Knative is integrated with Function Compute (FC). This allows you to use functions to deploy services from code, Object Storage Service (OSS) objects, and images. This topic describes how to use functions to deploy a service in Knative.
Prerequisites
Use code to deploy a service
Use an OSS object submitted to FC to deploy a service
You can use FC to download function code from OSS and deploy a service.
Use an image submitted to FC to deploy a service
FC provides a custom container runtime to simplify developer experience and improve the development and delivery efficiency. Developers can access FC over HTTP and push container images to FC. For information about how to push a container image to FC, see Overview.
Limits
Item | Limit |
---|---|
Image size |
|
Supported image repositories | Only the image repositories of Container Registry Default Instance Edition are supported. Other image repositories will be supported later. For more information about Container Registry Default Instance Edition, see What is Container Registry Default Instance Edition?. |
Supported images | Only the images in a private image repository that belongs to the same Alibaba Cloud account and region as the service are supported. Public images will be supported later. |
Read and write permissions on container files | The run-as-user UID of the service is randomly selected from the range of 10000 to 10999. By default, a service is granted write permissions on the /tmp directory. The access control list (ACL) rules of the image file system determine the read and write permissions on other directories. If a UID has no permissions to read or write a file, you can configure the permissions in the Dockerfile. |
Storage space limit of the writable layers of a container | The data that is generated by the writable layers of a container cannot exceed 512 MB. |
Permission policies | When you create a service, you must attach the AliyunContainerRegistryReadOnlyAccess or AliyunContainerRegistryFullAccess permission policy to the service. You must create a RAM role and attach the AliyunContainerRegistryReadOnlyAccess or AliyunContainerRegistryFullAccess permission policy to the RAM role. In the Basic Information section on the RAM Roles page, you can obtain the Alibaba Cloud Resource Name (ARN). For more information, see Grant permissions to a RAM role and RAM role overview. |
Check the result
You can check whether the service is deployed. The following example shows how to check whether a service created by using code is deployed: