knative
/
docs
mirror of https://github.com/knative/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cherrypick changes from release-0.6 to master (#1422) 

* cherry pick pr#1418

* Update README.md to remove dead link (#1397)

Removed a dead link on "Picking the Right Solution" which was going to a 404 page. Based off feedback from #1382 for which link to use.

* cherry pick pr#1356

* Fix typo (#1360)

* pr#1351
This commit is contained in:
RichieEscarez 2019-06-05 20:30:39 -07:00 committed by Knative Prow Robot
parent 15ba346974
commit 7216b39d93
5 changed files with 211 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/install/Knative-with-GKE.md
View File

@ -121,10 +121,9 @@ the recommended configuration for a cluster is:
> [Gloo](./Knative-with-Gloo.md)) will be used, then you can remove the
> `--addons` line below.
> Note: If you want to use [Auto TLS feature](../serving/using-auto-tls.md), you
> need to remove the `--addons` line below, and follow the
> [instructions](../serving/installing-istio.md) to install Istio with Secret
> Discovery Service.
> Note: If you want to use [Auto TLS feature](../serving/using-auto-tls.md), you need to remove
> the `--addons` line below, and follow the [instructions](installing-istio.md) to install Istio
> with Secret Discovery Service.
```bash
gcloud beta container clusters create $CLUSTER_NAME \

97
docs/install/Knative-with-Minikube.md
View File

@ -99,72 +99,71 @@ see [Performing a Custom Knative Installation](./Knative-custom-install.md).
of `knative-ingressgateway`. Then run the following to clean up leftover
resources:
```
kubectl delete svc knative-ingressgateway -n istio-system
kubectl delete deploy knative-ingressgateway -n istio-system
```
```shell
kubectl delete svc knative-ingressgateway -n istio-system
kubectl delete deploy knative-ingressgateway -n istio-system
```
If you have the Knative Eventing Sources component installed, you will also
need to delete the following resource before upgrading:
If you have the Knative Eventing Sources component installed, you will also
need to delete the following resource before upgrading:
```
kubectl delete statefulset/controller-manager -n knative-sources
```
```shell
kubectl delete statefulset/controller-manager -n knative-sources
```
While the deletion of this resource during the upgrade process will not
prevent modifications to Eventing Source resources, those changes will not be
completed until the upgrade process finishes.
While the deletion of this resource during the upgrade process will not
prevent modifications to Eventing Source resources, those changes will not be
completed until the upgrade process finishes.
1. To install Knative, first install the CRDs by running the `kubectl apply`
command once with the `-l knative.dev/crd-install=true` flag. This prevents
race conditions during the install, which cause intermittent errors:
```bash
kubectl apply --selector knative.dev/crd-install=true \
--filename https://github.com/knative/serving/releases/download/v0.6.0/serving.yaml \
--filename https://github.com/knative/build/releases/download/v0.5.0/build.yaml \
--filename https://github.com/knative/eventing/releases/download/v0.5.0/release.yaml \
--filename https://github.com/knative/eventing-sources/releases/download/v0.5.0/eventing-sources.yaml \
--filename https://github.com/knative/serving/releases/download/v0.6.0/monitoring.yaml \
--filename https://raw.githubusercontent.com/knative/serving/v0.6.0/third_party/config/build/clusterrole.yaml
```
```shell
kubectl apply --selector knative.dev/crd-install=true \
--filename https://github.com/knative/serving/releases/download/v0.6.0/serving.yaml \
--filename https://github.com/knative/build/releases/download/v0.5.0/build.yaml \
--filename https://github.com/knative/eventing/releases/download/v0.5.0/release.yaml \
--filename https://github.com/knative/eventing-sources/releases/download/v0.5.0/eventing-sources.yaml \
--filename https://github.com/knative/serving/releases/download/v0.6.0/monitoring.yaml \
--filename https://raw.githubusercontent.com/knative/serving/v0.6.0/third_party/config/build/clusterrole.yaml
```
1. To complete the install of Knative and its dependencies, run the
`kubectl apply` command again, this time without the `--selector` flag, to
complete the install of Knative and its dependencies:
```bash
kubectl apply --filename https://github.com/knative/serving/releases/download/v0.6.0/serving.yaml --selector networking.knative.dev/certificate-provider!=cert-manager \
--filename https://github.com/knative/build/releases/download/v0.5.0/build.yaml \
--filename https://github.com/knative/eventing/releases/download/v0.5.0/release.yaml \
--filename https://github.com/knative/eventing-sources/releases/download/v0.5.0/eventing-sources.yaml \
--filename https://github.com/knative/serving/releases/download/v0.6.0/monitoring.yaml \
--filename https://raw.githubusercontent.com/knative/serving/v0.6.0/third_party/config/build/clusterrole.yaml
```
```shell
kubectl apply --filename https://github.com/knative/serving/releases/download/v0.6.0/serving.yaml --selector networking.knative.dev/certificate-provider!=cert-manager \
--filename https://github.com/knative/build/releases/download/v0.5.0/build.yaml \
--filename https://github.com/knative/eventing/releases/download/v0.5.0/release.yaml \
--filename https://github.com/knative/eventing-sources/releases/download/v0.5.0/eventing-sources.yaml \
--filename https://github.com/knative/serving/releases/download/v0.6.0/monitoring.yaml \
--filename https://raw.githubusercontent.com/knative/serving/v0.6.0/third_party/config/build/clusterrole.yaml
```
> **Notes**:
>
> - By default, the Knative Serving component installation (`serving.yaml`)
> includes a controller for
> [enabling automatic TLS certificate provisioning](../serving/using-auto-tls.md).
> If you do intend on immediately enabling auto certificates in Knative,
> you can remove the
> `--selector networking.knative.dev/certificate-provider!=cert-manager`
> statement to install the controller. Otherwise, you can choose to install
> the auto certificates feature and controller at a later time.
>
> - For the v0.4.0 release and newer, the `clusterrole.yaml` file is required
> to enable the Build and Serving components to interact with each other.
> **Notes**:
> - By default, the Knative Serving component installation (`serving.yaml`) includes a controller
> for [enabling automatic TLS certificate provisioning](../serving/using-auto-tls.md). If you do
> intend on immediately enabling auto certificates in Knative, you can remove the
> `--selector networking.knative.dev/certificate-provider!=cert-manager` statement to install the
> controller.
> Otherwise, you can choose to install the auto certificates feature and controller at a later time.
>
> - For the v0.4.0 release and newer, the `clusterrole.yaml` file is
> required to enable the Build and Serving components to interact with each
> other.
1. Monitor the Knative components until all of the components show a `STATUS` of
`Running`:
```bash
kubectl get pods --namespace knative-serving
kubectl get pods --namespace knative-build
kubectl get pods --namespace knative-eventing
kubectl get pods --namespace knative-sources
kubectl get pods --namespace knative-monitoring
```
```shell
kubectl get pods --namespace knative-serving
kubectl get pods --namespace knative-build
kubectl get pods --namespace knative-eventing
kubectl get pods --namespace knative-sources
kubectl get pods --namespace knative-monitoring
```
## Deploying an app

2
docs/install/README.md
View File

@ -4,7 +4,7 @@ Follow this guide to install Knative components on a platform of your choice.
To get started with Knative, you need a Kubernetes cluster. If you aren't sure
which Kubernetes platform is right for you, see
[Picking the Right Solution](https://kubernetes.io/docs/setup/pick-right-solution/).
[Picking the Right Solution]( https://kubernetes.io/docs/setup/).
We provide information for installing Knative on
[Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/docs/),

2
docs/serving/setting-up-a-logging-plugin.md
View File

@ -32,7 +32,7 @@ collecting `stdout/stderr` logs from the containers:
with the desired output configuration. Knative provides a sample for sending
logs to Elasticsearch or Stackdriver. Developers can simply use
`100-fluentd-configmap.yaml` or override any with other configuration.
2. Replace the `image` field of `fluentd-ds` container of `flunetd-ds` DaemonSet
2. Replace the `image` field of `fluentd-ds` container of `fluentd-ds` DaemonSet
in
[200-fluentd.yaml](https://github.com/knative/serving/blob/master/config/monitoring/logging/elasticsearch/200-fluentd.yaml)
with the Fluentd image including the desired Fluentd output plugin. See

313
docs/serving/using-auto-tls.md
View File

@ -31,215 +31,218 @@ To enable Knative to automatically provision TLS certificates:
1. Determine if `networking-certmanager` is installed by running the following
command:
```shell
kubectl get deployment networking-certmanager -n knative-serving
```
```shell
kubectl get deployment networking-certmanager -n knative-serving
```
1. If `networking-certmanager` is not found, run the following commands to
install it:
1. If `networking-certmanager` is not found, run the following commands to install it:
```shell
# KNATIVE_VERSION needs to be 0.6.0 or above.
KNATIVE_VERSION=0.6.0
```shell
# KNATIVE_VERSION needs to be 0.6.0 or above.
KNATIVE_VERSION=0.6.0
kubectl apply --filename https://github.com/knative/serving/releases/download/v${KNATIVE_VERSION}/serving.yaml \
--selector networking.knative.dev/certificate-provider=cert-manager
```
kubectl apply --filename https://github.com/knative/serving/releases/download/v${KNATIVE_VERSION}/serving.yaml \
--selector networking.knative.dev/certificate-provider=cert-manager
```
1. Create and add the `ClusterIssuer` configuration file to your Knative cluster
to define who issues the TLS certificates, how requests are validated
(`DNS-01`), and which DNS provider validates those requests.
1. Create the `ClusterIssuer` file:
1. Create the `ClusterIssuer` file:
cert-manager reference:
Use the cert-manager reference to determine how to configure your `ClusterIssuer` file:
- See the generic
[`ClusterIssuer` example](https://docs.cert-manager.io/en/latest/tasks/issuers/setup-acme.html#creating-a-basic-acme-issuer)
- Also see the
[`DNS-01` example](https://docs.cert-manager.io/en/latest/tasks/acme/configuring-dns01/index.html)
- See the generic
[`ClusterIssuer` example](https://docs.cert-manager.io/en/latest/tasks/issuers/setup-acme.html#creating-a-basic-acme-issuer)
- Also see the [`DNS-01` example](https://docs.cert-manager.io/en/latest/tasks/acme/configuring-dns01/index.html)
Example Cloud DNS `ClusterIssuer` configuration file:
**Example**: Cloud DNS `ClusterIssuer` configuration file:
If you use the Let's Encrypt CA and Google Cloud DNS, you would create the
`letsencrypt-issuer` `ClusterIssuer` file, that includes your Let's
Encrypt account info, the required `DNS-01` challenge type, and Cloud DNS
provider info.
The following `letsencrypt-issuer` named `ClusterIssuer` file is configured
for the Let's Encrypt CA and Google Cloud DNS. Under `spec`, the Let's Encrypt
account info, required `DNS-01` challenge type, and Cloud DNS provider
info defined. For the complete Google Cloud DNS example, see
[Configuring HTTPS with cert-manager and Google Cloud DNS](./using-cert-manager-on-gcp.md).
See the
[complete Google Cloud DNS configuration](./using-cert-manager-on-gcp.md).
```shell
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
# This will register an issuer with LetsEncrypt. Replace
# with your admin email address.
email: myemail@gmail.com
privateKeySecretRef:
# Set privateKeySecretRef to any unused secret name.
name: letsencrypt-issuer
dns01:
providers:
- name: cloud-dns-provider
clouddns:
# Set this to your GCP project-id
project: $PROJECT_ID
# Set this to the secret that we publish our service account key
# in the previous step.
serviceAccountSecretRef:
name: cloud-dns-key
key: key.json
```
```shell
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
# This will register an issuer with LetsEncrypt. Replace
# with your admin email address.
email: myemail@gmail.com
privateKeySecretRef:
# Set privateKeySecretRef to any unused secret name.
name: letsencrypt-issuer
dns01:
providers:
- name: cloud-dns-provider
clouddns:
# Set this to your GCP project-id
project: $PROJECT_ID
# Set this to the secret that we publish our service account key
# in the previous step.
serviceAccountSecretRef:
name: cloud-dns-key
key: key.json
```
1. Add your `ClusterIssuer` configuration to your Knative cluster by running
the following commands, where `<filename>` is the name of the file that
you created:
1. Add the configuration file to Knative:
1. Add the configuration file to Knative:
```shell
kubectl apply -f <filename>.yaml
```
```shell
kubectl apply -f <filename>.yaml
```
1. Ensure that the file is created successfully:
```shell
kubectl get clusterissuer --namespace cert-manager letsencrypt-issuer --output yaml
```
```shell
kubectl get clusterissuer --namespace cert-manager letsencrypt-issuer --output yaml
```
Result: The `Status.Conditions` should include `Ready=True`.
Result: The `Status.Conditions` should include `Ready=True`.
1. Update your
[`config-certmanager` ConfigMap](https://github.com/knative/serving/blob/master/config/config-certmanager.yaml)
in the `knative-serving` namespace to define your new `ClusterIssuer`
configuration and your your DNS provider.
1. Run the following command to edit your `config-certmanager` ConfigMap:
1. Run the following command to edit your `config-certmanager` ConfigMap:
```shell
kubectl edit configmap config-certmanager --namespace knative-serving
```
```shell
kubectl edit configmap config-certmanager --namespace knative-serving
```
1. Add the `issuerRef` and `solverConfig` sections within the `data` section:
1. Add the `issuerRef` and `solverConfig` sections within the `data` section:
```shell
...
data:
...
issuerRef: |
kind: ClusterIssuer
name: letsencrypt-issuer
```shell
...
data:
...
issuerRef: |
kind: ClusterIssuer
name: letsencrypt-issuer
solverConfig: |
dns01:
provider: cloud-dns-provider
```
solverConfig: |
dns01:
provider: cloud-dns-provider
```
Example:
Example:
```shell
apiVersion: v1
kind: ConfigMap
metadata:
name: config-certmanager
namespace: knative-serving
labels:
networking.knative.dev/certificate-provider: cert-manager
data:
issuerRef: |
kind: ClusterIssuer
name: letsencrypt-issuer
solverConfig: |
dns01:
provider: cloud-dns-provider
```
```shell
apiVersion: v1
kind: ConfigMap
metadata:
name: config-certmanager
namespace: knative-serving
labels:
networking.knative.dev/certificate-provider: cert-manager
data:
issuerRef: |
kind: ClusterIssuer
name: letsencrypt-issuer
solverConfig: |
dns01:
provider: cloud-dns-provider
```
1. Ensure that the file was updated successfully:
1. Ensure that the file was updated successfully:
```shell
kubectl get configmap config-certmanager --namespace knative-serving --output yaml
```
```shell
kubectl get configmap config-certmanager --namespace knative-serving --output yaml
```
1. Update the
[`config-network` ConfigMap](https://github.com/knative/serving/blob/master/config/config-network.yaml)
in the `knative-serving` namespace to enable `autoTLS`and specify how HTTP
requests are handled:
1. Run the following command to edit your `config-network` ConfigMap:
1. Run the following command to edit your `config-network` ConfigMap:
```shell
kubectl edit configmap config-network --namespace knative-serving
```
```shell
kubectl edit configmap config-network --namespace knative-serving
```
1. Add the `autoTLS: Enabled` attribute under the `data` section:
1. Add the `autoTLS: Enabled` attribute under the `data` section:
```shell
...
data:
...
autoTLS: Enabled
...
```
```shell
...
data:
...
autoTLS: Enabled
...
```
Example:
Example:
```shell
apiVersion: v1
kind: ConfigMap
metadata:
name: config-network
namespace: knative-serving
data:
```shell
apiVersion: v1
kind: ConfigMap
metadata:
name: config-network
namespace: knative-serving
data:
...
autoTLS: Enabled
...
```
1. Configure how HTTP and HTTPS requests are handled in the
[`httpProtocol`](https://github.com/knative/serving/blob/master/config/config-network.yaml#L110)
attribute.
By default, Knative ingress is configured to serve HTTP traffic
(`httpProtocol: Enabled`). Now that your cluster is configured to use
TLS certificates and handle HTTPS traffic, you can specify whether or not
any HTTP traffic is allowed.
Supported `httpProtocol` values:
- `Enabled`: Serve HTTP traffic.
- `Disabled`: Rejects all HTTP traffic.
- `Redirected`: Responds to HTTP request with a `302` redirect to ask
the clients to use HTTPS.
```shell
...
autoTLS: Enabled
data:
...
```
autoTLS: Enabled
...
```
1. Configure how HTTP and HTTPS requests are handled in the
[`httpProtocol`](https://github.com/knative/serving/blob/master/config/config-network.yaml#L110)
attribute.
Example:
By default, Knative ingress is configured to serve HTTP traffic
(`httpProtocol: Enabled`). Now that your cluster is configured to use TLS
certificates and handle HTTPS traffic, you can specify whether or not any
HTTP traffic is allowed.
```shell
apiVersion: v1
kind: ConfigMap
metadata:
name: config-network
namespace: knative-serving
data:
...
autoTLS: Enabled
...
httpProtocol: Redirected
...
```
Supported `httpProtocol` values:
1. Ensure that the file was updated successfully:
- `Enabled`: Serve HTTP traffic.
- `Disabled`: Rejects all HTTP traffic.
- `Redirected`: Responds to HTTP request with a `302` redirect to ask the
clients to use HTTPS.
```shell
...
data:
...
autoTLS: Enabled
...
```
Example:
```shell
apiVersion: v1
kind: ConfigMap
metadata:
name: config-network
namespace: knative-serving
data:
...
autoTLS: Enabled
...
httpProtocol: Redirected
...
```
```shell
kubectl get configmap config-network --namespace knative-serving --output yaml
```
1. Ensure that the file was updated successfully: