Skip to content

Commit 767fa87

Browse files
authored
Merge pull request #79689 from rh-max/srvls-default-kourier-bootstrap-settings
2 parents 2373684 + 66b6568 commit 767fa87

File tree

4 files changed

+219
-1
lines changed

4 files changed

+219
-1
lines changed

knative-serving/config-applications/configuring-kourier.adoc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,6 @@ toc::[]
88

99
Kourier is a lightweight Kubernetes-native Ingress for Knative Serving. Kourier acts as a gateway for Knative, routing HTTP traffic to Knative services.
1010

11+
include::modules/accessing-the-current-envoy-bootstrap-configuration.adoc[leveloffset=+1]
1112
include::modules/customizing-kourier-bootstrap-for-kourier-getaways.adoc[leveloffset=+1]
13+
include::modules/enabling-administrator-interface-access.adoc[leveloffset=+1]
Lines changed: 140 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,140 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * config-applications/configuring-kourier.adoc
4+
:_content-type: PROCEDURE
5+
[id="accessing-the-current-envoy-bootstrap-configuration_{context}"]
6+
= Accessing the current Envoy bootstrap configuration
7+
8+
The Envoy proxy component in Kourier handles inbound and outbound HTTP traffic for the Knative services. By default, Kourier contains an Envoy bootstrap configuration in the `kourier-bootstrap` configuration map in the `knative-serving-ingress` namespace.
9+
10+
.Procedure
11+
12+
* To get the current Envoy bootstrap configuration, run the following command:
13+
+
14+
.Example command
15+
[source,terminal]
16+
----
17+
$ oc get cm kourier-bootstrap -n knative-serving-ingress -o yaml
18+
----
19+
+
20+
For example, with the default configuration, the example command produces the output that contains the following excerpts:
21+
+
22+
.Example output
23+
[source,terminal]
24+
----
25+
Name: kourier-bootstrap
26+
Namespace: knative-serving-ingress
27+
Labels: app.kubernetes.io/component=net-kourier
28+
app.kubernetes.io/name=knative-serving
29+
app.kubernetes.io/version=release-v1.10
30+
networking.knative.dev/ingress-provider=kourier
31+
serving.knative.openshift.io/ownerName=knative-serving
32+
serving.knative.openshift.io/ownerNamespace=knative-serving
33+
Annotations: manifestival: new
34+
----
35+
+
36+
.Example `Data` output
37+
[source,terminal]
38+
----
39+
dynamic_resources:
40+
ads_config:
41+
transport_api_version: V3
42+
api_type: GRPC
43+
rate_limit_settings: {}
44+
grpc_services:
45+
- envoy_grpc: {cluster_name: xds_cluster}
46+
cds_config:
47+
resource_api_version: V3
48+
ads: {}
49+
lds_config:
50+
resource_api_version: V3
51+
ads: {}
52+
node:
53+
cluster: kourier-knative
54+
id: 3scale-kourier-gateway
55+
static_resources:
56+
listeners:
57+
- name: stats_listener
58+
address:
59+
socket_address:
60+
address: 0.0.0.0
61+
port_value: 9000
62+
filter_chains:
63+
- filters:
64+
- name: envoy.filters.network.http_connection_manager
65+
typed_config:
66+
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
67+
stat_prefix: stats_server
68+
http_filters:
69+
- name: envoy.filters.http.router
70+
typed_config:
71+
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
72+
route_config:
73+
virtual_hosts:
74+
- name: admin_interface
75+
domains:
76+
- "*"
77+
routes:
78+
- match:
79+
safe_regex:
80+
regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?'
81+
headers:
82+
- name: ':method'
83+
string_match:
84+
exact: GET
85+
route:
86+
cluster: service_stats
87+
clusters:
88+
- name: service_stats
89+
connect_timeout: 0.250s
90+
type: static
91+
load_assignment:
92+
cluster_name: service_stats
93+
endpoints:
94+
lb_endpoints:
95+
endpoint:
96+
address:
97+
pipe:
98+
path: /tmp/envoy.admin
99+
- name: xds_cluster
100+
# This keepalive is recommended by envoy docs.
101+
# https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol
102+
typed_extension_protocol_options:
103+
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
104+
"@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
105+
explicit_http_config:
106+
http2_protocol_options:
107+
connection_keepalive:
108+
interval: 30s
109+
timeout: 5s
110+
connect_timeout: 1s
111+
load_assignment:
112+
cluster_name: xds_cluster
113+
endpoints:
114+
lb_endpoints:
115+
endpoint:
116+
address:
117+
socket_address:
118+
address: "net-kourier-controller.knative-serving-ingress.svc.cluster.local."
119+
port_value: 18000
120+
type: STRICT_DNS
121+
admin:
122+
access_log:
123+
- name: envoy.access_loggers.stdout
124+
typed_config:
125+
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
126+
address:
127+
pipe:
128+
path: /tmp/envoy.admin
129+
layered_runtime:
130+
layers:
131+
- name: static-layer
132+
static_layer:
133+
envoy.reloadable_features.override_request_timeout_by_gateway_timeout: false
134+
----
135+
+
136+
.Example `BinaryData` output
137+
[source,terminal]
138+
----
139+
Events: <none>
140+
----

modules/customizing-kourier-bootstrap-for-kourier-getaways.adoc

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,11 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * config-applications/configuring-kourier.adoc
14
:_content-type: PROCEDURE
25
[id="customizing-kourier-bootstrap-for-kourier-getaways_{context}"]
36
= Customizing kourier-bootstrap for Kourier getaways
47

5-
The Envoy proxy component in Kourier handles inbound and outbound HTTP traffic for the Knative services. By default, Kourier contains an Envoy bootstrap configuration in the `kourier-bootstrap` configuration map in the `knative-serving-ingress` namespace. You can change this configuration.
8+
The Envoy proxy component in Kourier handles inbound and outbound HTTP traffic for the Knative services. By default, Kourier contains an Envoy bootstrap configuration in the `kourier-bootstrap` configuration map in the `knative-serving-ingress` namespace. You can change this configuration map to a custom one.
69

710
.Prerequisites
811

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * config-applications/configuring-kourier.adoc
4+
:_content-type: PROCEDURE
5+
[id="enabling-administrator-interface-access_{context}"]
6+
= Enabling administrator interface access
7+
8+
You can change the envoy bootstrap configuration to enable access to the administrator interface.
9+
10+
[IMPORTANT]
11+
====
12+
This procedure assumes sufficient knowledge of Knative, as changing envoy bootstrap configuration might result in Knative failure. Red Hat does not support custom configurations that are not tested or shipped with the product.
13+
====
14+
15+
.Prerequisites
16+
17+
* You have installed the {ServerlessOperatorName} and Knative Serving.
18+
* You have cluster administrator permissions on {ocp-product-title}, or you have cluster or dedicated administrator permissions on {rosa-product-title} or {dedicated-product-title}.
19+
20+
.Procedure
21+
22+
. To enable administrator interface access, locate this configuration in your bootstrapping configuration map:
23+
+
24+
[source,terminal]
25+
----
26+
pipe:
27+
path: /tmp/envoy.admin
28+
----
29+
+
30+
Substitute it with the following configuration:
31+
+
32+
[source,terminal]
33+
----
34+
socket_address: <1>
35+
address: 127.0.0.1
36+
port_value: 9901
37+
----
38+
<1> This configuration enables access to the Envoy admin interface on the loopback address (127.0.0.1) and port 9901.
39+
+
40+
. Apply the `socket_address` configuration in the `service_stats` cluster configuration and in the `admin` configuration:
41+
.. The first is in the `service_stats` cluster configuration:
42+
+
43+
[source,terminal]
44+
----
45+
clusters:
46+
- name: service_stats
47+
connect_timeout: 0.250s
48+
type: static
49+
load_assignment:
50+
cluster_name: service_stats
51+
endpoints:
52+
lb_endpoints:
53+
endpoint:
54+
address:
55+
socket_address:
56+
address: 127.0.0.1
57+
port_value: 9901
58+
----
59+
+
60+
.. The second is in the `admin` configuration:
61+
+
62+
[source,terminal]
63+
----
64+
admin:
65+
access_log:
66+
- name: envoy.access_loggers.stdout
67+
typed_config:
68+
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
69+
address:
70+
socket_address:
71+
address: 127.0.0.1
72+
port_value: 9901
73+
----

0 commit comments

Comments
 (0)