kdemo
Microservice demo showcasing Knative service request path access configuration and GCP service integration using Knative, Kubernetes-based platform to build, deploy, and manage modern serverless workloads
This service uses:
- KUser Service Knative User state management service backed by Cloud Firestore API
- Firestore persistence at global scale
- KLogo Service Knative service detecting company from logo images using Cloud Vision API
- Cloud Vision pretrained vision models with AutoML Vision
Demo
https://kdemo.demo.knative.tech/
Knative URL
To avoid the kind of chicken and an egg situation we are going to first define the URL that your application will have when you publish it on Knative. Knative uses convention to build serving URL by combining the deployment name (e.g. auth), namespace name (e.g. demo), and the pre-configured domain name (e.g. knative.tech). The resulting URL, assuming you already configured SSL, should look something like this:
https://auth.demo.knative.techGoogle OAuth Credentials
In your Google Cloud Platform (GCP) project console navigate to the Credentials section. You can use the search bar, just type Credentials and select the option with "API & Services". To create new OAuth credentials:
- Click “Create credentials” and select “OAuth client ID”
- Select "Web application"
- Add authorized redirect URL at the bottom using the fully qualified domain we defined above and appending the
callbackpath: https://auth.demo.knative.tech/auth/callback- Click create and copy both
client idandclient secret - CLICK
OKto save
For ease of use, export the copied client id as DEMO_OAUTH_CLIENT_ID and secret as DEMO_OAUTH_CLIENT_SECRET in your environment variables (e.g. ~/.bashrc or ~/.profile)
You will also have to verify the domain ownership. More on that here
Public/Private Services in Knative
In this demo we exposed publically only the front end (UI) service. The backend services are decorated with visibility: cluster-local label which allows other services in the same cluster to reach them using http://[service].[namepsace].svc.cluster.local url while preventing external access.
apiVersion: serving.knative.dev/v1alpha1
kind: Service
metadata:
name: kuser
labels:
serving.knative.dev/visibility: cluster-localGoogle Cloud Firestore
If you haven't used Firestore on GCP before, you will have to enable its APIs. You can find instructions on how to do it here but the basic steps are:
- Go to the Cloud Firestore Viewer
- Select
Cloud Firestore in Native modefrom service screen - Choose your DB location and click
Create Database
The persisted data in Firestore should look something like this
App Deployment
To deploy the kdemo are are going to:
Build the image
Quickest way to build your service image is through GCP Build. Just submit the build request from within the kdemo directory:
gcloud builds submit \
--project ${GCP_PROJECT} \
--tag gcr.io/${GCP_PROJECT}/kdemo:latestThe build service is pretty verbose in output but eventually you should see something like this
ID CREATE_TIME DURATION SOURCE IMAGES STATUS
6905dd3a... 2018-12-23T03:48... 1M43S gs://PROJECT_cloudbuild/source/15...tgz gcr.io/PROJECT/kdemo SUCCESSCopy the image URI from IMAGE column (e.g. gcr.io/PROJECT/kdemo).
Configure Knative
Before we can deploy that service to Knative, we just need to create Kubernetes secrets and update the deploy/server.yaml file
kubectl create secret generic kdemo \
--from-literal=OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID} \
--from-literal=OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}Now in the deploy/server.yaml file update the GCP_PROJECT_ID
- name: GCP_PROJECT_ID
value: "enter your project ID here"And the external URL of your which we defined at the beginning of this readme in [###knative-url] section.
- name: EXTERNAL_URL
value: "https://APP-NAME.NAMESPACE.YOUR.DOMAIN"Deploy Service
Once done updating service manifest (deploy/server.yaml) you are now ready to deploy it.
kubectl apply -f deployments/service.yamlThe response should be
service.serving.knative.dev "kdemo" configuredTo check if the service was deployed successfully you can check the status using kubectl get pods command. The response should look something like this (e.g. Ready 3/3 and Status Running).
NAME READY STATUS RESTARTS AGE
auth-00002-deployment-5645f48b4d-mb24j 3/3 Running 0 4hYou should be able to test the app now in browser using the URL you defined above.
Disclaimer
This is my personal project and it does not represent my employer. I take no responsibility for issues caused by this code. I do my best to ensure that everything works, but if something goes wrong, my apologies is all you will get.