At the end of each training about k8s, we note that trainees see the power of k8s in terms of automation and scalability. But they also fear the complexity of the tool. This feeling is even stronger when trainees are developers and not system administrators. Could Knative be an answer to this frustration?

Targeted audience: k8s users, developers

By Jacques Roussel, Cloud Consultant @Objectif Libre


Knative is a serverless framework. It’s a tool that executes code, no matter which language is used. You don’t even have to worry about the server running the code, or how the network access should be setup. You just have to send a piece of code to execute to the platform, and that’s it. Furthermore, the platform will manage the auto-scaling for you.

Setup your environment


For our test environment, you need a VM with at least 8 vcpus and 16Go of memory running ubuntu 18.04. Be carreful to the CPU and RAM because the stack is quite big. On this VM we will deploy k8s, calico, helm, istio and knative.

K8s installation

In order to install k8s, you can create this script:


sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
sudo add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli
curl -s | sudo apt-key add -
echo "deb kubernetes-xenial main" |sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
sudo swapoff -a
sudo kubeadm init --pod-network-cidr=
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
USER_UID=$(id -u)
USER_GID=$(id -g)
sudo chown ${USER_UID}:${USER_GID} $HOME/.kube/config
MASTER_NAME=$(kubectl get no -o=jsonpath='{.items[0]}')
kubectl taint node ${MASTER_NAME}
kubectl apply -f
kubectl apply -f

And run it on the VM:

$ bash

At this point, you should have a fonctional k8s with one node. Check that the cluster is ready before continuing:

$ kubectl get no
k8s-master   Ready    master   15m   v1.14.1

Install helm

$ curl -LO
$ tar -xvzf helm-v2.13.1-linux-amd64.tar.gz
$ sudo mv linux-amd64/helm /usr/local/bin/

Next we create a file for the tiller service account:

# tiller.yml
apiVersion: v1
kind: ServiceAccount
  name: tiller
  namespace: kube-system
kind: ClusterRoleBinding
  name: tiller
  kind: ClusterRole
  name: cluster-admin
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

We deploy it:

$ kubectl apply -f tiller.yml
$ helm init --service-account tiller

Then we wait few minutes and we check if everything is OK:

$ helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}

Install istio

Istio is the mesh service used by knative. It needs to be install before knative.

$ curl -L | ISTIO_VERSION=1.1.5 sh -
$ cd istio-1.1.5/
$ helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system

Then we wait that all CRD are up. The following command should return 53:

$ kubectl get crds | grep '\|' | wc -l

Then we can finish the istio installation:

$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system

Before to continue, we need to wait and make sure that all istio components are running:

$ kubectl get pods -n istio-system
NAME                                      READY   STATUS      RESTARTS   AGE
istio-citadel-86b5b9fb58-425gf            1/1     Running     0          2m46s
istio-galley-5b98bd6859-qnx5z             1/1     Running     0          2m46s
istio-ingressgateway-65576f8745-hjghv     1/1     Running     0          2m46s
istio-init-crd-10-6t6zn                   0/1     Completed   0          6m31s
istio-init-crd-11-vdh4n                   0/1     Completed   0          6m31s
istio-pilot-78fff96ddf-wxsvm              2/2     Running     0          2m46s
istio-policy-5fb895b86d-b2m9p             2/2     Running     1          2m46s
istio-sidecar-injector-855966f687-pjzq6   1/1     Running     0          2m46s
istio-telemetry-75bc675d7d-4cd29          2/2     Running     2          2m46s
prometheus-d8d46c5b5-mfglm                1/1     Running     0          2m46s

Install knative

We are almost done. Let’s deploy Knative:

$ kubectl label namespace default istio-injection=enabled
$ kubectl apply --filename --filename --filename --filename --filename --filename
$ kubectl apply --filename --filename --filename --filename --filename --filename

We launch the command two time because of theses issues : 968 et 1036.

Then we wait and make sure that everything is running :

$ kubectl get pods --namespace knative-serving
$ kubectl get pods --namespace knative-build
$ kubectl get pods --namespace knative-eventing
$ kubectl get pods --namespace knative-sources
$ kubectl get pods --namespace knative-monitoring

Now we are ready to use Knative.


The idea here is to show how we can deploy automatically an app from a git repository. For this purpose, we need a registry. Here I use the official Docker hub.

Setup the build

If you need credentials to access to the registry, create a push-account.yml file:

# push-account.yml
apiVersion: v1
kind: Secret
  name: basic-user-pass
  username: BASE_64_REDACTED
  password: BASE_64_REDACTED
apiVersion: v1
kind: ServiceAccount
  name: build-bot
  - name: basic-user-pass

DO NOT FORGET that the username and password need to be base64 encoded.

Then we push our credentials in k8s and we add the template that we will use to deploy our app:

$ kubectl apply -f push-account.yml
$ kubectl apply --filename

The template must have a Dockerfile at the root of the repository.

Build and deploy an app

# deploy.yml
kind: Service
  name: app-from-source
  namespace: default
        kind: Build
          serviceAccountName: build-bot
              revision: master
            name: kaniko
              - name: IMAGE
          timeout: 10m
            imagePullPolicy: Always

DO NOT FORGET to replace the push url by your own otherwise the push will fail.

We specified two values:

  • tells to knative to always keep one instance running
  • “10” lowers the value of the ingress connections for the scaling (100 by default).

We can deploy our app:

$ kubectl apply -f deploy.yml

Our application is deploying:

$ kubectl get po
NAME                                                READY   STATUS      RESTARTS   AGE
app-from-source-bms72-pod-ea603c                    0/1     Completed   0          111s
app-from-source-qhpp5-deployment-6f5b85b68f-mppxt   3/3     Running     0          15s

To check if it’s ok:

$ INGRESSGATEWAY=istio-ingressgateway
$ IP_ADDRESS=$(kubectl get po --selector $INGRESSGATEWAY_LABEL=ingressgateway --namespace istio-system --output 'jsonpath={.items[0].status.hostIP}'):$(kubectl get svc $INGRESSGATEWAY --namespace istio-system --output 'jsonpath={.spec.ports[?(@.port==80)].nodePort}')
$ curl -H "Host:" http://${IP_ADDRESS}

To check if the auto-scaling is working we can run the following commands:

$ curl -LO
$ chmod +x hey_linux_v0.1.2
$ kubectl get po
app-from-source-bms72-pod-ea603c                    0/1     Completed   0          20m
app-from-source-qhpp5-deployment-6f5b85b68f-mppxt   3/3     Running     0          19m
$ ./hey_linux_v0.1.2 -z 30s -c 50 -host http://${IP_ADDRESS}
$ kubectl get po
NAME                                                READY   STATUS      RESTARTS   AGE
app-from-source-bms72-pod-ea603c                    0/1     Completed   0          20m
app-from-source-qhpp5-deployment-6f5b85b68f-7mk6f   3/3     Running     0          28s
app-from-source-qhpp5-deployment-6f5b85b68f-mppxt   3/3     Running     0          19m
app-from-source-qhpp5-deployment-6f5b85b68f-qhvgx   3/3     Running     0          30s
app-from-source-qhpp5-deployment-6f5b85b68f-rw9d6   3/3     Running     0          30s
app-from-source-qhpp5-deployment-6f5b85b68f-vpxdv   3/3     Running     0          28s


We deployed knative and used it with a demo application. We just deployed a python app that does nothing. But if we look closer at our git repository, there are only two files: our code and a Dockerfile. Howerver at the end we have an app deployed in a webserver that scale automatically without doing anything special. The goal is met.
So if you are a developper and you want to try a serverless approach, knative is a product to follow with attention.