Upgrade Notes of Knative (from v1.12 to v1.13)

2024年02月12日


Background

The post Release Notes of Site Upgrades holds the catalog of the whole upgrade's note. 

This post focuses on the upgrade of Knative, from version 1.12 to 1.13, which is the latest version by the time I perform upgrade for this site.


Prerequisites

Check the current installed Knative Serving version:
% kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "app.kubernetes.io/version"}}'
1.12.3%


Before Start

The sequence to upgrade Kubernetes, Istio and Knative is as follows:
1. Upgrade Knative, after which the detailed Istio new version could be decided.
2. Upgrade Istio.
3. Upgrade Kubernetes.


Upgrade Knative

To upgrade, apply the YAML files for the subsequent minor versions of all your installed Knative components and features, remembering to only upgrade by one minor version at a time.

Install the Knative Serving Component

1. Install the required custom resources
% KNATIVE_VER=1.13.1
% kubectl apply -f https://github.com/knative/serving/releases/download/knative-v${KNATIVE_VER}/serving-crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificates.networking.internal.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/configurations.serving.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/clusterdomainclaims.networking.internal.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/domainmappings.serving.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/ingresses.networking.internal.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/metrics.autoscaling.internal.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/podautoscalers.autoscaling.internal.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/revisions.serving.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/routes.serving.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/serverlessservices.networking.internal.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/services.serving.knative.dev configured
customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev configured

2. Install the core components of Knative Serving
% kubectl apply -f https://github.com/knative/serving/releases/download/knative-v${KNATIVE_VER}/serving-core.yaml
namespace/knative-serving configured
role.rbac.authorization.k8s.io/knative-serving-activator configured
clusterrole.rbac.authorization.k8s.io/knative-serving-activator-cluster configured
clusterrole.rbac.authorization.k8s.io/knative-serving-aggregated-addressable-resolver configured
clusterrole.rbac.authorization.k8s.io/knative-serving-addressable-resolver configured
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-admin configured
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-edit configured
clusterrole.rbac.authorization.k8s.io/knative-serving-namespaced-view configured
clusterrole.rbac.authorization.k8s.io/knative-serving-core configured
clusterrole.rbac.authorization.k8s.io/knative-serving-podspecable-binding configured
serviceaccount/controller configured
clusterrole.rbac.authorization.k8s.io/knative-serving-admin configured
clusterrolebinding.rbac.authorization.k8s.io/knative-serving-controller-admin configured
clusterrolebinding.rbac.authorization.k8s.io/knative-serving-controller-addressable-resolver configured
serviceaccount/activator configured
rolebinding.rbac.authorization.k8s.io/knative-serving-activator configured
clusterrolebinding.rbac.authorization.k8s.io/knative-serving-activator-cluster configured
customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/certificates.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/configurations.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/clusterdomainclaims.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/domainmappings.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/ingresses.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/metrics.autoscaling.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/podautoscalers.autoscaling.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/revisions.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/routes.serving.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/serverlessservices.networking.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/services.serving.knative.dev unchanged
secret/serving-certs-ctrl-ca unchanged
secret/knative-serving-certs unchanged
secret/routing-serving-certs unchanged
image.caching.internal.knative.dev/queue-proxy configured
configmap/config-autoscaler configured
configmap/config-defaults configured
configmap/config-deployment configured
configmap/config-domain configured
configmap/config-features configured
configmap/config-gc configured
configmap/config-leader-election configured
configmap/config-logging configured
configmap/config-network configured
configmap/config-observability configured
configmap/config-tracing configured
horizontalpodautoscaler.autoscaling/activator configured
poddisruptionbudget.policy/activator-pdb configured
deployment.apps/activator configured
service/activator-service configured
deployment.apps/autoscaler configured
service/autoscaler configured
deployment.apps/controller configured
service/controller configured
horizontalpodautoscaler.autoscaling/webhook configured
poddisruptionbudget.policy/webhook-pdb configured
deployment.apps/webhook configured
service/webhook configured
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.serving.knative.dev configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.serving.knative.dev configured
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.serving.knative.dev configured
secret/webhook-certs configured

Info
For information about the YAML files in Knative Serving, see Knative Serving installation files.


Install a Networking Layer

Install a properly configured Istio and enable its Knative integration.
1. Install a properly configured Istio, by following the Advanced Istio installation instructions or by running the command:
KNATIVE_VER=1.13.0
kubectl apply -l knative.dev/crd-install=true -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/istio.yaml
customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io configured
customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io configured
customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io configured
customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io configured
customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io configured
customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io configured

% kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/istio.yaml
namespace/istio-system unchanged
serviceaccount/istio-ingressgateway-service-account configured
serviceaccount/istio-reader-service-account unchanged
serviceaccount/istiod unchanged
clusterrole.rbac.authorization.k8s.io/istio-reader-clusterrole-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istiod-clusterrole-istio-system unchanged
clusterrole.rbac.authorization.k8s.io/istiod-gateway-controller-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istio-reader-clusterrole-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istiod-clusterrole-istio-system unchanged
clusterrolebinding.rbac.authorization.k8s.io/istiod-gateway-controller-istio-system unchanged
role.rbac.authorization.k8s.io/istio-ingressgateway-sds configured
role.rbac.authorization.k8s.io/istiod unchanged
rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds configured
rolebinding.rbac.authorization.k8s.io/istiod unchanged
customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/istiooperators.install.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/peerauthentications.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/proxyconfigs.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/requestauthentications.security.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/telemetries.telemetry.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/wasmplugins.extensions.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/workloadentries.networking.istio.io unchanged
customresourcedefinition.apiextensions.k8s.io/workloadgroups.networking.istio.io unchanged
configmap/istio configured
configmap/istio-sidecar-injector configured
deployment.apps/istio-ingressgateway configured
deployment.apps/istiod configured
Warning: resource services/istio-ingressgateway is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
service/istio-ingressgateway configured
service/istiod configured
horizontalpodautoscaler.autoscaling/istiod unchanged
poddisruptionbudget.policy/istio-ingressgateway configured
poddisruptionbudget.policy/istiod configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/istio-sidecar-injector configured
validatingwebhookconfiguration.admissionregistration.k8s.io/istio-validator-istio-system configured

2. Install the Knative Istio controller:
kubectl apply -f https://github.com/knative/net-istio/releases/download/knative-v${KNATIVE_VER}/net-istio.yaml
clusterrole.rbac.authorization.k8s.io/knative-serving-istio configured
gateway.networking.istio.io/knative-ingress-gateway configured
gateway.networking.istio.io/knative-local-gateway configured
service/knative-local-gateway configured
configmap/config-istio configured
peerauthentication.security.istio.io/webhook configured
peerauthentication.security.istio.io/net-istio-webhook configured
deployment.apps/net-istio-controller configured
deployment.apps/net-istio-webhook configured
secret/net-istio-webhook-certs configured
service/net-istio-webhook configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.istio.networking.internal.knative.dev configured
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.istio.networking.internal.knative.dev configured
certificate.networking.internal.knative.dev/routing-serving-certs created

3. Fetch the External IP address or CNAME:
% kubectl --namespace istio-system get service istio-ingressgateway
NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP                                                                     PORT(S)                                                                      AGE
istio-ingressgateway   LoadBalancer   172.20.xx.yy   k8s-istiosys-istioing-df******63-32************92.elb.us-west-2.amazonaws.com   15021:3***1/TCP,80:3***1/TCP,443:3***9/TCP,31400:3***5/TCP,15443:3***0/TCP   54d


Verify the Installation

Monitor the Knative components until all of the components show a STATUS of Running or Completed.
$ kubectl get pods -n knative-serving
NAME                                     READY   STATUS    RESTARTS   AGE
activator-bfb97979b-zgrzk                2/2     Running   0          24m
autoscaler-847ccf69d8-6sw79              2/2     Running   0          24m
controller-5d86fbf4c8-5r2jl              2/2     Running   0          24m
domainmapping-webhook-566bbc794d-j2kdx   2/2     Running   0          19d
net-istio-controller-669b5f49b8-h44h8    1/1     Running   0          7m27s
net-istio-webhook-c5bf7d6f9-dmnpw        2/2     Running   0          19d
webhook-6d8cffbb48-7krkh                 2/2     Running   0          24m

Check the current installed Knative Serving version:
% kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "app.kubernetes.io/version"}}'
1.13.1%

% k get deploy -n istio-system -o yaml istiod | sed -n -e '/nodeSelector:/,/restartPolicy/{/restartPolicy:/!p;}' -e '/resources:/,/securityContext:/{/securityContext:/!p;}'
        resources:
          requests:
            cpu: 500m
            memory: 2Gi
      nodeSelector:
        kubernetes.io/arch: arm64

% k get deploy -n istio-system -o yaml istio-ingressgateway | sed -n -e '/nodeSelector:/,/restartPolicy/{/restartPolicy:/!p;}' -e '/resources:/,/securityContext:/{/securityContext:/!p;}'
        resources:
          limits:
            cpu: "3"
            memory: 2Gi
          requests:
            cpu: "1"
            memory: 1Gi
      nodeSelector:
        kubernetes.io/arch: arm64


Decide the Istio Version

$ istioctl version
client version: 1.19.5
pilot version: 1.20.2
pilot version: 1.19.5
pilot version: 1.19.5
data plane version: 1.19.5 (11 proxies), 1.20.2 (3 proxies)
In the next step, we will upgrade Istio to version 1.20.2, from version 1.19.5. For more information, refer to Upgrade Notes of Istio (from v1.19 to v1.20).


References


Installing Knative Serving using YAML files

Category: container Tags: public

Upvote


Downvote