mirror of https://github.com/knative/docs.git
invalid since v0.8.1 (#1947)
* invalid since v0.8.1 fix for https://github.com/knative/docs/issues/1859 * remove references to the invalid topic
This commit is contained in:
parent
85476b5bc1
commit
06881add07
|
@ -96,11 +96,6 @@ Learn more about Eventing development in the
|
|||
Knative Eventing currently requires Knative Serving installed with either Istio version >=1.0, or Gloo version >=0.18.16.
|
||||
[Follow the instructions to install on the platform of your choice](../install/README.md).
|
||||
|
||||
Many of the sources require making outbound connections to create the event
|
||||
subscription, and if you have any functions that make use of any external (to
|
||||
cluster) services, you must enable it also for them to work.
|
||||
[Follow the instructions to configure outbound network access](../serving/outbound-network-access.md).
|
||||
|
||||
## Architecture
|
||||
|
||||
The eventing infrastructure supports two forms of event delivery at the moment:
|
||||
|
|
|
@ -125,12 +125,11 @@ Now you're ready to deploy an app:
|
|||
## Configuring Knative Serving
|
||||
|
||||
After your Knative installation is running, you can set up a custom domain with
|
||||
a static IP address to be able to use Knative for publicly available services
|
||||
and set up an Istio IP range for outbound network access:
|
||||
a static IP address to be able to use Knative for publicly available services,
|
||||
and set up TLS certificates to use HTTPS:
|
||||
|
||||
- [Assign a static IP address](../serving/gke-assigning-static-ip-address.md)
|
||||
- [Configure a custom domain](../serving/using-a-custom-domain.md)
|
||||
- [Configure outbound network access](../serving/outbound-network-access.md)
|
||||
- [Configuring HTTPS with a custom certificate](../serving/using-an-ssl-cert.md)
|
||||
|
||||
## Checking the version of your Knative Serving installation
|
||||
|
|
|
@ -74,7 +74,6 @@ in the Knative Serving repository.
|
|||
|
||||
## Configuration and Networking
|
||||
|
||||
- [Configuring outbound network access](./outbound-network-access.md)
|
||||
- [Configuring cluster local routes](./cluster-local-route.md)
|
||||
- [Using a custom domain](./using-a-custom-domain.md)
|
||||
- [Assigning a static IP address for Knative on Google Kubernetes Engine](./gke-assigning-static-ip-address.md)
|
||||
|
|
|
@ -1,104 +0,0 @@
|
|||
---
|
||||
title: "Configuring outbound network access"
|
||||
#linkTitle: "OPTIONAL_ALTERNATE_NAV_TITLE"
|
||||
weight: 45
|
||||
type: "docs"
|
||||
---
|
||||
|
||||
This guides walks you through enabling outbound network access for a Knative
|
||||
app.
|
||||
|
||||
Knative blocks all outbound traffic by default. To enable outbound access (when
|
||||
you want to connect to the Cloud Storage API, for example), you need to change
|
||||
the scope of the proxy IP range by editing the `config-network` map.
|
||||
|
||||
## Determining the IP scope of your cluster
|
||||
|
||||
To set the correct scope, you need to determine the IP ranges of your cluster.
|
||||
The scope varies depending on your platform:
|
||||
|
||||
- For Google Kubernetes Engine (GKE) run the following command to determine the
|
||||
scope. Make sure to replace the variables or export these values first.
|
||||
|
||||
```shell
|
||||
gcloud container clusters describe ${CLUSTER_NAME} \
|
||||
--zone=${CLUSTER_ZONE} | grep -e clusterIpv4Cidr -e servicesIpv4Cidr
|
||||
```
|
||||
|
||||
- For IBM Cloud Private run the following command:
|
||||
|
||||
```shell
|
||||
cat cluster/config.yaml | grep service_cluster_ip_range
|
||||
```
|
||||
|
||||
- For IBM Cloud Kubernetes Service use
|
||||
`172.30.0.0/16,172.20.0.0/16,10.10.10.0/24`
|
||||
- For Azure Container Service (ACS) use `10.244.0.0/16,10.240.0.0/16`
|
||||
- For Pivotal Container Service (PKS) on GCP use `10.200.0.0/16,10.100.200.0/24`
|
||||
- For Minikube use `10.0.0.1/24`
|
||||
|
||||
## Setting the IP scope
|
||||
|
||||
The `istio.sidecar.includeOutboundIPRanges` parameter in the `config-network`
|
||||
map specifies the IP ranges that Istio sidecar intercepts. To allow outbound
|
||||
access, replace the default parameter value with the IP ranges of your cluster.
|
||||
|
||||
Run the following command to edit the `config-network` map:
|
||||
|
||||
```shell
|
||||
kubectl edit configmap config-network --namespace knative-serving
|
||||
```
|
||||
|
||||
Then, use an editor of your choice to change the
|
||||
`istio.sidecar.includeOutboundIPRanges` parameter value from `*` to the IP range
|
||||
you need. Separate multiple IP entries with a comma. For example:
|
||||
|
||||
```
|
||||
# Please edit the object below. Lines beginning with a '#' will be ignored,
|
||||
# and an empty file will abort the edit. If an error occurs while saving this file will be
|
||||
# reopened with the relevant failures.
|
||||
#
|
||||
apiVersion: v1
|
||||
data:
|
||||
istio.sidecar.includeOutboundIPRanges: '10.16.0.0/14,10.19.240.0/20'
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
...
|
||||
```
|
||||
|
||||
By default, the `istio.sidecar.includeOutboundIPRanges` parameter is set to `*`,
|
||||
which means that Istio intercepts all traffic within the cluster as well as all
|
||||
traffic that is going outside the cluster. Istio blocks all traffic that is
|
||||
going outside the cluster unless you create the necessary egress rules.
|
||||
|
||||
When you set the parameter to a valid set of IP address ranges, Istio will no
|
||||
longer intercept traffic that is going to the IP addresses outside the provided
|
||||
ranges, and you don't need to specify any egress rules.
|
||||
|
||||
If you omit the parameter or set it to `''`, Knative uses the value of the
|
||||
`global.proxy.includeIPRanges` parameter that is provided at Istio deployment
|
||||
time. In the default Knative Serving deployment, `global.proxy.includeIPRanges`
|
||||
value is set to `*`.
|
||||
|
||||
If an invalid value is passed, `''` is used instead.
|
||||
|
||||
If you are still having trouble making off-cluster calls, you can verify that
|
||||
the policy was applied to the pod running your service by checking the metadata
|
||||
on the pod. Verify that the `traffic.sidecar.istio.io/includeOutboundIPRanges`
|
||||
annotation matches the expected value from the config-map.
|
||||
|
||||
```shell
|
||||
$ kubectl get pod ${POD_NAME} --output yaml
|
||||
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
annotations:
|
||||
serving.knative.dev/configurationGeneration: "2"
|
||||
sidecar.istio.io/inject: "true"
|
||||
...
|
||||
traffic.sidecar.istio.io/includeOutboundIPRanges: 10.16.0.0/14,10.19.240.0/20
|
||||
...
|
||||
```
|
||||
|
||||
|
|
@ -16,8 +16,6 @@ like `AAPL`,`AMZN`, `GOOG`, `MSFT`, etc.
|
|||
and DNS configured.
|
||||
1. [Docker](https://docs.docker.com/get-started/#prepare-your-docker-environment)
|
||||
installed locally.
|
||||
1. [Outbound network access](../../outbound-network-access.md) enabled for this
|
||||
Service to make external API requests.
|
||||
1. `envsubst` installed locally. This is installed by the `gettext` package. If
|
||||
not installed it can be installed by a Linux package manager, or by
|
||||
[Homebrew](https://brew.sh/) on OS X.
|
||||
|
|
Loading…
Reference in New Issue