当前位置：首页 > news >正文

Kubernetes与Serverless的融合实践：从Knative到OpenFaaS的全面指南

news 2026/4/28 2:01:53

Kubernetes与Serverless的融合实践：从Knative到OpenFaaS的全面指南

🔥 硬核开场

各位技术大佬们，今天咱们来聊聊Kubernetes与Serverless的融合。别跟我说你还在用传统的K8s部署方式，那都out了！Serverless的出现不是要取代Kubernetes，而是要让K8s变得更强大。今天susu就带你们从实战角度，深入探讨Kubernetes与Serverless的融合之道，从Knative到OpenFaaS，从KEDA到实际应用场景，全给你整明白！

📋 核心内容

1. Serverless与Kubernetes的关系

Serverless的核心优势：按需计费、自动扩缩容、无需管理基础设施
Kubernetes的核心优势：强大的容器编排、灵活的部署选项、丰富的生态系统
融合的价值：结合Serverless的便捷性和Kubernetes的可靠性，打造更高效的应用运行环境

2. Knative：Kubernetes原生的Serverless框架

2.1 Knative的核心组件

Serving：处理请求路由、自动扩缩容、版本管理
Eventing：事件驱动架构，支持多种事件源
Build：容器镜像构建和部署

2.2 安装Knative

# 安装Knative Serving kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.8.0/serving-crds.yaml kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.8.0/serving-core.yaml # 安装网络层（使用 Kourier） kubectl apply -f https://github.com/knative/net-kourier/releases/download/knative-v1.8.0/kourier.yaml # 配置默认域名 export INGRESS_HOST=$(kubectl get po -n kourier-system -l app=3scale-kourier -o jsonpath='{.items[0].status.hostIP}') export INGRESS_PORT=$(kubectl get svc -n kourier-system kourier -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') export DOMAIN="$INGRESS_HOST:$INGRESS_PORT" kubectl patch configmap/config-domain -n knative-serving --type merge -p '{"data":{"example.com":""}}' # 安装Knative Eventing kubectl apply -f https://github.com/knative/eventing/releases/download/knative-v1.8.0/eventing-crds.yaml kubectl apply -f https://github.com/knative/eventing/releases/download/knative-v1.8.0/eventing-core.yaml # 安装默认Channel和Broker kubectl apply -f https://github.com/knative/eventing/releases/download/knative-v1.8.0/in-memory-channel.yaml kubectl apply -f https://github.com/knative/eventing/releases/download/knative-v1.8.0/mt-channel-broker.yaml

2.3 部署Serverless应用

apiVersion: serving.knative.dev/v1 kind: Service metadata: name: hello-world namespace: default spec: template: spec: containers: - image: gcr.io/knative-samples/helloworld-go env: - name: TARGET value: "Knative"

# 部署应用 kubectl apply -f hello-world.yaml # 查看应用状态 kubectl get ksvc # 获取应用URL kubectl get ksvc hello-world -o jsonpath='{.status.url}' # 访问应用 curl $(kubectl get ksvc hello-world -o jsonpath='{.status.url}')

2.4 自动扩缩容配置

apiVersion: serving.knative.dev/v1 kind: Service metadata: name: auto-scale-app namespace: default spec: template: metadata: annotations: autoscaling.knative.dev/min-scale: "1" autoscaling.knative.dev/max-scale: "10" autoscaling.knative.dev/target: "10" spec: containers: - image: gcr.io/knative-samples/helloworld-go env: - name: TARGET value: "Auto-Scale"

3. OpenFaaS：函数即服务的开源实现

3.1 OpenFaaS的核心概念

函数：独立的代码单元，响应事件或HTTP请求
网关：处理函数调用和路由
监控：内置的Prometheus和Grafana集成

3.2 安装OpenFaaS

# 克隆OpenFaaS仓库 git clone https://github.com/openfaas/faas-netes cd faas-netes # 安装OpenFaaS kubectl apply -f namespaces.yml kubectl apply -f ./yaml # 安装ingress kubectl apply -f ./yaml/ingress.yml # 获取OpenFaaS网关URL export GATEWAY_URL=$(kubectl get svc -n openfaas gateway-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo $GATEWAY_URL # 登录OpenFaaS CLI faas-cli login --gateway $GATEWAY_URL

3.3 部署函数

# 初始化函数 faas-cli new --lang go hello-function # 构建函数 faas-cli build -f hello-function.yml # 部署函数 faas-cli deploy -f hello-function.yml --gateway $GATEWAY_URL # 调用函数 curl $GATEWAY_URL/function/hello-function

3.4 函数配置示例

version: 1.0 services: hello-function: lang: go handler: ./hello-function image: hello-function:latest environment: write_debug: true read_timeout: 5 write_timeout: 5 exec_timeout: 10 labels: com.openfaas.scale.min: "1" com.openfaas.scale.max: "10" com.openfaas.scale.target: "5"

4. KEDA：Kubernetes事件驱动自动扩缩容

4.1 KEDA的核心功能

事件驱动：基于事件源自动扩缩容
多种触发器：支持Kafka、RabbitMQ、Redis、AWS SQS等
细粒度控制：精确到Pod级别的扩缩容

4.2 安装KEDA

# 安装KEDA kubectl apply -f https://github.com/kedacore/keda/releases/download/v2.8.0/keda-2.8.0.yaml # 验证安装 kubectl get pods -n keda

4.3 配置事件驱动扩缩容

apiVersion: keda.sh/v1alpha1 kind: ScaledObject metadata: name: kafka-scaledobject namespace: default spec: scaleTargetRef: name: kafka-consumer minReplicaCount: 1 maxReplicaCount: 10 pollingInterval: 30 cooldownPeriod: 300 triggers: - type: kafka metadata: bootstrapServers: kafka:9092 consumerGroup: my-group topic: test-topic lagThreshold: "5"

5. 实际应用场景

5.1 Web应用后端

apiVersion: serving.knative.dev/v1 kind: Service metadata: name: backend-api namespace: default spec: template: spec: containers: - image: mycompany/backend-api:latest env: - name: DB_HOST valueFrom: secretKeyRef: name: db-secret key: host - name: DB_PASSWORD valueFrom: secretKeyRef: name: db-secret key: password metadata: annotations: autoscaling.knative.dev/min-scale: "2" autoscaling.knative.dev/max-scale: "20" autoscaling.knative.dev/target: "100"

5.2 数据处理

apiVersion: apps/v1 kind: Deployment metadata: name:>apiVersion: batch/v1 kind: CronJob metadata: name: scheduled-job namespace: default spec: schedule: "*/5 * * * *" jobTemplate: spec: template: spec: containers: - name: job image: mycompany/scheduled-job:latest restartPolicy: OnFailure

6. 监控与可观测性

6.1 Knative监控

# 安装Prometheus和Grafana helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update helm install prometheus prometheus-community/kube-prometheus-stack --namespace monitoring --create-namespace # 配置Knative监控 kubectl apply -f https://github.com/knative/serving/releases/download/knative-v1.8.0/monitoring-metrics-prometheus.yaml # 访问Grafana kubectl port-forward -n monitoring svc/prometheus-grafana 3000:80 # 访问 http://localhost:3000，用户名: admin，密码: prom-operator

6.2 OpenFaaS监控

# 访问OpenFaaS监控面板 kubectl port-forward -n openfaas svc/prometheus 9090:9090 kubectl port-forward -n openfaas svc/grafana 3000:3000 # 访问 http://localhost:3000，用户名: admin，密码: admin

7. 安全最佳实践

7.1 权限管理

apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: knative-serving-reader namespace: default rules: - apiGroups: ["serving.knative.dev"] resources: ["services"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: knative-serving-reader-binding namespace: default subjects: - kind: User name: developer apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: knative-serving-reader apiGroup: rbac.authorization.k8s.io

7.2 网络安全

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: knative-services namespace: default spec: podSelector: matchLabels: serving.knative.dev/service: "true" policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: app: frontend ports: - protocol: TCP port: 80 egress: - to: - podSelector: matchLabels: k8s-app: kube-dns ports: - protocol: UDP port: 53

8. 性能优化

8.1 冷启动优化

使用更小的镜像：减少镜像大小，加速启动
预加载应用：设置最小副本数，避免冷启动
使用初始化容器：提前加载依赖

apiVersion: serving.knative.dev/v1 kind: Service metadata: name: optimized-app namespace: default spec: template: metadata: annotations: autoscaling.knative.dev/min-scale: "1" autoscaling.knative.dev/wait-for-ready: "true" spec: containers: - image: mycompany/optimized-app:latest resources: requests: cpu: "100m" memory: "128Mi" limits: cpu: "500m" memory: "256Mi"

8.2 资源配置优化

apiVersion: serving.knative.dev/v1 kind: Service metadata: name: resource-optimized namespace: default spec: template: spec: containers: - image: mycompany/app:latest resources: requests: cpu: "50m" memory: "64Mi" limits: cpu: "200m" memory: "128Mi" metadata: annotations: autoscaling.knative.dev/target: "50" autoscaling.knative.dev/scale-down-delay: "10m"

🛠️ 最佳实践

选择合适的Serverless框架：
- Knative：适合需要完整Serverless功能的场景
- OpenFaaS：适合快速部署函数的场景
- KEDA：适合事件驱动的自动扩缩容场景
合理配置扩缩容策略：
- 根据应用负载设置合适的最小和最大副本数
- 配置合理的扩缩容目标和冷却时间
- 对于关键应用，设置最小副本数避免冷启动
优化镜像和依赖：
- 使用多阶段构建减小镜像大小
- 只包含必要的依赖
- 使用Alpine等轻量基础镜像
监控与告警：
- 部署Prometheus和Grafana监控应用状态
- 配置关键指标的告警
- 定期分析监控数据，优化性能
安全配置：
- 实施最小权限原则
- 配置网络策略，限制容器通信
- 使用Secret管理敏感信息
成本优化：
- 对于非关键应用，设置最小副本数为0
- 合理配置资源请求和限制
- 监控和分析资源使用情况