{"id":5296,"date":"2019-04-25T18:37:38","date_gmt":"2019-04-25T11:37:38","guid":{"rendered":"http:\/\/54.151.235.32\/?p=5296"},"modified":"2021-03-03T18:00:27","modified_gmt":"2021-03-03T11:00:27","slug":"knative-the-serverless-environment-for-kubernetes-fans","status":"publish","type":"post","link":"https:\/\/renovacloud.com\/en\/knative-the-serverless-environment-for-kubernetes-fans\/","title":{"rendered":"Knative: The Serverless Environment for Kubernetes Fans"},"content":{"rendered":"<div class=\"section post-header\"><\/div>\n<div class=\"section post-body\">\n<p><strong>Knative is the newest member of serverless environments that is gaining significant interest and generating a great deal of hype in the Kubernetes\/Cloud Native community. It\u2019s an open source framework that was designed to enable the development and deployment of container-based serverless applications that are easy to transport between cloud providers.<\/strong><\/p>\n<p><strong>The GA version of Knative was released in July 2018, supported by Google, Pivotal, IBM, and SAP. It targets enterprises who are interested in deploying serverless functions on internal Kubernetes clusters. This avoids cloud vendor lock-in and specificity, which many perceive as the largest drawback of current serverless environments such as AWS Lambda, Azure Functions, or Google Cloud Functions.<\/strong><\/p>\n<h2><strong>Knative Components<\/strong><\/h2>\n<p>The\u00a0Knative framework\u00a0consists of the following components:<\/p>\n<ul>\n<li><strong>Building:<\/strong>\u00a0Extends Kubernetes and utilizes existing Kubernetes primitives to enable run on-cluster container builds from source code.<\/li>\n<li><strong>Eventing:<\/strong>\u00a0Responsible for creating communication between loosely-coupled event producers and event consumers to achieve event-based architecture.<\/li>\n<li><strong>Serving:<\/strong>\u00a0Builds on Kubernetes and Istio to support the deployment of serverless applications and functions. This enables rapid deployment of serverless containers, automatic scaling up and down to zero, routing and network programming for Istio components, and point-in-time snapshots of deployed code and configurations.<\/li>\n<\/ul>\n<p>The following diagram illustrates a Knative implementation in a container ecosystem:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.aquasec.com\/hs-fs\/hubfs\/Blog\/1_OK.jpg?width=900&amp;name=1_OK.jpg\" sizes=\"(max-width: 900px) 100vw, 900px\" srcset=\"https:\/\/blog.aquasec.com\/hs-fs\/hubfs\/Blog\/1_OK.jpg?width=450&amp;name=1_OK.jpg 450w, https:\/\/blog.aquasec.com\/hs-fs\/hubfs\/Blog\/1_OK.jpg?width=900&amp;name=1_OK.jpg 900w, https:\/\/blog.aquasec.com\/hs-fs\/hubfs\/Blog\/1_OK.jpg?width=1350&amp;name=1_OK.jpg 1350w, https:\/\/blog.aquasec.com\/hs-fs\/hubfs\/Blog\/1_OK.jpg?width=1800&amp;name=1_OK.jpg 1800w, https:\/\/blog.aquasec.com\/hs-fs\/hubfs\/Blog\/1_OK.jpg?width=2250&amp;name=1_OK.jpg 2250w, https:\/\/blog.aquasec.com\/hs-fs\/hubfs\/Blog\/1_OK.jpg?width=2700&amp;name=1_OK.jpg 2700w\" alt=\"1_OK\" width=\"900\" \/><\/p>\n<p><em>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (Source: knative.dev.doc)<\/em><\/p>\n<h2>Knative Benefits<\/h2>\n<p><strong>Serverless Experience in a Containerized Environment<\/strong>: Knative creates serverless environments using containers, providing you with the benefit of event-based architecture on-premises without the restrictions and limitations imposed by public cloud services. Knative automates the container build process, enables the autoscaling mechanism that scales up and down, providing capacity based on predefined thresholds and eventing mechanisms for predefined triggers. Under the hood, it uses Kubernetes to manage the container environment and Istio as a service mesh for routing requests and advanced load-balancing for scaling.<\/p>\n<p><strong>Flexibility and No Vendor Lock-in<\/strong>: Knative allows you to build applications on premises, in the cloud, or in a third-party data center. Since it is cloud-agnostic, you have more flexibility because you aren\u2019t locked into a particular cloud provider\u2019s proprietary serverless offerings and their idiosyncratic configurations. You can use different FaaS platforms and Operating Systems as well.<\/p>\n<h2>Knative at your Service<\/h2>\n<p>How do you get up and running with Knative? In theory, you can set up the Knative plug-in on your own without a managed service. One of the advantages of this approach is more freedom in your design and deployment. The downside is the need to manage the containerized infrastructure on your own. As a\u00a0DevClass blog\u00a0put it \u201c<em>Knative isn\u2019t aimed at end-users, but should serve as infrastructure for businesses to build end-user products on top of.<\/em>\u201d<\/p>\n<p>It should come as no surprise that more commercial managed Knative offerings are becoming available, such as Google Kubernetes Engine (GKE) and\u00a0Managed Knative on IBM Cloud Kubernetes Service. These offerings set up the Kubernetes clusters and the Istio service mesh, which are essential pieces of the Knative offering. This frees the users from the operational burden of adding the NoOps notion of a serverless environment.<\/p>\n<h2>Knative: Just another Kubernetes-Based Serverless Offering?<\/h2>\n<p>Knative isn\u2019t the first Kubernetes-based serverless attempt. The increased interest in public cloud serverless offerings (e.g., AWS Lambda, Azure and Google Functions) as well as the maturity and popularity of Kubernetes in containerized environments has led to a number of open source synergy attempts.<\/p>\n<p>Fission\u00a0is a framework for serverless functions on Kubernetes with the promise of \u201cno containers to build or Docker registries to manage\u201d. Its architecture is based on a \u201cFission\u201d Router, which is the centerpiece of the framework connecting events and webhooks to execute functions. Its development is led by Platform9.<\/p>\n<p>Kubeless\u00a0is a Kubernetes-native serverless framework that frees the users from worrying about the underlying infrastructure plumbing. It leverages Kubernetes resources to provide auto-scaling, API routing, monitoring, and troubleshooting. Kubeless uses a\u00a0Custom Resource Definition\u00a0to create functions such as custom Kubernetes resources with an in-cluster controller that watches them and launches runtimes on demand. The controller dynamically injects the functions\u2019 code into the runtimes and makes them available over HTTP or via a PubSub mechanism. The project is led by Bitnami.<\/p>\n<p>In comparison to Fission and Kubeless, Knative has a faster adoption rate and greater acceptance potential. This is not just because the timing of its release was better (due to serverless adoption), but also because of its usage of popular Open Source components (Kubernetes and Istio) that are already widely deployed in containerized environments.<\/p>\n<h2>In Terms of Security<\/h2>\n<p>To those already familiar with the concepts of<a href=\"https:\/\/renovacloud.com\/en\/market-guide-for-cloud-workload-protection-platforms\/\"> container security<\/a>, Knative introduces some new challenges. The automated Build process can bypass security controls that were implemented at the Registry level, since it creates a parallel deployment mechanism that should also be vetted.<\/p>\n<p>The Serving method can scale nodes up or down depending on the need, which again, could bypass existing deployment templates such as Kubernetes DaemonSets or Helm Charts. Consequently, if you\u2019re used to having all nodes running or monitoring security sidecar containers (such as the Aqua Enforcer), or even a service mesh sidecar such as Envoy, the \u201cserved\u201d nodes may not have them running. The new nodes might become invisible from a monitoring and security standpoint.<\/p>\n<p>To mitigate these risks, Aqua offers the MicroEnforcer, which is a security runtime component embedded in the application&#8217;s container image. \u00a0Aqua MicroEnforcer monitors and controls instantiated containers regardless of where they\u2019re running, thereby preventing specific unauthorized container activities from taking place. The MicroEnforcer travels with the container wherever it\u2019s deployed and protects image-to-container integrity. As the container is shipped, the MicroEnforcer protects it in the Knative deployment wherever it runs.<\/p>\n<h2>Conclusion<\/h2>\n<p><strong>Knative is a new framework with significant potential to disrupt the serverless market by offering an on-premises option to deploy event-based applications with automatic scaling. It&#8217;s too early in the game to predict if Knative will be a game changer in the serverless arena. Trends on GitHub do not indicate runaway growth, at least not yet. However, given its significant backing from the big boys, it will be interesting to monitor its progress and see if it delivers in the long run.\u00a0<\/strong><\/p>\n<p><em>(Source: aquasec.com)<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Knative is the newest member of serverless environments that is gaining significant interest and generating a great deal of hype in the Kubernetes\/Cloud Native community. It\u2019s an open source framework that was designed to enable the development and deployment of container-based serverless applications that are easy to transport between cloud providers. The GA version of [&#8230;]\n","protected":false},"author":2,"featured_media":5297,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-5296","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-and-analytics"],"_links":{"self":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts\/5296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/comments?post=5296"}],"version-history":[{"count":0,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts\/5296\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/media\/5297"}],"wp:attachment":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/media?parent=5296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/categories?post=5296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/tags?post=5296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}