Upgrade Notes of Knative (from v1.12 to v1.13)
2024年02月12日
This post focuses on the upgrade of Knative, from version 1.12 to 1.13, which is the latest version by the time I perform upgrade for this site.
% kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "app.kubernetes.io/version"}}'
1. Upgrade Knative, after which the detailed Istio new version could be decided.
2. Upgrade Istio.
3. Upgrade Kubernetes.
% KNATIVE_VER=1.13.1
% kubectl apply -f https://github.com/knative/serving/releases/download/knative-v${KNATIVE_VER}/serving-crds.yaml
2. Install the core components of Knative Serving
% kubectl apply -f https://github.com/knative/serving/releases/download/knative-v${KNATIVE_VER}/serving-core.yaml
Info
For information about the YAML files in Knative Serving, see Knative Serving installation files.
1. Install a properly configured Istio, by following the Advanced Istio installation instructions or by running the command:
% KNATIVE_VER=1.13.0
% kubectl apply -l knative.dev/crd-install=true -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/istio.yaml
% kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/istio.yaml
2. Install the Knative Istio controller:
% kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/net-istio.yaml
3. Fetch the External IP address or CNAME:
% kubectl --namespace istio-system get service istio-ingressgateway
$ kubectl get pods -n knative-serving
Check the current installed Knative Serving version:
% kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "app.kubernetes.io/version"}}'
% k get deploy -n istio-system -o yaml istiod | sed -n -e '/nodeSelector:/,/restartPolicy/{/restartPolicy:/!p;}' -e '/resources:/,/securityContext:/{/securityContext:/!p;}'
% k get deploy -n istio-system -o yaml istio-ingressgateway | sed -n -e '/nodeSelector:/,/restartPolicy/{/restartPolicy:/!p;}' -e '/resources:/,/securityContext:/{/securityContext:/!p;}'
Installing Knative Serving using YAML files
Background
The post Release Notes of Site Upgrades holds the catalog of the whole upgrade's note.This post focuses on the upgrade of Knative, from version 1.12 to 1.13, which is the latest version by the time I perform upgrade for this site.
Prerequisites
Check the current installed Knative Serving version:% kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "app.kubernetes.io/version"}}'
1.12.3%
Before Start
The sequence to upgrade Kubernetes, Istio and Knative is as follows:1. Upgrade Knative, after which the detailed Istio new version could be decided.
2. Upgrade Istio.
3. Upgrade Kubernetes.
Upgrade Knative
To upgrade, apply the YAML files for the subsequent minor versions of all your installed Knative components and features, remembering to only upgrade by one minor version at a time.Install the Knative Serving Component
1. Install the required custom resources% KNATIVE_VER=1.13.1
% kubectl apply -f https://github.com/knative/serving/releases/download/knative-v${KNATIVE_VER}/serving-crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificates.networking.internal.knative.dev configured customresourcedefinition.apiextensions.k8s.io/configurations.serving.knative.dev configured customresourcedefinition.apiextensions.k8s.io/clusterdomainclaims.networking.internal.knative.dev configured customresourcedefinition.apiextensions.k8s.io/domainmappings.serving.knative.dev configured customresourcedefinition.apiextensions.k8s.io/ingresses.networking.internal.knative.dev configured customresourcedefinition.apiextensions.k8s.io/metrics.autoscaling.internal.knative.dev configured customresourcedefinition.apiextensions.k8s.io/podautoscalers.autoscaling.internal.knative.dev configured customresourcedefinition.apiextensions.k8s.io/revisions.serving.knative.dev configured customresourcedefinition.apiextensions.k8s.io/routes.serving.knative.dev configured customresourcedefinition.apiextensions.k8s.io/serverlessservices.networking.internal.knative.dev configured customresourcedefinition.apiextensions.k8s.io/services.serving.knative.dev configured customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev configured
2. Install the core components of Knative Serving
% kubectl apply -f https://github.com/knative/serving/releases/download/knative-v${KNATIVE_VER}/serving-core.yaml
namespace/knative-serving configured role.rbac.authorization.k8s.io/knative-serving-activator configured clusterrole.rbac.authorization.k8s.io/knative-serving-activator-cluster configured clusterrole.rbac.authorization.k8s.io/knative-serving-aggregated-addressable-resolver configured clusterrole.rbac.authorization.k8s.io/knative-serving-addressable-resolver configured clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-admin configured clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-edit configured clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-view configured clusterrole.rbac.authorization.k8s.io/knative-serving-core configured clusterrole.rbac.authorization.k8s.io/knative-serving-podspecable-binding configured serviceaccount/controller configured clusterrole.rbac.authorization.k8s.io/knative-serving-admin configured clusterrolebinding.rbac.authorization.k8s.io/knative-serving-controller-admin configured clusterrolebinding.rbac.authorization.k8s.io/knative-serving-controller-addressable-resolver configured serviceaccount/activator configured rolebinding.rbac.authorization.k8s.io/knative-serving-activator configured clusterrolebinding.rbac.authorization.k8s.io/knative-serving-activator-cluster configured customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/certificates.networking.internal.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/configurations.serving.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/clusterdomainclaims.networking.internal.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/domainmappings.serving.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/ingresses.networking.internal.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/metrics.autoscaling.internal.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/podautoscalers.autoscaling.internal.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/revisions.serving.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/routes.serving.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/serverlessservices.networking.internal.knative.dev unchanged customresourcedefinition.apiextensions.k8s.io/services.serving.knative.dev unchanged secret/serving-certs-ctrl-ca unchanged secret/knative-serving-certs unchanged secret/routing-serving-certs unchanged image.caching.internal.knative.dev/queue-proxy configured configmap/config-autoscaler configured configmap/config-defaults configured configmap/config-deployment configured configmap/config-domain configured configmap/config-features configured configmap/config-gc configured configmap/config-leader-election configured configmap/config-logging configured configmap/config-network configured configmap/config-observability configured configmap/config-tracing configured horizontalpodautoscaler.autoscaling/activator configured poddisruptionbudget.policy/activator-pdb configured deployment.apps/activator configured service/activator-service configured deployment.apps/autoscaler configured service/autoscaler configured deployment.apps/controller configured service/controller configured horizontalpodautoscaler.autoscaling/webhook configured poddisruptionbudget.policy/webhook-pdb configured deployment.apps/webhook configured service/webhook configured validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.serving.knative.dev configured mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.serving.knative.dev configured validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.serving.knative.dev configured secret/webhook-certs configured
Info
For information about the YAML files in Knative Serving, see Knative Serving installation files.
Install a Networking Layer
Install a properly configured Istio and enable its Knative integration.1. Install a properly configured Istio, by following the Advanced Istio installation instructions or by running the command:
% KNATIVE_VER=1.13.0
% kubectl apply -l knative.dev/crd-install=true -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/istio.yaml
customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io configured customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io configured customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io configured customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io configured customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io configured customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io configured customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io configured customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io configured customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io configured customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io configured customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io configured customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io configured customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io configured customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io configured
% kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/istio.yaml
namespace/istio-system unchanged serviceaccount/istio-ingressgateway-service-account configured serviceaccount/istio-reader-service-account unchanged serviceaccount/istiod unchanged clusterrole.rbac.authorization.k8s.io/istio-reader-clusterrole-istio-system unchanged clusterrole.rbac.authorization.k8s.io/istiod-clusterrole-istio-system unchanged clusterrole.rbac.authorization.k8s.io/istiod-gateway-controller-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istio-reader-clusterrole-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istiod-clusterrole-istio-system unchanged clusterrolebinding.rbac.authorization.k8s.io/istiod-gateway-controller-istio-system unchanged role.rbac.authorization.k8s.io/istio-ingressgateway-sds configured role.rbac.authorization.k8s.io/istiod unchanged rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds configured rolebinding.rbac.authorization.k8s.io/istiod unchanged customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io unchanged customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io unchanged configmap/istio configured configmap/istio-sidecar-injector configured deployment.apps/istio-ingressgateway configured deployment.apps/istiod configured Warning: resource services/istio-ingressgateway is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. service/istio-ingressgateway configured service/istiod configured horizontalpodautoscaler.autoscaling/istiod unchanged poddisruptionbudget.policy/istio-ingressgateway configured poddisruptionbudget.policy/istiod configured mutatingwebhookconfiguration.admissionregistration.k8s.io/istio-sidecar-injector configured validatingwebhookconfiguration.admissionregistration.k8s.io/istio-validator-istio-system configured
2. Install the Knative Istio controller:
% kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/net-istio.yaml
clusterrole.rbac.authorization.k8s.io/knative-serving-istio configured gateway.networking.istio.io/knative-ingress-gateway configured gateway.networking.istio.io/knative-local-gateway configured service/knative-local-gateway configured configmap/config-istio configured peerauthentication.security.istio.io/webhook configured peerauthentication.security.istio.io/net-istio-webhook configured deployment.apps/net-istio-controller configured deployment.apps/net-istio-webhook configured secret/net-istio-webhook-certs configured service/net-istio-webhook configured mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.istio.networking.internal.knative.dev configured validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.istio.networking.internal.knative.dev configured certificate.networking.internal.knative.dev/routing-serving-certs created
3. Fetch the External IP address or CNAME:
% kubectl --namespace istio-system get service istio-ingressgateway
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 172.20.xx.yy k8s-istiosys-istioing-df******63-32************92.elb.us-west-2.amazonaws.com 15021:3***1/TCP,80:3***1/TCP,443:3***9/TCP,31400:3***5/TCP,15443:3***0/TCP 54d
Verify the Installation
Monitor the Knative components until all of the components show a STATUS of Running or Completed.$ kubectl get pods -n knative-serving
NAME READY STATUS RESTARTS AGE activator-bfb97979b-zgrzk 2/2 Running 0 24m autoscaler-847ccf69d8-6sw79 2/2 Running 0 24m controller-5d86fbf4c8-5r2jl 2/2 Running 0 24m domainmapping-webhook-566bbc794d-j2kdx 2/2 Running 0 19d net-istio-controller-669b5f49b8-h44h8 1/1 Running 0 7m27s net-istio-webhook-c5bf7d6f9-dmnpw 2/2 Running 0 19d webhook-6d8cffbb48-7krkh 2/2 Running 0 24m
Check the current installed Knative Serving version:
% kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "app.kubernetes.io/version"}}'
1.13.1%
% k get deploy -n istio-system -o yaml istiod | sed -n -e '/nodeSelector:/,/restartPolicy/{/restartPolicy:/!p;}' -e '/resources:/,/securityContext:/{/securityContext:/!p;}'
resources:
requests:
cpu: 500m
memory: 2Gi
nodeSelector:
kubernetes.io/arch: arm64
% k get deploy -n istio-system -o yaml istio-ingressgateway | sed -n -e '/nodeSelector:/,/restartPolicy/{/restartPolicy:/!p;}' -e '/resources:/,/securityContext:/{/securityContext:/!p;}'
resources:
limits:
cpu: "3"
memory: 2Gi
requests:
cpu: "1"
memory: 1Gi
nodeSelector:
kubernetes.io/arch: arm64
Decide the Istio Version
$ istioctl versionclient version: 1.19.5 pilot version: 1.20.2 pilot version: 1.19.5 pilot version: 1.19.5 data plane version: 1.19.5 (11 proxies), 1.20.2 (3 proxies)In the next step, we will upgrade Istio to version 1.20.2, from version 1.19.5. For more information, refer to Upgrade Notes of Istio (from v1.19 to v1.20).
References
Installing Knative Serving using YAML files