort: 8080
          name: http1
          protocol: TCP
  traffic:
  - latestRevision: false
    percent: 0
    revisionName: helloworld-go-00002
    tag: rev1
  - latestRevision: false
    percent: 100
    revisionName: helloworld-go-00001

内部转换成K8s Ingress 如下:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/actions.forward-default: '{"type":"forward","forwardConfig":{"serverGroups":[{"serviceName":"helloworld-go-00002","servicePort":80,"weight":50},{"serviceName":"helloworld-go-00001","servicePort":80,"weight":50}]}}'
    alb.ingress.kubernetes.io/actions.forward-tag: '{"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"helloworld-go-00002","servicePort":80,"weight":100}]}}'
    alb.ingress.kubernetes.io/conditions.forward-tag: '[{"Type":"Header","CookieConfig":{"Values":null},"HeaderConfig":{"Key":"Knative-Serving-Tag","Values":["rev1"]}}]'
  labels:
    knative.aliyun.com/ingress: helloworld-go
  name: helloworld-go
  namespace: default
spec:
  ingressClassName: knative-alb-ingress-internet
  rules:
  - host: helloworld-go.default.a97e861255a18699.app.alicontainer.com
    http:
      paths:
      - backend:
          service:
            name: forward-default
            port:
              name: use-annotation
        path: /
        pathType: Prefix
  - host: helloworld-go.default.svc.cluster.local
    http:
      paths:
      - backend:
          service:
            name: forward-default
            port:
              name: use-annotation
        path: /
        pathType: Prefix
  - host: helloworld-go.default.a97e861255a18699.app.alicontainer.com
    http:
      paths:
      - backend:
          service:
            name: forward-tag
            port:
              name: use-annotation
        path: /
        pathType: Prefix
  - host: helloworld-go.default.svc.cluster.local
    http:
      paths:
      - backend:
          service:
            name: forward-tag
            port:
              name: use-annotation
        path: /
        pathType: Prefix
  - host: rev1-helloworld-go.default.svc.cluster.local
    http:
      paths:
      - backend:
          service:
            name: forward-tag
            port:
              name: use-annotation
        path: /
        pathType: Prefix

访问方式:

curl ${INGRESS_DNS} -H "Host:helloworld-go.default.example.com"  -H "Knative-Serving-Tag:rev1"
  • 基于 Header 灰度发布

在Knative Service中支持通过注解方式指定 header 对应的 traffic revision

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  annotations:
    alicloud.serving.knative.dev/headers: [{revision:helloworld-go-00002,headers:{demo:test}}]
  name: helloworld-go
spec:
  template:
    metadata:
      annotations:
        autoscaling.knative.dev/maxScale: "100"
        autoscaling.knative.dev/minScale: "0"
    spec:
      containers:
      - env:
        - name: TARGET
          value: Knative11
        image: registry-vpc.cn-beijing.aliyuncs.com/knative-sample/helloworld-go:73fbdd56
        name: user-container
        ports:
        - containerPort: 8080
          name: http1
          protocol: TCP
  traffic:
  - latestRevision: false
    percent: 0
    revisionName: helloworld-go-00002
  - latestRevision: false
    percent: 100
    revisionName: helloworld-go-00001

访问方式:

curl ${INGRESS_IP} -H "Host:helloworld-go.default.example.com" --header "demo=always" --header "header2=v2"
  • 基于Cookie 灰度发布

在Knative Service中通过注解方式指定 cookie 对应的 traffic revision

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  annotations:
    alicloud.serving.knative.dev/cookies: [{revision:helloworld-go-00002,cookies:{demo:always,cookie2:v2}}]
  name: helloworld-go
spec:
  template:
    metadata:
      annotations:
        autoscaling.knative.dev/maxScale: "100"
        autoscaling.knative.dev/minScale: "0"
    spec:
      containers:
      - env:
        - name: TARGET
          value: Knative11
        image: registry-vpc.cn-beijing.aliyuncs.com/knative-sample/helloworld-go:73fbdd56
        name: user-container
        ports:
        - containerPort: 8080
          name: http1
          protocol: TCP
  traffic:
  - latestRevision: false
    percent: 0
    revisionName: helloworld-go-00002
  - latestRevision: false
    percent: 100
    revisionName: helloworld-go-00001

访问方式:

curl ${INGRESS_DNS} -H "Host:helloworld-go.default.example.com" --cookie "demo=always" --cookie "cookie2=v2"

结论

将 Knative 与 ALB 集成,进一步提升 Knative Serverless 应用产品化能力,同时拓展了 ALB Ingress 产品使用场景。欢迎大家试用。

点击下方链接了解更多产品相关信息:

https://help.aliyun.com/document_detail/412227.html

上一篇:创业公司搭建自己的技术架构


下一篇:分布式文件系统之MooseFS----介绍