For traffic management in large-scale distributed systems and microservices applications, particularly those that use or plan to use Istio as their service mesh framework, we recommend that you use Alibaba Cloud Service Mesh (ASM) as the gateway for traffic distribution and routing of Knative services. ASM gateway is compatible with the open-source Istio specifications, with control plane components managed by Container Service for Kubernetes (ACK). Using ASM gateway simplifies service management, including traffic routing and splitting management between service calls, authentication and security for inter-service communication, and enhanced observability capabilities within the mesh.
Prerequisites
An ASM instance of version 1.21.6.84 or later is created. For more information, see Create an ASM instance.
When you create an ASM instance, in the Kubernetes Cluster area, add the created ACK managed cluster or ACK Serverless cluster to the ASM instance, and enable Allow data plane cluster KubeAPI to access Istio CR.
Step 1: Deploy the ASM gateway
You can either select the ASM (Istio) service gateway directly during the initial Knative deployment, or configure it by modifying the configuration file if Knative is already installed.
During Knative installation
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want and click its name. In the left navigation pane, choose .
On the Knative page, under the Components tab, click Deploy Knative, then select ASM at the Gateway section, and click Deploy.
After successful deployment, you can use the ASM in Knative.
After Knative installation
Edit the
config-networkConfigMap.kubectl -n knative-serving edit configmap config-networkChange the value of the
ingress.classfield toistio.ingress.networking.knative.dev, then save the file and exit the editor to apply the changes..apiVersion: v1 data: ... ingress.class: istio.ingress.networking.knative.dev # Use the ASM service gateway ... kind: ConfigMap metadata: name: config-network namespace: knative-serving
Step 2: Access the deployed Service through the ASM gateway
This step uses a Knative Service to complete service deployment through ASM.
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want and click its name. In the left navigation pane, choose .
Under the Services tab on the Knative page, select Namespace as default, then click Create from Template. Copy and paste the following YAML example into the template, and click Create to create a Service named helloworld-go.
ImportantReplace
{REGION-ID}in the code below with the region ID of your cluster (e.g.,cn-beijing) to ensure access and use of the image.apiVersion: serving.knative.dev/v1 kind: Service metadata: name: helloworld-go spec: template: spec: containers: - image: registry.{REGION-ID}.aliyuncs.com/knative-sample/helloworld-go:73fbdd56 # Please replace {REGION-ID} with the region of your cluster. env: - name: TARGET value: "Knative"Under the Gateway column on the Services page, you can get the gateway address of the helloworld-go Service.
Run the following command to access the helloworld-go Service:
curl -H "Host: helloworld-go.default.example.com" http://39.XX.XX.XX # Please use the actual IP and domain name of your gateway.Expected output:
Hello Knative!The output indicates that the Service access is successful.
(Optional) Step 3: View Service monitoring data
Knative provides out-of-the-box monitoring features. On the Knative page, click the Monitoring Dashboards tab to view the monitoring data of the helloworld-go Service. For more information about how to enable the Knative dashboard, see View the Knative dashboard through Alibaba Cloud Prometheus monitoring.
References
You can customize domain names for Knative Services. For more information, see Use custom domain names and paths.
You can configure a certificate to access Knative Services over HTTPS. For more information, see Configure a certificate to access Services over HTTPS.
You can deploy a gRPC Service in Knative to improve network efficiency. For more information, see Deploy a gRPC Service in Knative.
You can configure probes to monitor the health status and availability of Knative Services. For more information, see Configure port probing in Knative.
If you want to connect an elastic container instance to the Internet, you must associate an elastic IP address (EIP) with the elastic container instance. For more information, see Associate an EIP with the elastic container instance on which a Knative Service runs.