Skip to content

Instantly share code, notes, and snippets.

View nak3's full-sized avatar

Kenjiro Nakayama nak3

View GitHub Profile
@nak3
nak3 / openshift-kfserving.md
Last active February 1, 2021 07:12
How to use KFServing on OpenShift

How to use KFServing on OpenShift

Step 1. Install OpenShift Service Mesh

NOTE: This instruction documentation does not use Istio. But KFServing controller controls VirtualService so we must install it. Please refer to kfserving/issues/1336 for the detail.

There is no special step to install OpenShift Service Mesh for KFServing. We just follow the servicemesh installation documentation.

Install each operator by following the sections:

git clone https://github.com/knative/serving.git
git clone https://github.com/knative/networking.git
git clone https://github.com/knative-sandbox/net-istio.git
git clone https://github.com/knative-sandbox/net-contour.git
git clone https://github.com/knative-sandbox/net-http01.git
git clone https://github.com/knative-sandbox/net-certmanager.git
git clone https://github.com/knative-sandbox/net-kourier.git
git clone https://github.com/knative-sandbox/net-gateway-api.git
# Copyright 2018 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@nak3
nak3 / istio-mesh.yaml
Last active June 18, 2020 13:54
IstioOperator for mTLS
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
values:
global:
proxy:
autoInject: enabled
useMCP: false
sidecarInjectorWebhook:
rewriteAppHTTPProbe: true
@nak3
nak3 / after.yaml
Last active May 15, 2020 10:17
KnativeServing
spec:
cluster-local-gateway: {}
config:
deployment:
queueSidecarImage: registry.svc.ci.openshift.org/openshift/knative-v0.13.2:knative-serving-queue
domain:
apps.knakayam-dev01.devcluster.openshift.com: ""
network:
domainTemplate: '{{.Name}}-{{.Namespace}}.{{.Domain}}'
ingress.class: kourier.ingress.networking.knative.dev
@nak3
nak3 / istio-ci-no-mesh-operator.yaml
Created April 13, 2020 01:26
istio-ci-no-mesh-operator.yaml
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
knative-serving/networking-istio-74fd45bcd-2h25n[networking-istio]: {"level":"info","ts":"2020-03-27T01:24:21.589Z","logger":"istiocontroller.istio-ingress-controller.status-manager","caller":"status/status.go:254","msg":"Queuing probe for http://projected-config-map-volume-vkeoxqos.serving-tests:80, IP: 10.24.11.2:80 (depth: 0)","commit":"54d939d","knative.dev/controller":"istio-ingress-controller"}
knative-serving/networking-istio-74fd45bcd-2h25n[networking-istio]: {"level":"info","ts":"2020-03-27T01:24:21.589Z","logger":"istiocontroller.istio-ingress-controller.status-manager","caller":"status/status.go:254","msg":"Queuing probe for http://projected-config-map-volume-vkeoxqos.serving-tests.svc:80, IP: 10.24.11.2:80 (depth: 0)","commit":"54d939d","knative.dev/controller":"istio-ingress-controller"}
knative-serving/networking-istio-74fd45bcd-2h25n[networking-istio]: {"level":"info","ts":"2020-03-27T01:24:21.589Z","logger":"istiocontroller.istio-ingress-controller.status-manager","caller":"status/status.go:25

1. Download manifest

mkdir /tmp/dev && cd /tmp/dev/
wget https://raw.githubusercontent.com/openshift/knative-serving/release-v0.11.1/openshift/release/knative-serving-v0.11.1.yaml

NOTE: This downloads v0.11.1 manifest. It should same version with $ oc get ks -n knative-serving.

2. Edit the downloaded manifest

# Resources for AddonComponents prometheus component
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus-istio-system
labels:
app: prometheus
release: istio
rules:
function prepare() {
kubectl create ns bug
kubectl create ns bug-alt
kubectl label ns bug istio-injection=enabled
kubectl label ns bug-alt istio-injection=enabled
cat <<EOF | kubectl apply -f -
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata: