diff --git a/community/WORKING-GROUPS.md b/community/WORKING-GROUPS.md
index 6c9db6bb5..122e870e8 100644
--- a/community/WORKING-GROUPS.md
+++ b/community/WORKING-GROUPS.md
@@ -180,7 +180,7 @@ performance/scale/load testing infrastructure
| | Leads | Company | Profile |
| --------------------------------------------------------- | ------------- | ------- | ----------------------------------------- |
| 
| Jessie Zhu | Google | [jessiezcc](https://github.com/jessiezcc) |
-| 
| Adriano Cunha | Google | [adrcunha](https://github.com/adrcunha) |
+| | Adriano Cunha | Google | [adrcunha](https://github.com/adrcunha) |
---
diff --git a/serving/outbound-network-access.md b/serving/outbound-network-access.md
index a6864e927..f168884ca 100644
--- a/serving/outbound-network-access.md
+++ b/serving/outbound-network-access.md
@@ -25,8 +25,7 @@ The scope varies depending on your platform:
- For IBM Cloud Kubernetes Service use
`172.30.0.0/16,172.20.0.0/16,10.10.10.0/24`
- For Azure Container Service (ACS) use `10.244.0.0/16,10.240.0.0/16`
-- For Pivotal Container Service (PKS) on GCP use
- `10.200.0.0/16,10.100.200.0/24`
+- For Pivotal Container Service (PKS) on GCP use `10.200.0.0/16,10.100.200.0/24`
- For Minikube use `10.0.0.1/24`
## Setting the IP scope
diff --git a/serving/samples/autoscale-go/README.md b/serving/samples/autoscale-go/README.md
index 40b4c09c1..59f29590a 100644
--- a/serving/samples/autoscale-go/README.md
+++ b/serving/samples/autoscale-go/README.md
@@ -21,7 +21,6 @@ A demonstration of the autoscaling capabilities of a Knative Serving Revision.
## Deploy the Service
-
1. Deploy the [sample](./service.yaml) Knative Service:
```
diff --git a/serving/using-external-dns-on-gcp.md b/serving/using-external-dns-on-gcp.md
index a95c8071c..7c250bfa2 100644
--- a/serving/using-external-dns-on-gcp.md
+++ b/serving/using-external-dns-on-gcp.md
@@ -1,6 +1,6 @@
# Using ExternalDNS on Google Cloud Platform to automate DNS setup
-[ExternalDNS](https://github.com/kubernetes-incubator/external-dns) is a tool
+[ExternalDNS](https://github.com/kubernetes-incubator/external-dns) is a tool
that synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
This doc explains how to set up ExternalDNS within a Knative cluster using
@@ -10,6 +10,7 @@ publishing the Knative domain.
## Set up environtment variables
Run the following command to configure the environment variables
+
```shell
export PROJECT_NAME=
@@ -22,13 +23,14 @@ export CLUSTER_ZONE=
## Set up Kubernetes Engine cluster with CloudDNS read/write permissions
-There are two ways to set up a Kubernetes Engine cluster with CloudDNS
+There are two ways to set up a Kubernetes Engine cluster with CloudDNS
read/write permissions.
### Cluster with Cloud DNS scope
-You can create a GKE cluster with Cloud DNS scope by entering the following
+You can create a GKE cluster with Cloud DNS scope by entering the following
command:
+
```shell
gcloud container clusters create $CLUSTER_NAME \
--zone=$CLUSTER_ZONE \
@@ -39,11 +41,15 @@ gcloud container clusters create $CLUSTER_NAME \
--scopes=service-control,service-management,compute-rw,storage-ro,cloud-platform,logging-write,monitoring-write,pubsub,datastore,"https://www.googleapis.com/auth/ndev.clouddns.readwrite" \
--num-nodes=3
```
-Note that by using this way, any pod within the cluster will have permissions to read/write CloudDNS.
+
+Note that by using this way, any pod within the cluster will have permissions to
+read/write CloudDNS.
### Cluster with Cloud DNS Admin Service Account credential
-1. Create a GKE cluster without Cloud DNS scope by entering the following command:
+1. Create a GKE cluster without Cloud DNS scope by entering the following
+ command:
+
```shell
gcloud container clusters create $CLUSTER_NAME \
--zone=$CLUSTER_ZONE \
@@ -56,6 +62,7 @@ gcloud container clusters create $CLUSTER_NAME \
```
2. Create a new service account for Cloud DNS admin role.
+
```shell
# Name of the service account you want to create.
export CLOUD_DNS_SA=cloud-dns-admin
@@ -66,6 +73,7 @@ gcloud --project $PROJECT_NAME iam service-accounts \
```
3. Bind the role `dns.admin` to the newly created service account.
+
```shell
# Fully-qualified service account name also has project-id information.
export CLOUD_DNS_SA=$CLOUD_DNS_SA@$PROJECT_NAME.iam.gserviceaccount.com
@@ -76,38 +84,45 @@ gcloud projects add-iam-policy-binding $PROJECT_NAME \
```
4. Download the secret key file for your service account.
+
```shell
gcloud iam service-accounts keys create ~/key.json \
--iam-account=$CLOUD_DNS_SA
```
-5. Upload the service account credential to your cluster.
-This command uses the secret name `cloud-dns-key`, but you can
-choose a different name.
+5. Upload the service account credential to your cluster. This command uses the
+ secret name `cloud-dns-key`, but you can choose a different name.
+
```shell
kubectl create secret generic cloud-dns-key \
--from-file=key.json=$HOME/key.json
```
6. Delete the local secret
+
```shell
rm ~/key.json
```
-Now your cluster has the credential of your CloudDNS admin service account.
-And it can be used to access your Cloud DNS. You can enforce the access of the
-credentail secret within your cluster, so that only the pods that have the
+Now your cluster has the credential of your CloudDNS admin service account. And
+it can be used to access your Cloud DNS. You can enforce the access of the
+credentail secret within your cluster, so that only the pods that have the
permission to get the credential secret can access your Cloud DNS.
## Set up Knative
-1. Follow the [instruction](https://github.com/knative/docs/blob/master/install/README.md) to install Knative on your cluster.
+1. Follow the
+ [instruction](https://github.com/knative/docs/blob/master/install/README.md)
+ to install Knative on your cluster.
1. Configure Knative to use your custom domain.
+
```shell
kubectl edit cm config-domain --namespace knative-serving
```
-This command opens your default text editor and allows you to edit the config
+
+This command opens your default text editor and allows you to edit the config
map.
+
```
apiVersion: v1
data:
@@ -115,9 +130,11 @@ data:
kind: ConfigMap
[...]
```
-Edit the file to replace `example.com` with your custom domain (the
-value of `$CUSTOM_DOMAIN`) and save your changes. In this example, we use domain `external-dns-test.my-org.do`
-for all routes:
+
+Edit the file to replace `example.com` with your custom domain (the value of
+`$CUSTOM_DOMAIN`) and save your changes. In this example, we use domain
+`external-dns-test.my-org.do` for all routes:
+
```
apiVersion: v1
data:
@@ -128,19 +145,20 @@ kind: ConfigMap
## Set up ExternalDNS
-This guide uses Google Cloud Platform as an example to show how to set up
+This guide uses Google Cloud Platform as an example to show how to set up
ExternalDNS. You can find detailed instructions for other cloud providers in the
[ExternalDNS documentation](https://github.com/kubernetes-incubator/external-dns#deploying-to-a-cluster).
### Create a DNS zone for managing DNS records
-Skip this step if you already have a zone for managing the DNS records of your
+Skip this step if you already have a zone for managing the DNS records of your
custom domain.
A DNS zone which will contain the managed DNS records needs to be created.
Use the following command to create a DNS zone with
[Google Cloud DNS](https://cloud.google.com/dns/):
+
```shell
export DNS_ZONE_NAME=
@@ -148,27 +166,33 @@ gcloud dns managed-zones create $DNS_ZONE_NAME \
--dns-name $CUSTOM_DOMAIN \
--description "Automatically managed zone by kubernetes.io/external-dns"
```
+
Make a note of the nameservers that were assigned to your new zone.
+
```shell
gcloud dns record-sets list \
--zone $DNS_ZONE_NAME \
--name $CUSTOM_DOMAIN \
--type NS
```
-You should see output similar to the following assuming your custom domain is
+
+You should see output similar to the following assuming your custom domain is
`external-dns-test.my-org.do`:
+
```
NAME TYPE TTL DATA
external-dns-test.my-org.do. NS 21600 ns-cloud-e1.googledomains.com.,ns-cloud-e2.googledomains.com.,ns-cloud-e3.googledomains.com.,ns-cloud-e4.googledomains.com.
```
-In this case, the DNS nameservers are `ns-cloud-{e1-e4}.googledomains.com`.
+
+In this case, the DNS nameservers are `ns-cloud-{e1-e4}.googledomains.com`.
Yours could differ slightly, e.g. {a1-a4}, {b1-b4} etc.
-If this zone has the parent zone, you need to add NS records of this zone into
-the parent zone so that this zone can be found from the parent. Assuming the
-parent zone is `my-org-do` and the parent domain is `my-org.do`, and the
-parent zone is also hosted at Google Cloud DNS, you can follow these steps to
-add the NS records of this zone into the parent zone:
+If this zone has the parent zone, you need to add NS records of this zone into
+the parent zone so that this zone can be found from the parent. Assuming the
+parent zone is `my-org-do` and the parent domain is `my-org.do`, and the parent
+zone is also hosted at Google Cloud DNS, you can follow these steps to add the
+NS records of this zone into the parent zone:
+
```shell
gcloud dns record-sets transaction start --zone "my-org-do"
gcloud dns record-sets transaction add ns-cloud-e{1..4}.googledomains.com. \
@@ -180,7 +204,9 @@ gcloud dns record-sets transaction execute --zone "my-org-do"
Firstly, choose the manifest of ExternalDNS.
-Use below manifest if you set up your cluster with [CloudDNS scope](#cluster-with-cloud-dns-scope).
+Use below manifest if you set up your cluster with
+[CloudDNS scope](#cluster-with-cloud-dns-scope).
+
```yaml
apiVersion: v1
kind: ServiceAccount
@@ -192,18 +218,18 @@ kind: ClusterRole
metadata:
name: external-dns
rules:
-- apiGroups: [""]
- resources: ["services"]
- verbs: ["get","watch","list"]
-- apiGroups: [""]
- resources: ["pods"]
- verbs: ["get","watch","list"]
-- apiGroups: ["extensions"]
- resources: ["ingresses"]
- verbs: ["get","watch","list"]
-- apiGroups: [""]
- resources: ["nodes"]
- verbs: ["list"]
+ - apiGroups: [""]
+ resources: ["services"]
+ verbs: ["get", "watch", "list"]
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["get", "watch", "list"]
+ - apiGroups: ["extensions"]
+ resources: ["ingresses"]
+ verbs: ["get", "watch", "list"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
@@ -214,9 +240,9 @@ roleRef:
kind: ClusterRole
name: external-dns
subjects:
-- kind: ServiceAccount
- name: external-dns
- namespace: default
+ - kind: ServiceAccount
+ name: external-dns
+ namespace: default
---
apiVersion: extensions/v1beta1
kind: Deployment
@@ -232,19 +258,21 @@ spec:
spec:
serviceAccountName: external-dns
containers:
- - name: external-dns
- image: registry.opensource.zalan.do/teapot/external-dns:latest
- args:
- - --source=service
- - --domain-filter=$CUSTOM_DOMAIN # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
- - --provider=google
- - --google-project=$PROJECT_NAME # Use this to specify a project different from the one external-dns is running inside
- - --policy=sync # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- - --registry=txt
- - --txt-owner-id=my-identifier
+ - name: external-dns
+ image: registry.opensource.zalan.do/teapot/external-dns:latest
+ args:
+ - --source=service
+ - --domain-filter=$CUSTOM_DOMAIN # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
+ - --provider=google
+ - --google-project=$PROJECT_NAME # Use this to specify a project different from the one external-dns is running inside
+ - --policy=sync # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
+ - --registry=txt
+ - --txt-owner-id=my-identifier
```
-Or use below manifest if you set up your cluster with [CloudDNS service account credential](#cluster-with-cloud-dns-admin-service-account-credential).
+Or use below manifest if you set up your cluster with
+[CloudDNS service account credential](#cluster-with-cloud-dns-admin-service-account-credential).
+
```yaml
apiVersion: v1
kind: ServiceAccount
@@ -256,18 +284,18 @@ kind: ClusterRole
metadata:
name: external-dns
rules:
-- apiGroups: [""]
- resources: ["services"]
- verbs: ["get","watch","list"]
-- apiGroups: [""]
- resources: ["pods,secrets"]
- verbs: ["get","watch","list"]
-- apiGroups: ["extensions"]
- resources: ["ingresses"]
- verbs: ["get","watch","list"]
-- apiGroups: [""]
- resources: ["nodes"]
- verbs: ["list"]
+ - apiGroups: [""]
+ resources: ["services"]
+ verbs: ["get", "watch", "list"]
+ - apiGroups: [""]
+ resources: ["pods,secrets"]
+ verbs: ["get", "watch", "list"]
+ - apiGroups: ["extensions"]
+ resources: ["ingresses"]
+ verbs: ["get", "watch", "list"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
@@ -278,9 +306,9 @@ roleRef:
kind: ClusterRole
name: external-dns
subjects:
-- kind: ServiceAccount
- name: external-dns
- namespace: default
+ - kind: ServiceAccount
+ name: external-dns
+ namespace: default
---
apiVersion: extensions/v1beta1
kind: Deployment
@@ -295,31 +323,32 @@ spec:
app: external-dns
spec:
volumes:
- - name: google-cloud-key
- secret:
- secretName: cloud-dns-key
+ - name: google-cloud-key
+ secret:
+ secretName: cloud-dns-key
serviceAccountName: external-dns
containers:
- - name: external-dns
- image: registry.opensource.zalan.do/teapot/external-dns:latest
- volumeMounts:
- - name: google-cloud-key
- mountPath: /var/secrets/google
- env:
- - name: GOOGLE_APPLICATION_CREDENTIALS
- value: /var/secrets/google/key.json
- args:
- - --source=service
- - --domain-filter=$CUSTOM_DOMAIN # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
- - --provider=google
- - --google-project=$PROJECT_NAME # Use this to specify a project different from the one external-dns is running inside
- - --policy=sync # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- - --registry=txt
- - --txt-owner-id=my-identifier
+ - name: external-dns
+ image: registry.opensource.zalan.do/teapot/external-dns:latest
+ volumeMounts:
+ - name: google-cloud-key
+ mountPath: /var/secrets/google
+ env:
+ - name: GOOGLE_APPLICATION_CREDENTIALS
+ value: /var/secrets/google/key.json
+ args:
+ - --source=service
+ - --domain-filter=$CUSTOM_DOMAIN # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
+ - --provider=google
+ - --google-project=$PROJECT_NAME # Use this to specify a project different from the one external-dns is running inside
+ - --policy=sync # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
+ - --registry=txt
+ - --txt-owner-id=my-identifier
```
-Then use the following command to apply the manifest you chose to install
-ExternalDNS
+Then use the following command to apply the manifest you chose to install
+ExternalDNS
+
```shell
cat <
@@ -327,6 +356,7 @@ EOF
```
You should see ExternalDNS is installed by running:
+
```shell
kubectl get deployment external-dns
```
@@ -334,15 +364,18 @@ kubectl get deployment external-dns
### Configuring Knative Gateway service
In order to publish the Knative Gateway service, the annotation
-`external-dns.alpha.kubernetes.io/hostname: '*.$CUSTOM_DOMAIN`
-needs to be added into Knative gateway service:
+`external-dns.alpha.kubernetes.io/hostname: '*.$CUSTOM_DOMAIN` needs to be added
+into Knative gateway service:
+
```shell
kubectl edit svc knative-ingressgateway --namespace istio-system
```
-This command opens your default text editor and allows you to add the
-annotation to `knative-ingressgateway` service. After you've added your
-annotation, your file may look similar to this (assuming your custom domain is
+
+This command opens your default text editor and allows you to add the annotation
+to `knative-ingressgateway` service. After you've added your annotation, your
+file may look similar to this (assuming your custom domain is
`external-dns-test.my-org.do`):
+
```
apiVersion: v1
kind: Service
@@ -354,12 +387,13 @@ metadata:
### Verify ExternalDNS works
-After roughly two minutes, check that a corresponding DNS record for your
+After roughly two minutes, check that a corresponding DNS record for your
service was created.
```shell
gcloud dns record-sets list --zone $DNS_ZONE_NAME --name "*.$CUSTOM_DOMAIN."
```
+
You should see output similar to:
```
@@ -370,14 +404,18 @@ NAME TYPE TTL DATA
### Verify domain has been published
-You can check if the domain has been published to the Internet be entering the
+You can check if the domain has been published to the Internet be entering the
following command:
+
```shell
host test.external-dns-test.my-org.do
```
+
You should see the below result after the domain is published:
+
```
test.external-dns-test.my-org.do has address 35.231.248.30
```
-> Note: The process of publishing the domain to the Internet can take several
-minutes.
+
+> Note: The process of publishing the domain to the Internet can take several
+> minutes.