Knative is integrated with Function Compute (FC). This allows you to use functions to deploy services based on code, Object Storage Service (OSS) objects, and images. This topic describes how to use functions to deploy a service in Knative.
Prerequisites
Use code to deploy a service
Use an OSS object submitted to FC to deploy a service
You can use FC to download function code from OSS and deploy a service.
Deploy a service based on an image submitted to FC
FC provides a custom container runtime to simplify developer experience and improve the development and delivery efficiency. Developers can access FC over HTTP and push container images to FC. For information about how to push a container image to FC, see Overview.
Limits
Configuration item | Limit |
---|---|
Image size |
|
Image repository | Only the image repositories in Container Registry Default Instance Edition are supported. Other image repositories will be supported later. For more information about Container Registry Default Instance Edition, see What is Container Registry Default Instance Edition?. |
Supported images | Only the images in a private image repository that belongs to the same account and region as the service are supported. Public images will be supported later. |
Read and write permissions on container files | The run-as-user UID of the service is randomly selected from the range of 10000 to 10999. By default, a service is granted the write permission on the /tmp directory. The ACL rules of the image file system determine the read and write permissions on other directories. If a UID has no permissions to read or write a file, you can configure the permissions in the Dockerfile. |
Storage space limit of the writable layers of a container | The data that is generated by the writable layers of a container cannot exceed 512 MB. |
Permission policy | When you create a service, you must attach the AliyunContainerRegistryReadOnlyAccess or AliyunContainerRegistryFullAccess permission policy to the service. You must create a RAM role and attach the AliyunContainerRegistryReadOnlyAccess or AliyunContainerRegistryFullAccess permission policy to the RAM role. In the Basic Information section on the RAM Roles page, you can obtain the ARN. For more information, see Grant permissions to a RAM role and RAM role overview. |
Verify the result
You can verify that the service is deployed. The following example describes how to verify the result of code-based service deployment.