gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/g3doc/user_guide/tutorials/knative.md (about) 1 # Knative Services 2 3 [Knative](https://knative.dev/) is a platform for running serverless workloads 4 on Kubernetes. This guide will show you how to run basic Knative workloads in 5 gVisor. 6 7 ## Prerequisites 8 9 This guide assumes you have have a cluster that is capable of running gVisor 10 workloads. This could be a 11 [GKE Sandbox](https://cloud.google.com/kubernetes-engine/sandbox/) enabled 12 cluster on Google Cloud Platform or one you have set up yourself using 13 [containerd Quick Start](https://gvisor.dev/docs/user_guide/containerd/quick_start/). 14 15 This guide will also assume you have Knative installed using 16 [Istio](https://istio.io/) as the network layer. You can follow the 17 [Knative installation guide](https://knative.dev/docs/install/install-serving-with-yaml/) 18 to install Knative. 19 20 ## Enable the RuntimeClass feature flag 21 22 Knative allows the use of various parameters on Pods via 23 [feature flags](https://knative.dev/docs/serving/feature-flags/). We will enable 24 the 25 [runtimeClassName](https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class) 26 feature flag to enable the use of the Kubernetes 27 [Runtime Class](https://kubernetes.io/docs/concepts/containers/runtime-class/). 28 29 Edit the feature flags ConfigMap. 30 31 ```bash 32 kubectl edit configmap config-features -n knative-serving 33 ``` 34 35 Add the `kubernetes.podspec-runtimeclassname: enabled` to the `data` field. Once 36 you are finished the ConfigMap will look something like this (minus all the 37 system fields). 38 39 ```yaml 40 apiVersion: v1 41 kind: ConfigMap 42 metadata: 43 name: config-features 44 namespace: knative-serving 45 labels: 46 serving.knative.dev/release: v0.22.0 47 data: 48 kubernetes.podspec-runtimeclassname: enabled 49 ``` 50 51 ## Deploy the Service 52 53 After you have set the Runtime Class feature flag you can now create Knative 54 services that specify a `runtimeClassName` in the spec. 55 56 ```bash 57 cat <<EOF | kubectl apply -f - 58 apiVersion: serving.knative.dev/v1 59 kind: Service 60 metadata: 61 name: helloworld-go 62 spec: 63 template: 64 spec: 65 runtimeClassName: gvisor 66 containers: 67 - image: gcr.io/knative-samples/helloworld-go 68 env: 69 - name: TARGET 70 value: "gVisor User" 71 EOF 72 ``` 73 74 You can see the pods running and their Runtime Class. 75 76 ```bash 77 kubectl get pods -o=custom-columns='NAME:.metadata.name,RUNTIME CLASS:.spec.runtimeClassName,STATUS:.status.phase' 78 ``` 79 80 Output should look something like the following. Note that your service might 81 scale to zero. If you access it via it's URL you should get a new Pod. 82 83 ``` 84 NAME RUNTIME CLASS STATUS 85 helloworld-go-00002-deployment-646c87b7f5-5v68s gvisor Running 86 ``` 87 88 Congrats! Your Knative service is now running in gVisor!