gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/g3doc/user_guide/tutorials/knative.md (about)

     1  # Knative Services
     2  
     3  [Knative](https://knative.dev/) is a platform for running serverless workloads
     4  on Kubernetes. This guide will show you how to run basic Knative workloads in
     5  gVisor.
     6  
     7  ## Prerequisites
     8  
     9  This guide assumes you have have a cluster that is capable of running gVisor
    10  workloads. This could be a
    11  [GKE Sandbox](https://cloud.google.com/kubernetes-engine/sandbox/) enabled
    12  cluster on Google Cloud Platform or one you have set up yourself using
    13  [containerd Quick Start](https://gvisor.dev/docs/user_guide/containerd/quick_start/).
    14  
    15  This guide will also assume you have Knative installed using
    16  [Istio](https://istio.io/) as the network layer. You can follow the
    17  [Knative installation guide](https://knative.dev/docs/install/install-serving-with-yaml/)
    18  to install Knative.
    19  
    20  ## Enable the RuntimeClass feature flag
    21  
    22  Knative allows the use of various parameters on Pods via
    23  [feature flags](https://knative.dev/docs/serving/feature-flags/). We will enable
    24  the
    25  [runtimeClassName](https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class)
    26  feature flag to enable the use of the Kubernetes
    27  [Runtime Class](https://kubernetes.io/docs/concepts/containers/runtime-class/).
    28  
    29  Edit the feature flags ConfigMap.
    30  
    31  ```bash
    32  kubectl edit configmap config-features -n knative-serving
    33  ```
    34  
    35  Add the `kubernetes.podspec-runtimeclassname: enabled` to the `data` field. Once
    36  you are finished the ConfigMap will look something like this (minus all the
    37  system fields).
    38  
    39  ```yaml
    40  apiVersion: v1
    41  kind: ConfigMap
    42  metadata:
    43    name: config-features
    44    namespace: knative-serving
    45    labels:
    46      serving.knative.dev/release: v0.22.0
    47  data:
    48    kubernetes.podspec-runtimeclassname: enabled
    49  ```
    50  
    51  ## Deploy the Service
    52  
    53  After you have set the Runtime Class feature flag you can now create Knative
    54  services that specify a `runtimeClassName` in the spec.
    55  
    56  ```bash
    57  cat <<EOF | kubectl apply -f -
    58  apiVersion: serving.knative.dev/v1
    59  kind: Service
    60  metadata:
    61    name: helloworld-go
    62  spec:
    63    template:
    64      spec:
    65        runtimeClassName: gvisor
    66        containers:
    67          - image: gcr.io/knative-samples/helloworld-go
    68            env:
    69              - name: TARGET
    70                value: "gVisor User"
    71  EOF
    72  ```
    73  
    74  You can see the pods running and their Runtime Class.
    75  
    76  ```bash
    77  kubectl get pods -o=custom-columns='NAME:.metadata.name,RUNTIME CLASS:.spec.runtimeClassName,STATUS:.status.phase'
    78  ```
    79  
    80  Output should look something like the following. Note that your service might
    81  scale to zero. If you access it via it's URL you should get a new Pod.
    82  
    83  ```
    84  NAME                                              RUNTIME CLASS   STATUS
    85  helloworld-go-00002-deployment-646c87b7f5-5v68s   gvisor          Running
    86  ```
    87  
    88  Congrats! Your Knative service is now running in gVisor!