mirror of https://github.com/knative/docs.git
3136 lines
412 KiB
XML
3136 lines
412 KiB
XML
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||
<channel>
|
||
<title>Knative – Knative Serving</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/</link>
|
||
<description>Recent content in Knative Serving on Knative</description>
|
||
<generator>Hugo -- gohugo.io</generator>
|
||
|
||
<atom:link href="https://knative.dev/v0.22-docs/serving/index.xml" rel="self" type="application/rss+xml" />
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Getting Started with App Deployment</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/getting-started-knative-app/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/getting-started-knative-app/</guid>
|
||
<description>
|
||
|
||
|
||
<p>This guide shows you how to deploy an app using Knative, then interact with it
|
||
using cURL requests.</p>
|
||
<h2 id="before-you-begin">Before you begin</h2>
|
||
<p>You need:</p>
|
||
<ul>
|
||
<li>A Kubernetes cluster with <a href="../../install/index.html">Knative Serving installed</a>.</li>
|
||
<li>An image of the app that you&rsquo;d like to deploy available on a container registry. The image of the sample app used in this guide is available on
|
||
Google Container Registry.</li>
|
||
</ul>
|
||
<h2 id="sample-application">Sample application</h2>
|
||
<p>This guide demonstrates the basic workflow for deploying the
|
||
<a href="../../serving/samples/hello-world/helloworld-go">Hello World sample app (Go)</a> from the
|
||
<a href="https://cloud.google.com/container-registry/docs/pushing-and-pulling">Google Container Registry</a>.
|
||
You can use these steps as a guide for deploying your container images from other
|
||
registries like <a href="https://docs.docker.com/docker-hub/repos/">Docker Hub</a>.</p>
|
||
<p>To deploy a local container image, you need to disable image tag resolution by running the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#8f5902;font-style:italic"># Set to dev.local/local-image when deploying local container images</span>
|
||
docker tag local-image dev.local/local-image
|
||
</code></pre></div><p><a href="../tag-resolution">Learn more about image tag resolution.</a></p>
|
||
<p>The Hello World sample app reads in an <code>env</code> variable, <code>TARGET</code>, then prints &ldquo;Hello World: ${TARGET}!&rdquo;. If <code>TARGET</code> isn&rsquo;t defined, it will print &ldquo;NOT SPECIFIED&rdquo;.</p>
|
||
<h2 id="creating-your-deployment-with-the-knative-cli">Creating your Deployment with the Knative CLI</h2>
|
||
<p>The easiest way to deploy a Knative Service is by using the Knative CLI <a href="https://github.com/knative/client">kn</a>.</p>
|
||
<p><strong>Prerequisite:</strong> Install the <code>kn</code> binary as described in <a href="../../install/install-kn">Installing the Knative CLI</a></p>
|
||
<p>It will create a corresponding resource description internally as when using a YAML file directly.
|
||
<code>kn</code> provides a command-line mechanism for managing Services.
|
||
It allows you to configure every aspect of a Service.
|
||
The only mandatory flag for creating a Service is <code>--image</code> with the container image reference as value.</p>
|
||
<p>To create a Service directly at the cluster, use:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Create a Knative service with the Knative CLI kn</span>
|
||
kn service create helloworld-go --image gcr.io/knative-samples/helloworld-go --env <span style="color:#000">TARGET</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Go Sample v1&#34;</span>
|
||
</code></pre></div><p>If you want to deploy the sample app, leave the <code>--image</code> config as-is. If you&rsquo;re
|
||
deploying an image of your app, update the name of the Service and the value of the <code>--image</code> flag accordingly.</p>
|
||
<p>Now that you have deployed the service, Knative will perform the following steps:</p>
|
||
<ul>
|
||
<li>Create a new immutable revision for this version of the app.</li>
|
||
<li>Perform network programming to create a route, ingress, service, and load
|
||
balancer for your app.</li>
|
||
<li>Automatically scale your pods up and down based on traffic, including to zero
|
||
active pods.</li>
|
||
</ul>
|
||
<h2 id="creating-your-deployment-with-yaml">Creating your Deployment with YAML</h2>
|
||
<p>Alternatively, to deploy an app using Knative, you can also create the configuration in a YAML file that defines a service. For more information about the Service object, see the
|
||
<a href="https://github.com/knative/serving/blob/main/docs/spec/overview.md#service">Resource Types documentation</a>.</p>
|
||
<p>This configuration file specifies metadata about the application, points to the
|
||
hosted image of the app for deployment, and allows the deployment to be
|
||
configured. For more information about what configuration options are available,
|
||
see the <a href="https://github.com/knative/serving/blob/main/docs/spec/spec.md">Serving spec documentation</a>.</p>
|
||
<p>To create the same application as in the previous <code>kn</code> example, create a new file named <code>service.yaml</code>, then copy and paste the following content into it:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Current version of Knative</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">helloworld-go</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># The name of the app</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">default</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># The namespace the app will use</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">containers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">image</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">gcr.io/knative-samples/helloworld-go</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Reference to the image of the app</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">env</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">TARGET</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># The environment variable printed out by the sample app</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;Go Sample v1&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>If you want to deploy the sample app, leave the config file as-is. If you&rsquo;re
|
||
deploying an image of your app, update the name of the Service (<code>.metadata.name</code>) and the reference to the container image (<code>.spec.containers[].image</code>) accordingly.</p>
|
||
<p>From the directory where the new <code>service.yaml</code> file was created, apply the
|
||
configuration:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">kubectl apply --filename service.yaml
|
||
</code></pre></div><p>Now that you have deployed the service, Knative will perform the following steps:</p>
|
||
<ul>
|
||
<li>Create a new immutable revision for this version of the app.</li>
|
||
<li>Perform network programming to create a route, ingress, service, and load
|
||
balancer for your app.</li>
|
||
<li>Automatically scale your pods up and down based on traffic, including to zero
|
||
active pods.</li>
|
||
</ul>
|
||
<h2 id="interacting-with-your-app">Interacting with your app</h2>
|
||
<p>To see if your app has been deployed successfully, you need the URL created by Knative.</p>
|
||
<ol>
|
||
<li>To find the URL for your service, use either <code>kn</code> or <code>kubectl</code></li>
|
||
</ol>
|
||
|
||
|
||
|
||
|
||
|
||
<ul class="nav nav-tabs" id="create" role="tablist">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="nav-item active">
|
||
<a class="nav-link active" id="create-0-tab" data-toggle="tab" href="#create-0" role="tab" aria-controls="create-0" aria-selected="true">kn</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="nav-item ">
|
||
<a class="nav-link " id="create-1-tab" data-toggle="tab" href="#create-1" role="tab" aria-controls="create-1" aria-selected="true">kubectl</a>
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
<div class="tab-content" >
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<div class="tab-pane fade show active" id="create-0" role="tabpanel" aria-labelledby="create-0-tab">
|
||
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kn service describe helloworld-go
|
||
</code></pre></div><p>This will return something like</p>
|
||
<pre><code>Name helloworld-go
|
||
Namespace default
|
||
Age 12m
|
||
URL http://helloworld-go.default.34.83.80.117.xip.io
|
||
|
||
Revisions:
|
||
100% @latest (helloworld-go-dyqsj-1) [1] (39s)
|
||
Image: gcr.io/knative-samples/helloworld-go (pinned to 946b7c)
|
||
|
||
Conditions:
|
||
OK TYPE AGE REASON
|
||
++ Ready 25s
|
||
++ ConfigurationsReady 26s
|
||
++ RoutesReady 25s
|
||
</code></pre>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<div class="tab-pane fade " id="create-1" role="tabpanel" aria-labelledby="create-1-tab">
|
||
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get ksvc helloworld-go
|
||
</code></pre></div><p>The command will return the following:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">NAME URL LATESTCREATED LATESTREADY READY REASON
|
||
helloworld-go http://helloworld-go.default.34.83.80.117.xip.io helloworld-go-96dtk helloworld-go-96dtk True
|
||
</code></pre></div>
|
||
|
||
</div>
|
||
|
||
</div>
|
||
|
||
<blockquote>
|
||
<p>Note: If your URL includes <code>example.com</code> then consult the setup instructions for
|
||
configuring DNS (e.g. with <code>xip.io</code>), or <a href="../../serving/using-a-custom-domain">using a Custom Domain</a>.</p>
|
||
</blockquote>
|
||
<p>If you changed the name from <code>helloworld-go</code> to something else when creating
|
||
the <code>.yaml</code> file, replace <code>helloworld-go</code> in the above commands with the name you entered.</p>
|
||
<ol>
|
||
<li>
|
||
<p>Now you can make a request to your app and see the results. Replace
|
||
the URL with the one returned by the command in the previous step.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># curl http://helloworld-go.default.34.83.80.117.xip.io</span>
|
||
Hello World: Go Sample v1!
|
||
</code></pre></div><p>If you deployed your app, you might want to customize this cURL request
|
||
to interact with your application.</p>
|
||
<p>It can take a few seconds for Knative to scale up your application and return
|
||
a response.</p>
|
||
<blockquote>
|
||
<p>Note: Add <code>-v</code> option to get more detail if the <code>curl</code> command failed.</p>
|
||
</blockquote>
|
||
</li>
|
||
</ol>
|
||
<p>You&rsquo;ve successfully deployed your first application using Knative!</p>
|
||
<h2 id="cleaning-up">Cleaning up</h2>
|
||
<p>To remove the sample app from your cluster, delete the service record:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kn service delete helloworld-go
|
||
</code></pre></div><p>Alternatively, you can also delete the service with <code>kubectl</code> via the definition file or by name.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Delete with the KService given in the yaml file:</span>
|
||
kubectl delete --filename service.yaml
|
||
|
||
<span style="color:#8f5902;font-style:italic"># Or just delete it by name:</span>
|
||
kubectl delete kservice helloworld-go
|
||
</code></pre></div>
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Knative Kubernetes Services</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/knative-kubernetes-services/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/knative-kubernetes-services/</guid>
|
||
<description>
|
||
|
||
|
||
<p>This guide describes the
|
||
<a href="https://kubernetes.io/docs/concepts/services-networking/service/">Kubernetes Services</a>
|
||
that are active when running Knative Serving.</p>
|
||
<h2 id="before-you-begin">Before You Begin</h2>
|
||
<ol>
|
||
<li>
|
||
<p>This guide assumes that you have installed Knative Serving. If you have not,
|
||
instructions on how to do this are located
|
||
<a href="https://knative.dev/docs/install/">here</a>.</p>
|
||
</li>
|
||
<li>
|
||
<p>Verify that you have the proper components in your cluster. To view the
|
||
services installed in your cluster, use the command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">$ kubectl get services -n knative-serving
|
||
</code></pre></div><p>This should return the following output:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span style="color:#ce5c00;font-weight:bold">(</span>S<span style="color:#ce5c00;font-weight:bold">)</span> AGE
|
||
activator-service ClusterIP 10.96.61.11 &lt;none&gt; 80/TCP,81/TCP,9090/TCP 1h
|
||
autoscaler ClusterIP 10.104.217.223 &lt;none&gt; 8080/TCP,9090/TCP 1h
|
||
controller ClusterIP 10.101.39.220 &lt;none&gt; 9090/TCP 1h
|
||
webhook ClusterIP 10.107.144.50 &lt;none&gt; 443/TCP 1h
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>To view the deployments in your cluster, use the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">$ kubectl get deployments -n knative-serving
|
||
</code></pre></div><p>This should return the following output:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
|
||
activator <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> 1h
|
||
autoscaler <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> 1h
|
||
controller <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> 1h
|
||
networking-certmanager <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> 1h
|
||
networking-istio <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> 1h
|
||
webhook <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> 1h
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<p>These services and deployments are installed by the <code>serving.yaml</code> file during
|
||
install. The next section describes their function.</p>
|
||
<h2 id="components">Components</h2>
|
||
<h3 id="service-activator">Service: activator</h3>
|
||
<p>The activator is responsible for receiving &amp; buffering requests for inactive
|
||
revisions and reporting metrics to the autoscaler. It also retries requests to a
|
||
revision after the autoscaler scales the revision based on the reported metrics.</p>
|
||
<h3 id="service-autoscaler">Service: autoscaler</h3>
|
||
<p>The autoscaler receives request metrics and adjusts the number of pods required
|
||
to handle the load of traffic.</p>
|
||
<h3 id="service-controller">Service: controller</h3>
|
||
<p>The controller service reconciles all the public Knative objects and autoscaling
|
||
CRDs. When a user applies a Knative service to the Kubernetes API, this creates
|
||
the configuration and route. It will convert the configuration into revisions
|
||
and the revisions into deployments and Knative Pod Autoscalers (KPAs).</p>
|
||
<h3 id="service-webhook">Service: webhook</h3>
|
||
<p>The webhook intercepts all Kubernetes API calls as well as all CRD insertions
|
||
and updates. It sets default values, rejects inconsitent and invalid objects,
|
||
and validates and mutates Kubernetes API calls.</p>
|
||
<h3 id="deployment-networking-certmanager">Deployment: networking-certmanager</h3>
|
||
<p>The certmanager reconciles cluster ingresses into cert manager objects.</p>
|
||
<h3 id="deployment-networking-istio">Deployment: networking-istio</h3>
|
||
<p>The networking-istio deployment reconciles a cluster&rsquo;s ingress into an
|
||
<a href="https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service/">Istio virtual service</a>.</p>
|
||
<h2 id="whats-next">What&rsquo;s Next</h2>
|
||
<ul>
|
||
<li>For a deeper look at the services and deployments involved in Knative Serving,
|
||
click
|
||
<a href="https://github.com/knative/specs/blob/main/specs/serving/overview.md">here</a>.</li>
|
||
<li>For a high-level analysis of Serving, look at the <a href="../">documentation here</a>.</li>
|
||
<li>Check out the Knative Serving code samples <a href="../samples/">here</a> for more
|
||
hands-on tutorials.</li>
|
||
</ul>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Deploying images from a private container registry</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/deploying/private-registry/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/deploying/private-registry/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Learn how to configure your Knative cluster to deploy images from a private
|
||
container registry.</p>
|
||
<p>To share access to your private container images across multiple services and
|
||
revisions, you create a list of Kubernetes secrets
|
||
(<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#pod-v1-core"><code>imagePullSecrets</code></a>)
|
||
using your registry credentials, add that <code>imagePullSecrets</code> to your default
|
||
<a href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/">service account</a>,
|
||
and then deploy those configurations to your Knative cluster.</p>
|
||
<h2 id="before-you-begin">Before you begin</h2>
|
||
<p>You need:</p>
|
||
<ul>
|
||
<li>A Kubernetes cluster with <a href="../../../install/index.html">Knative Serving installed</a>.</li>
|
||
<li>The credentials to the private container registry where your container images are stored.</li>
|
||
</ul>
|
||
<h2 id="configuring-your-credentials-in-knative">Configuring your credentials in Knative</h2>
|
||
<ol>
|
||
<li>
|
||
<p>Create a <code>imagePullSecrets</code> that contains your credentials as a list of secrets:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl create secret docker-registry <span style="color:#ce5c00;font-weight:bold">[</span>REGISTRY-CRED-SECRETS<span style="color:#ce5c00;font-weight:bold">]</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --docker-server<span style="color:#ce5c00;font-weight:bold">=[</span>PRIVATE_REGISTRY_SERVER_URL<span style="color:#ce5c00;font-weight:bold">]</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --docker-email<span style="color:#ce5c00;font-weight:bold">=[</span>PRIVATE_REGISTRY_EMAIL<span style="color:#ce5c00;font-weight:bold">]</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --docker-username<span style="color:#ce5c00;font-weight:bold">=[</span>PRIVATE_REGISTRY_USER<span style="color:#ce5c00;font-weight:bold">]</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --docker-password<span style="color:#ce5c00;font-weight:bold">=[</span>PRIVATE_REGISTRY_PASSWORD<span style="color:#ce5c00;font-weight:bold">]</span>
|
||
</code></pre></div><p>Where</p>
|
||
<ul>
|
||
<li>
|
||
<p><code>[REGISTRY-CRED-SECRETS]</code> is the name that you want for your secrets
|
||
(<code>imagePullSecrets</code> object). For example, <code>container-registry</code>.</p>
|
||
</li>
|
||
<li>
|
||
<p><code>[PRIVATE_REGISTRY_SERVER_URL]</code> is the URL to the private
|
||
registry where your container images are stored.</p>
|
||
<p>Examples:</p>
|
||
<ul>
|
||
<li>Google Container Registry: <a href="https://gcr.io/">https://gcr.io/</a></li>
|
||
<li>DockerHub <a href="https://docker.io/">https://docker.io/</a></li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
<ul>
|
||
<li>
|
||
<p><code>[PRIVATE_REGISTRY_EMAIL]</code> is your email address that is associated with
|
||
the private registry.</p>
|
||
</li>
|
||
<li>
|
||
<p><code>[PRIVATE_REGISTRY_USER]</code> is the username that you use to access the
|
||
private container registry.</p>
|
||
</li>
|
||
<li>
|
||
<p><code>[PRIVATE_REGISTRY_PASSWORD]</code> is the password that you use to access
|
||
the private container registry.</p>
|
||
</li>
|
||
</ul>
|
||
<p>Example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl create secret <span style="color:#4e9a06">`</span>container-registry<span style="color:#4e9a06">`</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --docker-server<span style="color:#ce5c00;font-weight:bold">=</span>https://gcr.io/ <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --docker-email<span style="color:#ce5c00;font-weight:bold">=</span>my-account-email@address.com <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --docker-username<span style="color:#ce5c00;font-weight:bold">=</span>my-grc-username <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --docker-password<span style="color:#ce5c00;font-weight:bold">=</span>my-gcr-password
|
||
</code></pre></div><p>Tip: After creating the <code>imagePullSecrets</code>, you can view those secret&rsquo;s by running:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get secret <span style="color:#ce5c00;font-weight:bold">[</span>REGISTRY-CRED-SECRETS<span style="color:#ce5c00;font-weight:bold">]</span> --output<span style="color:#ce5c00;font-weight:bold">=</span>yaml
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Add the <code>imagePullSecrets</code> to your <code>default</code> service account in the
|
||
<code>default</code> namespace.</p>
|
||
<p>Note: By default, the <code>default</code> service account in each of the
|
||
<a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/">namespaces</a>
|
||
of your Knative cluster are use by your revisions unless
|
||
<a href="../../spec/knative-api-specification-1.0"><code>serviceAccountName</code></a> is specified.</p>
|
||
<p>Run the following command to modify your <code>default</code> service account, assuming
|
||
you named your secrets <code>container-registry</code>:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl patch serviceaccount default -p <span style="color:#4e9a06">&#34;{\&#34;imagePullSecrets\&#34;: [{\&#34;name\&#34;: \&#34;container-registry\&#34;}]}&#34;</span>
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<p>Now, all the new pods that are created in the <code>default</code> namespace will include
|
||
your credentials and have access to your container images in the private registry.</p>
|
||
<h2 id="whats-next">What&rsquo;s next</h2>
|
||
<p>You can now create a service that uses your container images from the private registry.
|
||
<a href="../../getting-started-knative-app">Learn how to create a Knative service</a>.</p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Knative Services</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/services/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/services/</guid>
|
||
<description>
|
||
|
||
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Accessing request traces</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/accessing-traces/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/accessing-traces/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Depending on the request tracing tool that you have installed on your Knative
|
||
Serving cluster, see the corresponding section for details about how to
|
||
visualize and trace your requests.</p>
|
||
<h2 id="configuring-traces">Configuring Traces</h2>
|
||
<p>You can update the configuration file for tracing in <a href="https://github.com/knative/serving/blob/main/config/core/configmaps/tracing.yaml">config-tracing.yaml</a>.</p>
|
||
<p>Follow the instructions in the file to set your configuration options. This file includes options such as sample rate (to determine what percentage of requests to trace), debug mode, and backend selection (zipkin or stackdriver).</p>
|
||
<p>You can quickly explore and update the ConfigMap object with the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl -n knative-serving edit configmap config-tracing
|
||
</code></pre></div><h2 id="zipkin">Zipkin</h2>
|
||
<p>In order to access request traces, you use the Zipkin visualization tool.</p>
|
||
<ol>
|
||
<li>
|
||
<p>To open the Zipkin UI, enter the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl proxy
|
||
</code></pre></div><p>This command starts a local proxy of Zipkin on port 8001. For security
|
||
reasons, the Zipkin UI is exposed only within the cluster.</p>
|
||
</li>
|
||
<li>
|
||
<p>Navigate to the
|
||
<a href="http://localhost:8001/api/v1/namespaces/istio-system/services/zipkin:9411/proxy/zipkin/">Zipkin UI</a>.</p>
|
||
</li>
|
||
<li>
|
||
<p>Click &ldquo;Find Traces&rdquo; to see the latest traces. You can search for a trace ID
|
||
or look at traces of a specific application. Click on a trace to see a
|
||
detailed view of a specific call.</p>
|
||
</li>
|
||
</ol>
|
||
<!--TODO: Consider adding a video here. -->
|
||
<h2 id="jaeger">Jaeger</h2>
|
||
<p>In order to access request traces, you use the Jaeger visualization tool.</p>
|
||
<ol>
|
||
<li>
|
||
<p>To open the Jaeger UI, enter the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl proxy
|
||
</code></pre></div><p>This command starts a local proxy of Jaeger on port 8001. For security
|
||
reasons, the Jaeger UI is exposed only within the cluster.</p>
|
||
</li>
|
||
<li>
|
||
<p>Navigate to the
|
||
<a href="http://localhost:8001/api/v1/namespaces/istio-system/services/jaeger-query:16686/proxy/search/">Jaeger UI</a>.</p>
|
||
</li>
|
||
<li>
|
||
<p>Select the service of interest and click &ldquo;Find Traces&rdquo; to see the latest
|
||
traces. Click on a trace to see a detailed view of a specific call.</p>
|
||
</li>
|
||
</ol>
|
||
<!--TODO: Consider adding a video here. -->
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Autoscaling</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/autoscaling/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/autoscaling/</guid>
|
||
<description>
|
||
|
||
|
||
<p>One of the main features of Knative is automatic scaling of replicas for an application to closely match incoming demand, including scaling applications to zero if no traffic is being received.
|
||
Knative Serving enables this by default, using the Knative Pod Autoscaler (KPA).
|
||
The Autoscaler component watches traffic flow to the application, and scales replicas up or down based on configured metrics.</p>
|
||
<p>Knative services default to using autoscaling settings that are suitable for the majority of use cases. However, some workloads may require a custom, more finely-tuned configuration.
|
||
This guide provides information about configuration options that you can modify to fit the requirements of your workload.</p>
|
||
<p>For more information about how autoscaling for Knative works, see the <a href="./autoscaling-concepts">Autoscaling concepts</a> documentation.</p>
|
||
<p>For more information about which metrics can be used to control the Autoscaler, see the <a href="./autoscaling-metrics">metrics</a> documentation.</p>
|
||
<h2 id="optional-autoscaling-configuration-tasks">Optional autoscaling configuration tasks</h2>
|
||
<ul>
|
||
<li>Configure your Knative deployment to use the Kubernetes Horizontal Pod Autoscaler (HPA)
|
||
instead of the default KPA.
|
||
For how to install HPA, see <a href="../../install/install-extensions#install-optional-serving-extensions">Install optional Eventing extensions</a>.</li>
|
||
<li>Disable scale to zero functionality for your cluster (<a href="./scale-to-zero">global configuration only</a>).</li>
|
||
<li>Configure the <a href="./autoscaling-metrics">type of metrics</a> your Autoscaler consumes.</li>
|
||
<li>Configure <a href="./concurrency">concurrency limits</a> for applications.</li>
|
||
<li>Try out the <a href="./autoscale-go/index.html">Go Autoscale Sample App</a>.</li>
|
||
</ul>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Creating a private cluster-local service</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/cluster-local-route/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/cluster-local-route/</guid>
|
||
<description>
|
||
|
||
|
||
<p>By default services deployed through Knative are published to an external IP
|
||
address, making them public services on a public IP address and with a
|
||
<a href="../using-a-custom-domain">public URL</a>.</p>
|
||
<p>While this is useful for services that need to be accessible from outside of the
|
||
cluster, frequently you may be building a backend service which should not be
|
||
available off-cluster.</p>
|
||
<p>Knative provides two ways to enable private services which are only available
|
||
inside the cluster:</p>
|
||
<ol>
|
||
<li>To make all services only cluster-local, change the default domain to
|
||
<code>svc.cluster.local</code> by
|
||
<a href="../using-a-custom-domain">editing the <code>config-domain</code> config map</a>. This
|
||
will change all services deployed through Knative to only be published to the
|
||
cluster, none will be available off-cluster.</li>
|
||
<li>To make an individual service cluster-local, the service or route can be
|
||
labeled in such a way to prevent it from getting published to the external
|
||
gateway.</li>
|
||
</ol>
|
||
<h2 id="label-a-service-to-be-cluster-local">Label a service to be cluster-local</h2>
|
||
<p>To configure a Knative service to only be available on the cluster-local network (and
|
||
not on the public Internet), you can apply the
|
||
<code>networking.knative.dev/visibility=cluster-local</code> label to the Knative service, route or
|
||
Kubernetes service object.</p>
|
||
<p>To label the Knative service:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl label kservice <span style="color:#4e9a06">${</span><span style="color:#000">KSVC_NAME</span><span style="color:#4e9a06">}</span> networking.knative.dev/visibility<span style="color:#ce5c00;font-weight:bold">=</span>cluster-local
|
||
</code></pre></div><p>To label a route when the route is used directly without a Knative service:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl label route <span style="color:#4e9a06">${</span><span style="color:#000">ROUTE_NAME</span><span style="color:#4e9a06">}</span> networking.knative.dev/visibility<span style="color:#ce5c00;font-weight:bold">=</span>cluster-local
|
||
</code></pre></div><p>To label a Kubernetes service:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl label service <span style="color:#4e9a06">${</span><span style="color:#000">SERVICE_NAME</span><span style="color:#4e9a06">}</span> networking.knative.dev/visibility<span style="color:#ce5c00;font-weight:bold">=</span>cluster-local
|
||
</code></pre></div><p>By labeling the Kubernetes service it allows you to restrict visibility in a more
|
||
fine-grained way. See <a href="../using-subroutes">subroutes</a> for information about
|
||
tagged routes.</p>
|
||
<p>For example, you can deploy the <a href="../samples/hello-world/helloworld-go/index.html">Hello World sample</a>
|
||
and then convert it to be an cluster-local service by labeling the service:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl label kservice helloworld-go networking.knative.dev/visibility<span style="color:#ce5c00;font-weight:bold">=</span>cluster-local
|
||
</code></pre></div><p>You can then verify that the change has been made by verifying the URL for the
|
||
helloworld-go service:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get kservice helloworld-go
|
||
|
||
NAME URL LATESTCREATED LATESTREADY READY REASON
|
||
helloworld-go http://helloworld-go.default.svc.cluster.local helloworld-go-2bz5l helloworld-go-2bz5l True
|
||
</code></pre></div><p>The service returns the a URL with the <code>svc.cluster.local</code> domain, indicating
|
||
the service is only available in the cluster local network.</p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Creating and using Subroutes</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/using-subroutes/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/using-subroutes/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Subroutes are most effective when used with multiple revisions. When defining a Knative service/route, the traffic section of the spec can split between the different revisions. For example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">traffic</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">foo</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">40</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">bar</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">60</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">baz</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>This allows anyone targeting the main route to have a 0% chance of hitting revision <code>foo</code>, 40% chance of hitting revision <code>bar</code> and 60% chance of hitting revision <code>baz</code>.</p>
|
||
<h2 id="using-tags-to-create-target-urls">Using tags to create target URLs</h2>
|
||
<p>The spec defines an attribute called <code>tag</code>. When a <code>tag</code> is applied to a route, an address for the specific traffic target is created.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">traffic</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">0</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">foo</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">tag</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">staging</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">40</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">bar</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">60</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">baz</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>In the above example, you can access the staging target by accessing <code>staging-&lt;route name&gt;.&lt;namespace&gt;.&lt;domain&gt;</code>. The targets for <code>bar</code> and <code>baz</code> can only be accessed using the main route, <code>&lt;route name&gt;.&lt;namespace&gt;.&lt;domain&gt;</code>.</p>
|
||
<p>When a traffic target gets tagged, a new Kubernetes service is created for it so that other services can also access it within the cluster. From the above example, a new Kubernetes service called <code>staging-&lt;route name&gt;</code> will be created in the same namespace. This service has the ability to override the visibility of this specific route by applying the label <code>networking.knative.dev/visibility</code> with value <code>cluster-local</code>. See <a href="../cluster-local-route#label-a-service-to-be-cluster-local">cluster local routes</a> for more information about how to restrict visibility on the specific route.</p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Gradually rolling out latest Revisions</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/rolling-out-latest-revision/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/rolling-out-latest-revision/</guid>
|
||
<description>
|
||
|
||
|
||
<p>If your traffic configuration points to a Configuration target, rather than revision target, it means that when a new Revision is created and ready 100% of that target&rsquo;s traffic will be immediately shifted to the new revision, which might not be ready to accept that scale with a single pod and with cold starts taking some time it is possible to end up in a situation where a lot of requests are backed up either at QP or Activator and after a while they might expire or QP might outright reject the requests.</p>
|
||
<p>To mitigate this problem Knative as of 0.20 release Knative provides users with a possibility to gradually shift the traffic to the latest revision.
|
||
This is governed by a single parameter which denotes <code>rollout-duration</code>.</p>
|
||
<p>The affected Configuration targets will be rolled out to 1% of traffic first and then in equal incremental steps for the rest of the assigned traffic. Note, that the rollout is purely time based and does not interact with the Autoscaling subsystem.</p>
|
||
<p>This feature is available to untagged and tagged traffic targets configured for both Kservices and Kservice-less Routes.</p>
|
||
<h2 id="configuring-gradual-rollout">Configuring gradual Rollout</h2>
|
||
<p>This value currently can be configured on the cluster level (starting v0.20) via a setting in the <code>config-network</code> ConfigMap or per Kservice or Route using an annotation (staring v.0.21).</p>
|
||
|
||
|
||
|
||
|
||
|
||
<ul class="nav nav-tabs" id="rollout-duration" role="tablist">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="nav-item active">
|
||
<a class="nav-link active" id="rollout-duration-0-tab" data-toggle="tab" href="#rollout-duration-0" role="tab" aria-controls="rollout-duration-0" aria-selected="true">Per-revision</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="nav-item ">
|
||
<a class="nav-link " id="rollout-duration-1-tab" data-toggle="tab" href="#rollout-duration-1" role="tab" aria-controls="rollout-duration-1" aria-selected="true">Global (ConfigMap)</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="nav-item ">
|
||
<a class="nav-link " id="rollout-duration-2-tab" data-toggle="tab" href="#rollout-duration-2" role="tab" aria-controls="rollout-duration-2" aria-selected="true">Global (Operator)</a>
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
<div class="tab-content" >
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<div class="tab-pane fade show active" id="rollout-duration-0" role="tabpanel" aria-labelledby="rollout-duration-0-tab">
|
||
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">helloworld-go</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">default</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">annotations</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">serving.knative.dev/rolloutDuration</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;380s&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<div class="tab-pane fade " id="rollout-duration-1" role="tabpanel" aria-labelledby="rollout-duration-1-tab">
|
||
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ConfigMap</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-network</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">knative-serving</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">data</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">rolloutDuration</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;380s&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Value in seconds.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<div class="tab-pane fade " id="rollout-duration-2" role="tabpanel" aria-labelledby="rollout-duration-2-tab">
|
||
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">operator.knative.dev/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">KnativeServing</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">knative-serving</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">config</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">network</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">rolloutDuration</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;380s&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div>
|
||
|
||
</div>
|
||
|
||
</div>
|
||
|
||
<h2 id="route-status-updates">Route Status updates</h2>
|
||
<p>During the rollout the system will update the Route and Kservice status. Both <code>traffic</code> and <code>conditions</code> status fields will be affected.</p>
|
||
<p>For example, a possible rollout of the following traffic configuration</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">traffic</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">55</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">configurationName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Pinned to latest ready Revision</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">45</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00005</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Pinned to a specific Revision.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>would be (if inspecting the route status):</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">traffic</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">54</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00008</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00009</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">45</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00005</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Pinned to a specific Revision.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>and then, presuming steps of 18%:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">traffic</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">36</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00008</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">19</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00009</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">45</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00005</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Pinned to a specific Revision.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>and so on until final state is achieved:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">traffic</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">55</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00009</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">percent</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">45</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">revisionName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-00005</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Pinned to a specific Revision.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>During the rollout the Route and (Kservice, if present) status conditions will be the following:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">status</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">conditions</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">lastTransitionTime</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;...&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">message</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">A gradual rollout of the latest revision(s) is in progress.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">reason</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">RolloutInProgress</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">status</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Unknown</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Ready</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="multiple-rollouts">Multiple Rollouts</h2>
|
||
<p>If a new revision is created while the rollout is in progress then the system would start shifting the traffic immediately to the newest revision and it will drain the incomplete rollouts from newest to the oldest.</p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Debugging issues with your application</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/debugging-application-issues/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/debugging-application-issues/</guid>
|
||
<description>
|
||
|
||
|
||
<p>You deployed your app to Knative Serving, but it isn&rsquo;t working as expected. Go
|
||
through this step-by-step guide to understand what failed.</p>
|
||
<h2 id="check-command-line-output">Check command-line output</h2>
|
||
<p>Check your deploy command output to see whether it succeeded or not. If your
|
||
deployment process was terminated, you should see an error message in the output
|
||
that describes the reason why the deployment failed.</p>
|
||
<p>This kind of failure is most likely due to either a misconfigured manifest or
|
||
wrong command. For example, the following output says that you must configure
|
||
route traffic percent to sum to 100:</p>
|
||
<pre><code>Error from server (InternalError): error when applying patch:
|
||
{&quot;metadata&quot;:{&quot;annotations&quot;:{&quot;kubectl.kubernetes.io/last-applied-configuration&quot;:&quot;{\&quot;apiVersion\&quot;:\&quot;serving.knative.dev/v1\&quot;,\&quot;kind\&quot;:\&quot;Route\&quot;,\&quot;metadata\&quot;:{\&quot;annotations\&quot;:{},\&quot;name\&quot;:\&quot;route-example\&quot;,\&quot;namespace\&quot;:\&quot;default\&quot;},\&quot;spec\&quot;:{\&quot;traffic\&quot;:[{\&quot;configurationName\&quot;:\&quot;configuration-example\&quot;,\&quot;percent\&quot;:50}]}}\n&quot;}},&quot;spec&quot;:{&quot;traffic&quot;:[{&quot;configurationName&quot;:&quot;configuration-example&quot;,&quot;percent&quot;:50}]}}
|
||
to:
|
||
&amp;{0xc421d98240 0xc421e77490 default route-example STDIN 0xc421db0488 264682 false}
|
||
for: &quot;STDIN&quot;: Internal error occurred: admission webhook &quot;webhook.knative.dev&quot; denied the request: mutation failed: The route must have traffic percent sum equal to 100.
|
||
ERROR: Non-zero return code '1' from command: Process exited with status 1
|
||
</code></pre><h2 id="check-route-status">Check Route status</h2>
|
||
<p>Run the following command to get the <code>status</code> of the <code>Route</code> object with which
|
||
you deployed your application:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get route &lt;route-name&gt; --output yaml
|
||
</code></pre></div><p>The <code>conditions</code> in <code>status</code> provide the reason if there is any failure. For
|
||
details, see Knative
|
||
<a href="../../docs/serving/spec/knative-api-specification-1.0#error-signalling">Error Conditions and Reporting</a>.</p>
|
||
<h3 id="check-ingressistio-routing">Check Ingress/Istio routing</h3>
|
||
<p>To list all Ingress resources and their corresponding labels, run the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get ingresses.networking.internal.knative.dev -o<span style="color:#ce5c00;font-weight:bold">=</span>custom-columns<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#39;NAME:.metadata.name,LABELS:.metadata.labels&#39;</span>
|
||
NAME LABELS
|
||
helloworld-go map<span style="color:#ce5c00;font-weight:bold">[</span>serving.knative.dev/route:helloworld-go serving.knative.dev/routeNamespace:default serving.knative.dev/service:helloworld-go<span style="color:#ce5c00;font-weight:bold">]</span>
|
||
</code></pre></div><p>The labels <code>serving.knative.dev/route</code> and <code>serving.knative.dev/routeNamespace</code>
|
||
indicate the Route in which the Ingress resource resides. Your Route and
|
||
Ingress should be listed. If your Ingress does not exist, the route
|
||
controller believes that the Revisions targeted by your Route/Service isn&rsquo;t
|
||
ready. Please proceed to later sections to diagnose Revision readiness status.</p>
|
||
<p>Otherwise, run the following command to look at the ClusterIngress created for
|
||
your Route</p>
|
||
<pre><code>kubectl get ingresses.networking.internal.knative.dev &lt;INGRESS_NAME&gt; --output yaml
|
||
</code></pre><p>particularly, look at the <code>status:</code> section. If the Ingress is working
|
||
correctly, we should see the condition with <code>type=Ready</code> to have <code>status=True</code>.
|
||
Otherwise, there will be error messages.</p>
|
||
<p>Now, if Ingress shows status <code>Ready</code>, there must be a corresponding
|
||
VirtualService. Run the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get virtualservice -l networking.internal.knative.dev/ingress<span style="color:#ce5c00;font-weight:bold">=</span>&lt;INGRESS_NAME&gt; -n &lt;INGRESS_NAMESPACE&gt; --output yaml
|
||
</code></pre></div><p>the network configuration in VirtualService must match that of Ingress
|
||
and Route. VirtualService currently doesn&rsquo;t expose a Status field, so if one
|
||
exists and have matching configurations with Ingress and Route, you may
|
||
want to wait a little bit for those settings to propagate.</p>
|
||
<p>If you are familar with Istio and <code>istioctl</code>, you may try using <code>istioctl</code> to
|
||
look deeper using Istio
|
||
<a href="https://istio.io/help/ops/traffic-management/proxy-cmd/">guide</a>.</p>
|
||
<h3 id="check-ingress-status">Check Ingress status</h3>
|
||
<p>Knative uses a LoadBalancer service called <code>istio-ingressgateway</code> Service.</p>
|
||
<p>To check the IP address of your Ingress, use</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get svc -n istio-system istio-ingressgateway
|
||
</code></pre></div><p>If there is no external IP address, use</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl describe svc istio-ingressgateway -n istio-system
|
||
</code></pre></div><p>to see a reason why IP addresses weren&rsquo;t provisioned. Most likely it is due to a
|
||
quota issue.</p>
|
||
<h2 id="check-revision-status">Check Revision status</h2>
|
||
<p>If you configure your <code>Route</code> with <code>Configuration</code>, run the following command to
|
||
get the name of the <code>Revision</code> created for you deployment (look up the
|
||
configuration name in the <code>Route</code> .yaml file):</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get configuration &lt;configuration-name&gt; --output <span style="color:#000">jsonpath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;{.status.latestCreatedRevisionName}&#34;</span>
|
||
</code></pre></div><p>If you configure your <code>Route</code> with <code>Revision</code> directly, look up the revision
|
||
name in the <code>Route</code> yaml file.</p>
|
||
<p>Then run the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get revision &lt;revision-name&gt; --output yaml
|
||
</code></pre></div><p>A ready <code>Revision</code> should have the following condition in <code>status</code>:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">conditions</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">reason</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ServiceReady</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">status</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;True&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Ready</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>If you see this condition, check the following to continue debugging:</p>
|
||
<ul>
|
||
<li><a href="#check-pod-status">Check Pod status</a></li>
|
||
<li><a href="#check-ingressistio-routing">Check Istio routing</a></li>
|
||
</ul>
|
||
<p>If you see other conditions, look up the meaning of the conditions in Knative
|
||
<a href="https://github.com/knative/serving/blob/main/docs/spec/errors.md">Error Conditions and Reporting</a>.
|
||
Note: some of them are not implemented yet. An alternative is to
|
||
<a href="#check-pod-status">check Pod status</a>.</p>
|
||
<h2 id="check-pod-status">Check Pod status</h2>
|
||
<p>To get the <code>Pod</code>s for all your deployments:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get pods
|
||
</code></pre></div><p>This command should list all <code>Pod</code>s with brief status. For example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">NAME READY STATUS RESTARTS AGE
|
||
configuration-example-00001-deployment-659747ff99-9bvr4 2/2 Running 0 3h
|
||
configuration-example-00002-deployment-5f475b7849-gxcht 1/2 CrashLoopBackOff 2 36s
|
||
</code></pre></div><p>Choose one and use the following command to see detailed information for its
|
||
<code>status</code>. Some useful fields are <code>conditions</code> and <code>containerStatuses</code>:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get pod &lt;pod-name&gt; --output yaml
|
||
|
||
</code></pre></div>
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Enabling requests to Knative services when additional authorization policies are enabled</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/istio-authorization/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/istio-authorization/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Knative Serving system pods, such as the activator and autoscaler components, require access to your deployed Knative services.
|
||
If you have configured additional security features, such as Istio&rsquo;s authorization policy, you must enable access to your Knative service for these system pods.</p>
|
||
<h2 id="before-you-begin">Before you begin</h2>
|
||
<p>You must meet the following prerequisites to use Istio AuthorizationPolicy:</p>
|
||
<ul>
|
||
<li>Istio must be used for your Knative Ingress.
|
||
See <a href="../../install/install-serving-with-yaml#install-a-networking-layer">Install a networking layer</a>.</li>
|
||
<li>Istio sidecar injection must be enabled.
|
||
See the <a href="https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/">Istio Documentation</a>.</li>
|
||
</ul>
|
||
<h2 id="mutual-tls-in-knative">Mutual TLS in Knative</h2>
|
||
<p>Because Knative requests are frequently routed through activator, some considerations need to be made when using mutual TLS.</p>
|
||
<p><img src="../images/architecture.png" alt="Knative request flow"></p>
|
||
<p>Generally, mutual TLS can be configured normally as <a href="https://istio.io/latest/docs/tasks/security/authentication/mtls-migration/">in Istio&rsquo;s documentation</a>. However, since the activator can be in the request path of Knative services, it must have sidecars injected. The simplest way to do this is to label the <code>knative-serving</code> namespace:</p>
|
||
<pre><code>kubectl label namespace knative-serving istio-injection=enabled
|
||
</code></pre><p>If the activator isn&rsquo;t injected:</p>
|
||
<ul>
|
||
<li>In PERMISSIVE mode, you&rsquo;ll see requests appear without the expected <code>X-Forwarded-Client-Cert</code> header when forwarded by the activator.</li>
|
||
</ul>
|
||
<pre><code>$ kubectl exec deployment/httpbin -c httpbin -it -- curl -s http://httpbin.knative.svc.cluster.local/headers
|
||
{
|
||
&quot;headers&quot;: {
|
||
&quot;Accept&quot;: &quot;*/*&quot;,
|
||
&quot;Accept-Encoding&quot;: &quot;gzip&quot;,
|
||
&quot;Forwarded&quot;: &quot;for=10.72.0.30;proto=http&quot;,
|
||
&quot;Host&quot;: &quot;httpbin.knative.svc.cluster.local&quot;,
|
||
&quot;K-Proxy-Request&quot;: &quot;activator&quot;,
|
||
&quot;User-Agent&quot;: &quot;curl/7.58.0&quot;,
|
||
&quot;X-B3-Parentspanid&quot;: &quot;b240bdb1c29ae638&quot;,
|
||
&quot;X-B3-Sampled&quot;: &quot;0&quot;,
|
||
&quot;X-B3-Spanid&quot;: &quot;416960c27be6d484&quot;,
|
||
&quot;X-B3-Traceid&quot;: &quot;750362ce9d878281b240bdb1c29ae638&quot;,
|
||
&quot;X-Envoy-Attempt-Count&quot;: &quot;1&quot;,
|
||
&quot;X-Envoy-Internal&quot;: &quot;true&quot;
|
||
}
|
||
}
|
||
</code></pre><ul>
|
||
<li>In STRICT mode, requests will simply be rejected.</li>
|
||
</ul>
|
||
<p>To understand when requests are forwarded through the activator, see <a href="https://knative.dev/docs/serving/autoscaling/target-burst-capacity/">documentation</a> on the <code>TargetBurstCapacity</code> setting.</p>
|
||
<p>This also means that many Istio AuthorizationPolicies won&rsquo;t work as expected. For example, if you set up a rule allowing requests from a particular source into a Knative service, you will see requests being rejected if they are forwarded by the activator.</p>
|
||
<p>For example, the following policy allows requests from within pods in the <code>serving-tests</code> namespace to other pods in the <code>serving-tests</code> namespace.</p>
|
||
<pre><code>apiVersion: security.istio.io/v1beta1
|
||
kind: AuthorizationPolicy
|
||
metadata:
|
||
name: allow-serving-tests
|
||
namespace: serving-tests
|
||
spec:
|
||
action: ALLOW
|
||
rules:
|
||
- from:
|
||
- source:
|
||
namespaces: [&quot;serving-tests&quot;]
|
||
</code></pre><p>Requests here will fail when forwarded by the activator, because the Istio proxy at the destination service will see the source namespace of the requests as <code>knative-serving</code>, which is the namespace of the activator.</p>
|
||
<p>Currently, the easiest way around this is to explicitly allow requests from the <code>knative-serving</code> namespace, for example by adding it to the list in the above policy:</p>
|
||
<pre><code>apiVersion: security.istio.io/v1beta1
|
||
kind: AuthorizationPolicy
|
||
metadata:
|
||
name: allow-serving-tests
|
||
namespace: serving-tests
|
||
spec:
|
||
action: ALLOW
|
||
rules:
|
||
- from:
|
||
- source:
|
||
namespaces: [&quot;serving-tests&quot;, &quot;knative-serving&quot;]
|
||
</code></pre><h2 id="health-checking-and-metrics-collection">Health checking and metrics collection</h2>
|
||
<p>In addition to allowing your application path, you&rsquo;ll need to configure Istio AuthorizationPolicy
|
||
to allow health checking and metrics collection to your applications from system pods.
|
||
You can allow access from system pods <a href="#allow-access-from-system-pods-by-paths">by paths</a>.</p>
|
||
<h2 id="allowing-access-from-system-pods-by-paths">Allowing access from system pods by paths</h2>
|
||
<p>Knative system pods access your application using the following paths:</p>
|
||
<ul>
|
||
<li><code>/metrics</code></li>
|
||
<li><code>/healthz</code></li>
|
||
</ul>
|
||
<p>The <code>/metrics</code> path allows the autoscaler pod to collect metrics.
|
||
The <code>/healthz</code> path allows system pods to probe the service.</p>
|
||
<p>You can add the <code>/metrics</code> and <code>/healthz</code> paths to the AuthorizationPolicy as shown in the example:</p>
|
||
<pre><code>$ cat &lt;&lt;EOF | kubectl apply -f -
|
||
apiVersion: security.istio.io/v1beta1
|
||
kind: AuthorizationPolicy
|
||
metadata:
|
||
name: allowlist-by-paths
|
||
namespace: serving-tests
|
||
spec:
|
||
action: ALLOW
|
||
rules:
|
||
- to:
|
||
- operation:
|
||
paths:
|
||
- /metrics # The path to collect metrics by system pod.
|
||
- /healthz # The path to probe by system pod.
|
||
EOF
|
||
</code></pre>
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Load balancing</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/load-balancing/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/load-balancing/</guid>
|
||
<description>
|
||
|
||
|
||
<p>You can turn on Knative load balancing, by placing the <em>Activator service</em> in the request path to act as a load balancer.</p>
|
||
<p><strong>NOTE:</strong> To do this, you must first ensure that individual pod addressability is enabled.</p>
|
||
<h2 id="activator-pod-selection">Activator pod selection</h2>
|
||
<p>Activator pods are scaled horizontally, so there may be multiple Activators in a deployment. In general, the system will perform best if the number of revision pods is larger than the number of Activator pods, and those numbers divide equally.</p>
|
||
<!--TODO(#2472): Add better documentation about what the activator is; explain the components of load balancing; maybe add a diagram-->
|
||
<p>Knative assigns a subset of Activators for each revision, depending on the revision size. More revision pods will mean a greater number of Activators for that revision.</p>
|
||
<p>The Activator load balancing algorithm works as follows:</p>
|
||
<ul>
|
||
<li>If concurrency is unlimited, the request is sent to the better of two random choices.</li>
|
||
<li>If concurrency is set to a value less or equal than 3, the Activator will send the request to the first pod that has capacity. Otherwise, requests will be balanced in a round robin fashion, with respect to container concurrency.</li>
|
||
</ul>
|
||
<p>For more information, see the documentation on <a href="../../serving/autoscaling/concurrency">concurrency</a>.</p>
|
||
<h2 id="configuring-target-burst-capacity">Configuring target burst capacity</h2>
|
||
<p>Target burst capacity is mainly responsible for determining whether the Activator is in the request path outside of scale-from-zero scenarios.</p>
|
||
<p>Target burst capacity can be configured using a combination of the following parameters:</p>
|
||
<ul>
|
||
<li>Setting the targeted concurrency limits for the revision. See <a href="../../serving/autoscaling/concurrency">concurrency</a>.</li>
|
||
<li>Setting the target utilization parameters. See <a href="../../serving/autoscaling/concurrency#target-utilization">target utilization</a>.</li>
|
||
<li>Setting the target burst capacity. You can configure target burst capacity using the <code>autoscaling.knative.dev/targetBurstCapacity</code> annotation key in the <code>config-autoscaler</code> ConfigMap. See <a href="./target-burst-capacity#setting-the-target-burst-capacity">Setting the target burst capacity</a>.</li>
|
||
</ul>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Assigning a static IP address for Knative on Kubernetes Engine</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/gke-assigning-static-ip-address/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/gke-assigning-static-ip-address/</guid>
|
||
<description>
|
||
|
||
|
||
<p>If you are running Knative on Google Kubernetes Engine and want to use a
|
||
<a href="../using-a-custom-domain">custom domain</a> with your apps, you need to
|
||
configure a static IP address to ensure that your custom domain mapping doesn&rsquo;t
|
||
break.</p>
|
||
<p>Knative configures an Istio Gateway CRD named <code>knative-ingress-gateway</code> under
|
||
the <code>knative-serving</code> namespace to serve all incoming traffic within the Knative
|
||
service mesh. The IP address to access the gateway is the external IP address of
|
||
the &ldquo;istio-ingressgateway&rdquo; service under the <code>istio-system</code> namespace.
|
||
Therefore, in order to set a static IP for the gateway you must to set the
|
||
external IP address of the <code>istio-ingressgateway</code> service to a static IP.</p>
|
||
<p>If you have configured a
|
||
<a href="../setting-up-custom-ingress-gateway">custom ingress gateway</a>, replace
|
||
<code>istio-ingressgateway</code> with the name of your gateway service in the steps below.</p>
|
||
<h2 id="step-1-reserve-a-static-ip-address">Step 1: Reserve a static IP address</h2>
|
||
<p>You can reserve a regional static IP address using the Google Cloud SDK or the
|
||
Google Cloud Platform console.</p>
|
||
<p>Using the Google Cloud SDK:</p>
|
||
<ol>
|
||
<li>
|
||
<p>Enter the following command, replacing IP_NAME and REGION with appropriate
|
||
values. For example, select the <code>us-west1</code> region if you deployed your
|
||
cluster to the <code>us-west1-c</code> zone:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud beta compute addresses create IP_NAME --region<span style="color:#ce5c00;font-weight:bold">=</span>REGION
|
||
</code></pre></div><p>For example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud beta compute addresses create knative-ip --region<span style="color:#ce5c00;font-weight:bold">=</span>us-west1
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Enter the following command to get the newly created static IP address:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud beta compute addresses list
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<p>In the
|
||
<a href="https://console.cloud.google.com/networking/addresses/add?_ga=2.97521754.-475089713.1523374982">GCP console</a>:</p>
|
||
<ol>
|
||
<li>
|
||
<p>Enter a name for your static address.</p>
|
||
</li>
|
||
<li>
|
||
<p>For <strong>IP version</strong>, choose IPv4.</p>
|
||
</li>
|
||
<li>
|
||
<p>For <strong>Type</strong>, choose <strong>Regional</strong>.</p>
|
||
</li>
|
||
<li>
|
||
<p>From the <strong>Region</strong> drop-down, choose the region where your Knative cluster
|
||
is running.</p>
|
||
<p>For example, select the <code>us-west1</code> region if you deployed your cluster to
|
||
the <code>us-west1-c</code> zone.</p>
|
||
</li>
|
||
<li>
|
||
<p>Leave the <strong>Attached To</strong> field set to <code>None</code> since we&rsquo;ll attach the IP
|
||
address through a config-map later.</p>
|
||
</li>
|
||
<li>
|
||
<p>Copy the <strong>External Address</strong> of the static IP you created.</p>
|
||
</li>
|
||
</ol>
|
||
<h2 id="step-2-update-the-external-ip-of-istio-ingressgateway-service">Step 2: Update the external IP of <code>istio-ingressgateway</code> service</h2>
|
||
<p>Run following command to configure the external IP of the <code>istio-ingressgateway</code>
|
||
service to the static IP that you reserved:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">INGRESSGATEWAY</span><span style="color:#ce5c00;font-weight:bold">=</span>istio-ingressgateway
|
||
kubectl patch svc <span style="color:#000">$INGRESSGATEWAY</span> --namespace istio-system --patch <span style="color:#4e9a06">&#39;{&#34;spec&#34;: { &#34;loadBalancerIP&#34;: &#34;&lt;your-reserved-static-ip&gt;&#34; }}&#39;</span>
|
||
</code></pre></div><h2 id="step-3-verify-the-static-ip-address-of-istio-ingressgateway-service">Step 3: Verify the static IP address of <code>istio-ingressgateway</code> service</h2>
|
||
<p>Run the following command to ensure that the external IP of the ingressgateway
|
||
service has been updated:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get svc <span style="color:#000">$INGRESSGATEWAY</span> --namespace istio-system
|
||
</code></pre></div><p>The output should show the assigned static IP address under the EXTERNAL-IP
|
||
column:</p>
|
||
<pre><code>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||
xxxxxxx-ingressgateway LoadBalancer 12.34.567.890 98.765.43.210 80:32380/TCP,443:32390/TCP,32400:32400/TCP 5m
|
||
</code></pre><blockquote>
|
||
<p>Note: Updating the external IP address can take several minutes.</p>
|
||
</blockquote>
|
||
<p>The <a href="https://console.cloud.google.com/networking/addresses/list">external IP address</a> should have a value now in the <code>In use by</code> column and should not be <code>None</code> anymore:</p>
|
||
<p><img src="../images/gke-assigning-static-ip-address.png" alt="External IP address assigned"></p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Configuring high-availability components</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/config-ha/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/config-ha/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Active/passive high availability (HA) is a standard feature of Kubernetes APIs that helps to ensure that APIs stay operational if a disruption occurs. In an HA deployment, if an active controller crashes or is deleted, another controller is available to take over processing of the APIs that were being serviced by the controller that is now unavailable.</p>
|
||
<p>When using a leader election HA pattern, instances of controllers are already scheduled and running inside the cluster before they are required. These controller instances compete to use a shared resource, known as the leader election lock. The instance of the controller that has access to the leader election lock resource at any given time is referred to as the leader.</p>
|
||
<p>Leader election is enabled by default for all Knative Serving components.
|
||
HA functionality is disabled by default for all Knative Serving components, which are configured with only one replica.</p>
|
||
<h2 id="disabling-leader-election">Disabling leader election</h2>
|
||
<p>For components leveraging leader election to achieve HA, this capability can be disabled by passing the flag: <code>--disable-ha</code>. This option will go away when HA graduates to &ldquo;stable&rdquo;.</p>
|
||
<h2 id="scaling-the-control-plane">Scaling the control plane</h2>
|
||
<p>With the exception of the <code>activator</code> component you can scale up any deployment running in <code>knative-serving</code> (or <code>kourier-system</code>) with a command like:</p>
|
||
<pre><code>$ kubectl -n knative-serving scale deployment &lt;deployment-name&gt; --replicas=2
|
||
</code></pre><ul>
|
||
<li>Setting <code>--replicas</code> to a value of <code>2</code> enables HA.</li>
|
||
<li>You can use a higher value if you have a use case that requires more replicas of a deployment. For example, if you require a minimum of 3 <code>controller</code> deployments, set <code>--replicas=3</code>.</li>
|
||
<li>Setting <code>--replicas=1</code> disables HA.</li>
|
||
</ul>
|
||
<p><strong>NOTE:</strong> If you scale down the <code>autoscaler</code> component, you may observe inaccurate autoscaling results for some revisions for a period of time up to the <code>stable-window</code> value. This is because when an <code>autoscaler</code> pod is terminating, ownership of the revisions belonging to that pod is passed to other <code>autoscaler</code> pods that are on stand by. The <code>autoscaler</code> pods that take over ownership of those revisions use the <code>stable-window</code> time to build the scaling metrics state for those revisions.</p>
|
||
<h2 id="scaling-the-data-plane">Scaling the data plane</h2>
|
||
<p>The scale of the <code>activator</code> component is governed by the Kubernetes HPA component. You can see the current HPA scale limits and the current scale by running:</p>
|
||
<pre><code>$ kubectl get hpa activator -n knative-serving
|
||
</code></pre><p>The possible output will be something like:</p>
|
||
<pre><code>NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
|
||
activator Deployment/activator 2%/100% 5 15 11 346d
|
||
</code></pre><p>By default <code>minReplicas</code> and <code>maxReplicas</code> are set to <code>1</code> and <code>20</code>, correspondingly. If those values are not desirable for some reason, then, for example, you can change those values to <code>minScale=9</code> and <code>maxScale=19</code> using the following command:</p>
|
||
<pre><code>$ kubectl patch hpa activator -n knative-serving -p '{&quot;spec&quot;:{&quot;minReplicas&quot;:9,&quot;maxReplicas&quot;:19}}'
|
||
</code></pre><p>To set the activator scale to a particular value, just set <code>minScale</code> and <code>maxScale</code> to the same desired value.</p>
|
||
<p>It is recommended for production deployments to run at least 3 <code>activator</code> instances for redundancy and avoiding single point of failure if a Knative service needs to be scaled from 0.</p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Feature/Extension Flags</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/feature-flags/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/feature-flags/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Knative is deliberate about the concepts it incorporates into its core API. The API aims to be portable and abstracts away the specificities of each users' implementation. That being said, the Knative API should empower users to surface extra features and extensions possible within their platform of choice.</p>
|
||
<p>This document introduces two concepts:</p>
|
||
<ul>
|
||
<li>Feature: a way to stage the introduction of features to the Knative API.</li>
|
||
<li>Extension: a way to extend Knative beyond the portable concepts of the Knative API.</li>
|
||
</ul>
|
||
<h2 id="control">Control</h2>
|
||
<p>Features and extensions are controlled by flags defined in the <code>config-features</code> ConfigMap in the <code>knative-serving</code> namespace.
|
||
Flags can have the following values:</p>
|
||
<ul>
|
||
<li>Enabled: the feature is enabled.</li>
|
||
<li>Allowed: the feature may be enabled (e.g. using an annotation or looser validation).</li>
|
||
<li>Disabled: the feature cannot be enabled.</li>
|
||
</ul>
|
||
<p>These three states don&rsquo;t make sense for all features.
|
||
Let&rsquo;s consider two types of features: <code>multi-container</code> and <code>kubernetes.podspec-dryrun</code>.</p>
|
||
<p><code>multi-container</code> allows the user to specify more than one container in the Knative Service spec. In this case, <code>Enabled</code> and <code>Allowed</code> are equivalent because using this feature requires to actually use it in the Knative Service spec. If a single container is specified, whether the feature is enabled or not doesn&rsquo;t change anything.</p>
|
||
<p><code>kubernetes.podspec-dryrun</code> changes the behavior of the Kubernetes implementation of the Knative API, but it has nothing to do with the Knative API itself. In this case, <code>Enabled</code> means the feature will be enabled unconditionally, <code>Allowed</code> means that the feature will be enabled only when specified with an annotation, and <code>Disabled</code> means that the feature cannot be used at all.</p>
|
||
<h2 id="lifecyle">Lifecyle</h2>
|
||
<p>Features and extensions go through 3 similar phases (Alpha, Beta, GA) but with important differences.</p>
|
||
<p>Alpha means:</p>
|
||
<ul>
|
||
<li>Might be buggy. Enabling the feature may expose bugs.</li>
|
||
<li>Support for feature may be dropped at any time without notice.</li>
|
||
<li>The API may change in incompatible ways in a later software release without notice.</li>
|
||
<li>Recommended for use only in short-lived testing clusters, due to increased risk of bugs and lack of long-term support.</li>
|
||
</ul>
|
||
<p>Beta means:</p>
|
||
<ul>
|
||
<li>The feature is well tested. Enabling the feature is considered safe.</li>
|
||
<li>Support for the overall feature will not be dropped, though details may change.</li>
|
||
<li>The schema and/or semantics of objects may change in incompatible ways in a subsequent beta or stable release. When this happens, we will provide instructions for migrating to the next version. This may require deleting, editing, or re-creating API objects. The editing process may require some thought. This may require downtime for applications that rely on the feature.</li>
|
||
<li>Recommended for only non-business-critical uses because of potential for incompatible changes in subsequent releases. If you have multiple clusters that can be upgraded independently, you may be able to relax this restriction.</li>
|
||
</ul>
|
||
<p>General Availability (GA) means:</p>
|
||
<ul>
|
||
<li>Stable versions of features/extensions will appear in released software for many subsequent versions.</li>
|
||
</ul>
|
||
<h1 id="feature">Feature</h1>
|
||
<p>Features use flags to safely introduce new changes to the Knative API. Eventually, each feature will graduate to become fully part of the Knative API, and the flag guard will be removed.</p>
|
||
<h2 id="alpha">Alpha</h2>
|
||
<ul>
|
||
<li>Disabled by default.</li>
|
||
</ul>
|
||
<h2 id="beta">Beta</h2>
|
||
<ul>
|
||
<li>Enabled by default.</li>
|
||
</ul>
|
||
<h2 id="ga">GA</h2>
|
||
<ul>
|
||
<li>The feature is always enabled; you cannot disable it.</li>
|
||
<li>The corresponding feature flag is no longer needed.</li>
|
||
</ul>
|
||
<h1 id="extension">Extension</h1>
|
||
<p>An extension may surface details of a specific Knative implementation or features of the underlying environment. It is never intended for inclusion in the core Knative API due to its lack of portability. Each extension will always be controlled by a flag and never enabled by default.</p>
|
||
<h2 id="alpha-1">Alpha</h2>
|
||
<ul>
|
||
<li>Disabled by default.</li>
|
||
</ul>
|
||
<h2 id="beta-1">Beta</h2>
|
||
<ul>
|
||
<li>Allowed by default.</li>
|
||
</ul>
|
||
<h2 id="ga-1">GA</h2>
|
||
<ul>
|
||
<li>Allowed by default.</li>
|
||
</ul>
|
||
<h1 id="available-flags">Available Flags</h1>
|
||
<h2 id="multi-containers">Multi Containers</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: feature</li>
|
||
<li><strong>ConfigMap key:</strong> <code>multi-container</code></li>
|
||
</ul>
|
||
<p>This flag allows specifying multiple &ldquo;user containers&rdquo; in a Knative Service spec.
|
||
Only one container can handle the requests, and therefore exactly one container must
|
||
have a <code>port</code> specified.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">containers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">first-container</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">image</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">gcr.io/knative-samples/helloworld-go</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">ports</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">containerPort</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">8080</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">second-container</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">image</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">gcr.io/knative-samples/helloworld-java</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="kubernetes-node-affinity">Kubernetes Node Affinity</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>kubernetes.podspec-affinity</code></li>
|
||
</ul>
|
||
<p>This extension controls whether <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity">node affinity</a> can be specified.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">affinity</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodeAffinity</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">requiredDuringSchedulingIgnoredDuringExecution</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodeSelectorTerms</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">matchExpressions</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">key</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">kubernetes.io/e2e-az-name</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">operator</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">In</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">values</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#000">e2e-az1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#000">e2e-az2</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="kubernetes-host-aliases">Kubernetes Host Aliases</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>kubernetes.podspec-hostaliases</code></li>
|
||
</ul>
|
||
<p>This flag controls whether <a href="https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/">host aliases</a> can be specified.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">hostAliases</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">ip</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;127.0.0.1&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">hostnames</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#4e9a06">&#34;foo.local&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#4e9a06">&#34;bar.local&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="kubernetes-node-selector">Kubernetes Node Selector</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>kubernetes.podspec-nodeselector</code></li>
|
||
</ul>
|
||
<p>This flag controls whether <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector">node selector</a> can be specified.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodeSelector</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">labelName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">labelValue</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="kubernetes-toleration">Kubernetes Toleration</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>kubernetes.podspec-tolerations</code></li>
|
||
</ul>
|
||
<p>This flag controls whether <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/">tolerations</a> can be specified.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">tolerations</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">key</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;example-key&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">operator</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;Exists&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">effect</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;NoSchedule&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="kubernetes-fieldref">Kubernetes FieldRef</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>kubernetes.podspec-fieldref</code></li>
|
||
</ul>
|
||
<p>This flag controls whether the <a href="https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/">Downward API (env based)</a> can be specified.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">containers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">user-container</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">image</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">gcr.io/knative-samples/helloworld-go</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">env</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">MY_NODE_NAME</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">valueFrom</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">fieldRef</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">fieldPath</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">spec.nodeName</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="kubernetes-dry-run">Kubernetes Dry Run</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>kubernetes.podspec-dryrun</code></li>
|
||
</ul>
|
||
<p>This flag controls whether Knative will try to validate the Pod spec derived from the Knative Service spec using the Kubernetes API server before accepting the object.</p>
|
||
<p>When &ldquo;enabled&rdquo;, the server will always run the extra validation.
|
||
When &ldquo;allowed&rdquo;, the server will not run the dry-run validation by default.
|
||
However, clients may enable the behavior on an individual Service by
|
||
attaching the following metadata annotation: &ldquo;features.knative.dev/podspec-dryrun&rdquo;:&ldquo;enabled&rdquo;.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">annotations</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">features.knative.dev/podspec-dryrun&#34;:&#34;enabled</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="kubernetes-runtime-class">Kubernetes Runtime Class</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>kubernetes.podspec-runtimeclass</code></li>
|
||
</ul>
|
||
<p>This flag controls whether the <a href="https://kubernetes.io/docs/concepts/containers/runtime-class/">runtime class</a> can be used or not.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">runtimeClassName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">myclass</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="kubernetes-security-context">Kubernetes Security Context</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>kubernetes.podspec-securitycontext</code></li>
|
||
</ul>
|
||
<p>This flag controls whether a subset of the <a href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/">security context</a> can be used.</p>
|
||
<p>When set to &ldquo;enabled&rdquo; or &ldquo;allowed&rdquo; it allows the following
|
||
PodSecurityContext properties:</p>
|
||
<ul>
|
||
<li>FSGroup</li>
|
||
<li>RunAsGroup</li>
|
||
<li>RunAsNonRoot</li>
|
||
<li>SupplementalGroups</li>
|
||
<li>RunAsUser</li>
|
||
</ul>
|
||
<p>When set to &ldquo;enabled&rdquo; or &ldquo;allowed&rdquo; it allows the following
|
||
Container SecurityContext properties:</p>
|
||
<ul>
|
||
<li>RunAsNonRoot</li>
|
||
<li>RunAsGroup</li>
|
||
<li>RunAsUser (already allowed without this flag)</li>
|
||
</ul>
|
||
<p>This flag should be used with caution as the PodSecurityContext
|
||
properties may have a side-effect on non-user sidecar containers that come
|
||
from Knative or your service mesh</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">securityContext</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">runAsUser</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1000</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="responsive-revision-garbage-collector">Responsive Revision Garbage Collector</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>responsive-revision-gc</code></li>
|
||
</ul>
|
||
<p>This flag controls whether new responsive garbage collection is enabled. This
|
||
feature labels revisions in real-time as they become referenced and
|
||
dereferenced by Routes. This allows us to reap revisions shortly after
|
||
they are no longer active.</p>
|
||
<h2 id="tag-header-based-routing">Tag Header Based Routing</h2>
|
||
<ul>
|
||
<li><strong>Type</strong>: extension</li>
|
||
<li><strong>ConfigMap key:</strong> <code>tag-header-based-routing</code></li>
|
||
</ul>
|
||
<p>This flags controls whether <a href="../samples/tag-header-based-routing/index.html">tag header based routing</a> is enabled.</p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Setting up custom ingress gateway</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/setting-up-custom-ingress-gateway/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/setting-up-custom-ingress-gateway/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Knative uses a shared ingress Gateway to serve all incoming traffic within
|
||
Knative service mesh, which is the <code>knative-ingress-gateway</code> Gateway under
|
||
the <code>knative-serving</code> namespace. By default, we use Istio gateway service
|
||
<code>istio-ingressgateway</code> under <code>istio-system</code> namespace as its underlying service.
|
||
You can replace the service with that of your own as follows.</p>
|
||
<h2 id="step-1-create-gateway-service-and-deployment-instance">Step 1: Create Gateway Service and Deployment Instance</h2>
|
||
<p>You&rsquo;ll need to create the gateway service and deployment instance to handle
|
||
traffic first. Let&rsquo;s say you customized the default <code>istio-ingressgateway</code> to
|
||
<code>custom-ingressgateway</code> as follows.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">install.istio.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">IstioOperator</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">values</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">global</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">proxy</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">autoInject</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">disabled</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">useMCP</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># The third-party-jwt is not enabled on all k8s.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">jwtPolicy</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">first-party-jwt</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">addonComponents</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">pilot</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">enabled</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">true</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">prometheus</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">enabled</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">components</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">ingressGateways</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">custom-ingressgateway</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">enabled</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">true</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">custom-ns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">label</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">istio</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">custom-gateway</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="step-2-update-knative-gateway">Step 2: Update Knative Gateway</h2>
|
||
<p>Update gateway instance <code>knative-ingress-gateway</code> under <code>knative-serving</code>
|
||
namespace:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl edit gateway knative-ingress-gateway -n knative-serving
|
||
</code></pre></div><p>Replace the label selector with the label of your service:</p>
|
||
<pre><code>istio: ingressgateway
|
||
</code></pre><p>For the service above, it should be updated to:</p>
|
||
<pre><code>istio: custom-gateway
|
||
</code></pre><p>If there is a change in service ports (compared with that of
|
||
<code>istio-ingressgateway</code>), update the port info in the gateway accordingly.</p>
|
||
<h2 id="step-3-update-gateway-configmap">Step 3: Update Gateway Configmap</h2>
|
||
<p>Update gateway configmap <code>config-istio</code> under <code>knative-serving</code>
|
||
namespace:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl edit configmap config-istio -n knative-serving
|
||
</code></pre></div><p>Replace the <code>istio-ingressgateway.istio-system.svc.cluster.local</code> field with
|
||
the fully qualified url of your service.</p>
|
||
<pre><code>gateway.knative-serving.knative-ingress-gateway: &quot;istio-ingressgateway.istio-system.svc.cluster.local&quot;
|
||
</code></pre><p>For the service above, it should be updated to:</p>
|
||
<pre><code>gateway.knative-serving.knative-ingress-gateway: custom-ingressgateway.custom-ns.svc.cluster.local
|
||
</code></pre>
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Setting up a custom domain</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/using-a-custom-domain/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/using-a-custom-domain/</guid>
|
||
<description>
|
||
|
||
|
||
<p>By default, Knative Serving routes use <code>example.com</code> as the default domain. The
|
||
fully qualified domain name for a route by default is
|
||
<code>{route}.{namespace}.{default-domain}</code>.</p>
|
||
<p>To change the {default-domain} value there are a few steps involved:</p>
|
||
<h2 id="edit-using-kubectl">Edit using kubectl</h2>
|
||
<ol>
|
||
<li>
|
||
<p>Edit the domain configuration config-map to replace <code>example.com</code> with your
|
||
own domain, for example <code>mydomain.com</code>:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl edit cm config-domain --namespace knative-serving
|
||
</code></pre></div><p>This command opens your default text editor and allows you to edit the <a href="https://github.com/knative/serving/blob/main/config/core/configmaps/domain.yaml">config
|
||
map</a>.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">data</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">_example</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">|</span><span style="color:#8f5902;font-style:italic">
|
||
</span><span style="color:#8f5902;font-style:italic"> ################################
|
||
</span><span style="color:#8f5902;font-style:italic"> # #
|
||
</span><span style="color:#8f5902;font-style:italic"> # EXAMPLE CONFIGURATION #
|
||
</span><span style="color:#8f5902;font-style:italic"> # #
|
||
</span><span style="color:#8f5902;font-style:italic"> ################################
|
||
</span><span style="color:#8f5902;font-style:italic"> # ...
|
||
</span><span style="color:#8f5902;font-style:italic"> example.com: |</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ConfigMap</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div></li>
|
||
<li>
|
||
<p>Edit the file to replace <code>example.com</code> with the domain you&rsquo;d like to use,
|
||
remove the <code>_example</code> key and save your changes.
|
||
In this example, we configure <code>mydomain.com</code> for all routes:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">data</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">mydomain.com</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ConfigMap</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000;font-weight:bold">[</span><span style="color:#000">...]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div></li>
|
||
</ol>
|
||
<h2 id="apply-from-a-file">Apply from a file</h2>
|
||
<p>You can also apply an updated domain configuration:</p>
|
||
<ol>
|
||
<li>
|
||
<p>Create a new file, <code>config-domain.yaml</code> and paste the following text,
|
||
replacing the <code>example.org</code> and <code>example.com</code> values with the new domain you
|
||
want to use:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ConfigMap</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-domain</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">knative-serving</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">data</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># These are example settings of domain.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># example.org will be used for routes having app=prod.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">example.org</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">|</span><span style="color:#8f5902;font-style:italic">
|
||
</span><span style="color:#8f5902;font-style:italic"> selector:
|
||
</span><span style="color:#8f5902;font-style:italic"> app: prod</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Default value for domain, for routes that does not have app=prod labels.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Although it will match all routes, it is the least-specific rule so it</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># will only be used if no other domain matches.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">example.com</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div></li>
|
||
<li>
|
||
<p>Apply updated domain configuration to your cluster:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl apply --filename config-domain.yaml
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<h2 id="deploy-an-application">Deploy an application</h2>
|
||
<blockquote>
|
||
<p>If you have an existing deployment, Knative will reconcile the change made to
|
||
the configuration map and automatically update the host name for all of the
|
||
deployed services and routes.</p>
|
||
</blockquote>
|
||
<p>Deploy an app (for example,
|
||
<a href="../samples/hello-world/helloworld-go/index.html"><code>helloworld-go</code></a>), to your
|
||
cluster as normal. You can retrieve the URL in Knative Route &ldquo;helloworld-go&rdquo;
|
||
with the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get route helloworld-go --output <span style="color:#000">jsonpath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;{.status.url}&#34;</span>
|
||
</code></pre></div><p>You should see the full customized domain: <code>helloworld-go.default.mydomain.com</code>.</p>
|
||
<p>And you can check the IP address of your Knative gateway by running:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#204a87">export</span> <span style="color:#000">INGRESSGATEWAY</span><span style="color:#ce5c00;font-weight:bold">=</span>istio-ingressgateway
|
||
|
||
<span style="color:#204a87;font-weight:bold">if</span> kubectl get configmap config-istio -n knative-serving <span style="color:#000;font-weight:bold">&amp;</span>&gt; /dev/null<span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span>
|
||
<span style="color:#204a87">export</span> <span style="color:#000">INGRESSGATEWAY</span><span style="color:#ce5c00;font-weight:bold">=</span>istio-ingressgateway
|
||
<span style="color:#204a87;font-weight:bold">fi</span>
|
||
|
||
kubectl get svc <span style="color:#000">$INGRESSGATEWAY</span> --namespace istio-system --output <span style="color:#000">jsonpath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;{.status.loadBalancer.ingress[*][&#39;ip&#39;]}&#34;</span>
|
||
</code></pre></div><h2 id="local-dns-setup">Local DNS setup</h2>
|
||
<p>You can map the domain to the IP address of your Knative gateway in your local
|
||
machine with:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">INGRESSGATEWAY</span><span style="color:#ce5c00;font-weight:bold">=</span>istio-ingressgateway
|
||
|
||
<span style="color:#204a87">export</span> <span style="color:#000">GATEWAY_IP</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">`</span>kubectl get svc <span style="color:#000">$INGRESSGATEWAY</span> --namespace istio-system --output <span style="color:#000">jsonpath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;{.status.loadBalancer.ingress[*][&#39;ip&#39;]}&#34;</span><span style="color:#4e9a06">`</span>
|
||
|
||
<span style="color:#8f5902;font-style:italic"># helloworld-go is the generated Knative Route of &#34;helloworld-go&#34; sample.</span>
|
||
<span style="color:#8f5902;font-style:italic"># You need to replace it with your own Route in your project.</span>
|
||
<span style="color:#204a87">export</span> <span style="color:#000">DOMAIN_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">`</span>kubectl get route helloworld-go --output <span style="color:#000">jsonpath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;{.status.url}&#34;</span> <span style="color:#000;font-weight:bold">|</span> cut -d<span style="color:#4e9a06">&#39;/&#39;</span> -f 3<span style="color:#4e9a06">`</span>
|
||
|
||
<span style="color:#8f5902;font-style:italic"># Add the record of Gateway IP and domain name into file &#34;/etc/hosts&#34;</span>
|
||
<span style="color:#204a87">echo</span> -e <span style="color:#4e9a06">&#34;</span><span style="color:#000">$GATEWAY_IP</span><span style="color:#4e9a06">\t</span><span style="color:#000">$DOMAIN_NAME</span><span style="color:#4e9a06">&#34;</span> <span style="color:#000;font-weight:bold">|</span> sudo tee -a /etc/hosts
|
||
|
||
</code></pre></div><p>You can now access your domain from the browser in your machine and do some
|
||
quick checks.</p>
|
||
<h2 id="publish-your-domain">Publish your Domain</h2>
|
||
<p>Follow these steps to make your domain publicly accessible:</p>
|
||
<h3 id="set-static-ip-for-knative-gateway">Set static IP for Knative Gateway</h3>
|
||
<p>You might want to
|
||
<a href="../gke-assigning-static-ip-address">set a static IP for your Knative gateway</a>,
|
||
so that the gateway IP does not change each time your cluster is restarted.</p>
|
||
<h3 id="update-your-dns-records">Update your DNS records</h3>
|
||
<p>To publish your domain, you need to update your DNS provider to point to the IP
|
||
address for your service ingress.</p>
|
||
<ul>
|
||
<li>
|
||
<p>Create a <a href="https://support.google.com/domains/answer/4633759">wildcard record</a>
|
||
for the namespace and custom domain to the ingress IP Address, which would
|
||
enable hostnames for multiple services in the same namespace to work without
|
||
creating additional DNS entries.</p>
|
||
<pre><code class="language-dns" data-lang="dns">*.default.mydomain.com 59 IN A 35.237.28.44
|
||
</code></pre></li>
|
||
<li>
|
||
<p>Create an A record to point from the fully qualified domain name to the IP
|
||
address of your Knative gateway. This step needs to be done for each Knative
|
||
Service or Route created.</p>
|
||
<pre><code class="language-dns" data-lang="dns">helloworld-go.default.mydomain.com 59 IN A 35.237.28.44
|
||
</code></pre></li>
|
||
</ul>
|
||
<p>If you are using Google Cloud DNS, you can find step-by-step instructions in the
|
||
<a href="https://cloud.google.com/dns/quickstart">Cloud DNS quickstart</a>.</p>
|
||
<p>Once the domain update has propagated, you can access your app using the fully
|
||
qualified domain name of the deployed route, for example
|
||
<code>http://helloworld-go.default.mydomain.com</code></p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Setting up a custom domain per Service</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/using-a-custom-domain-per-service/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/using-a-custom-domain-per-service/</guid>
|
||
<description>
|
||
|
||
|
||
<p>By default, Knative uses the <code>{route}.{namespace}.{default-domain}</code> fully qualified domain name for the Service, where <code>default-domain</code> is <code>example.com</code>. You are able to change the <code>default-domain</code> following the <a href="../using-a-custom-domain">Setting up a custom domain</a> guide.</p>
|
||
<p>This guide documents the process to use a custom FQDN for a Service, like <code>my-service.example.com</code>, created by <a href="https://bsideup.github.io/posts/knative_custom_domains/">@bsideup</a>.</p>
|
||
<blockquote>
|
||
<p>There is currently no official process to set up a custom domain per Service. The topic is being discussed <a href="https://github.com/knative/serving/issues/2985">here</a>.</p>
|
||
</blockquote>
|
||
<h2 id="edit-using-kubectl">Edit using kubectl</h2>
|
||
<ol>
|
||
<li>
|
||
<p>Edit the <code>domainTemplate</code> entry on the <code>config-network</code> configuration. You can find more information about it <a href="https://github.com/knative/serving/blob/main/config/core/configmaps/network.yaml#L89">here</a>:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl edit cm config-network --namespace knative-serving
|
||
</code></pre></div><p>Replace the <code>domainTemplate</code> with the following (the spaces must be respected):</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#000;font-weight:bold">[</span><span style="color:#000">...]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">data</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#000">...]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">domainTemplate</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">|-</span><span style="color:#8f5902;font-style:italic">
|
||
</span><span style="color:#8f5902;font-style:italic"> {{if index .Annotations &#34;custom-hostname&#34; -}}
|
||
</span><span style="color:#8f5902;font-style:italic"> {{- index .Annotations &#34;custom-hostname&#34; -}}
|
||
</span><span style="color:#8f5902;font-style:italic"> {{else -}}
|
||
</span><span style="color:#8f5902;font-style:italic"> {{- .Name}}.{{.Namespace -}}
|
||
</span><span style="color:#8f5902;font-style:italic"> {{end -}}
|
||
</span><span style="color:#8f5902;font-style:italic"> .{{.Domain}}</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>Save and close your editor.</p>
|
||
</li>
|
||
</ol>
|
||
<h2 id="edit-the-service">Edit the Service</h2>
|
||
<ol>
|
||
<li>
|
||
<p>In a Service definition, add the <code>custom-hostname</code> annotation:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">hello-world</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">annotations</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># the Service FQDN will become hello-world.{default-domain}</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">custom-hostname</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">hello-world</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000;font-weight:bold">[</span><span style="color:#000">...]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>Apply your changes.</p>
|
||
</li>
|
||
</ol>
|
||
<h2 id="verify-the-changes">Verify the changes</h2>
|
||
<ol>
|
||
<li>Verify that the Service was created with the specified hostname:</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get ksvc hello-world
|
||
|
||
NAME URL LATESTCREATED LATESTREADY READY REASON
|
||
hello-world http://hello-world.example.com hello-world-nfqh2 hello-world-nfqh2 True
|
||
</code></pre></div>
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Configuring HTTPS with TLS certificates</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/using-a-tls-cert/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/using-a-tls-cert/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Learn how to configure secure HTTPS connections in Knative using TLS
|
||
certificates
|
||
(<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS replaces SSL</a>).
|
||
Configure secure HTTPS connections to enable your Knative services and routes to
|
||
<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_interception">terminate external TLS connections</a>.
|
||
You can configure Knative to handle certificates that you manually specify, or
|
||
you can enable Knative to automatically obtain and renew certificates.</p>
|
||
<p>You can use either <a href="https://certbot.eff.org">Certbot</a> or <a href="https://github.com/jetstack/cert-manager">cert-manager</a> to obtain certificates.
|
||
Both tools support TLS certificates but if you want to enable Knative for
|
||
automatic TLS certificate provisioning, you must install and configure the
|
||
cert-manager tool:</p>
|
||
<ul>
|
||
<li>
|
||
<p><strong>Manually obtain and renew certificates</strong>: Both the Certbot and cert-manager
|
||
tools can be used to manually obtain TLS certificates. In general, after you
|
||
obtain a certificate, you must create a Kubernetes secret to use that
|
||
certificate in your cluster. See the complete set of steps below for details
|
||
about manually obtaining and configuring certificates.</p>
|
||
</li>
|
||
<li>
|
||
<p><strong>Enable Knative to automatically obtain and renew TLS certificates</strong>: You can
|
||
also use cert-manager to configure Knative to automatically obtain new TLS
|
||
certificates and renew existing ones. If you want to enable Knative to
|
||
automatically provision TLS certificates, instead see the
|
||
<a href="../using-auto-tls">Enabling automatic TLS certificate provisioning</a> topic.</p>
|
||
</li>
|
||
</ul>
|
||
<p>By default, the <a href="https://letsencrypt.org">Let&rsquo;s Encrypt Certificate Authority (CA)</a> is used to
|
||
demonstrate how to enable HTTPS connections, but you can configure Knative to
|
||
use any certificate from a CA that supports the ACME protocol. However, you must
|
||
use and configure your certificate issuer to use the
|
||
<a href="https://letsencrypt.org/docs/challenge-types/#dns-01-challenge"><code>DNS-01</code> challenge type</a>.</p>
|
||
<blockquote>
|
||
<p><strong>Important:</strong> Certificates issued by Let&rsquo;s Encrypt are valid for only <a href="https://letsencrypt.org/docs/faq/">90
|
||
days</a>. Therefore, if you choose to manually obtain and configure your
|
||
certificates, you must ensure that you renew each certificate before it
|
||
expires.</p>
|
||
</blockquote>
|
||
<h2 id="before-you-begin">Before you begin</h2>
|
||
<p>You must meet the following requirements to enable secure HTTPS connections:</p>
|
||
<ul>
|
||
<li>Knative Serving must be installed. For details about installing the Serving
|
||
component, see the <a href="../../install/">Knative installation guides</a>.</li>
|
||
<li>You must configure your Knative cluster to use a
|
||
<a href="../using-a-custom-domain">custom domain</a>.</li>
|
||
</ul>
|
||
<p><strong>Important:</strong> Istio only supports a single certificate per Kubernetes cluster.
|
||
To serve multiple domains using your Knative cluster, you must ensure that your
|
||
new or existing certificate is signed for each of the domains that you want to
|
||
serve.</p>
|
||
<h2 id="obtaining-a-tls-certificate">Obtaining a TLS certificate</h2>
|
||
<p>If you already have a signed certificate for your domain, see
|
||
<a href="#manually-adding-a-tls-certificate">Manually adding a TLS certificate</a> for
|
||
details about configuring your Knative cluster.</p>
|
||
<p>If you need a new TLS certificate, you can choose to use one of the following
|
||
tools to obtain a certificate from Let&rsquo;s Encrypt:</p>
|
||
<ul>
|
||
<li>Setup Certbot to manually obtain Let&rsquo;s Encrypt certificates</li>
|
||
<li>Setup cert-manager to either manually obtain a certificate, or to
|
||
automatically provision certificates</li>
|
||
</ul>
|
||
<p>This page covers details for both of the above options.</p>
|
||
<p>For details about using other CA&rsquo;s, see the tool&rsquo;s reference documentation:</p>
|
||
<ul>
|
||
<li><a href="https://certbot.eff.org/docs/using.html#changing-the-acme-server">Certbot supported providers</a></li>
|
||
<li><a href="http://docs.cert-manager.io/en/latest/tasks/acme/configuring-dns01/index.html?highlight=supported%20DNS01%20providers#supported-dns01-providers">cert-manager supported providers</a></li>
|
||
</ul>
|
||
<h3 id="using-certbot-to-manually-obtain-lets-encrypt-certificates">Using Certbot to manually obtain Let’s Encrypt certificates</h3>
|
||
<p>Use the following steps to install <a href="https://certbot.eff.org">Certbot</a> and the use the tool to
|
||
manually obtain a TLS certificate from Let&rsquo;s Encrypt.</p>
|
||
<ol>
|
||
<li>
|
||
<p>Install Certbot by following the <a href="https://certbot.eff.org/docs/install.html#certbot-auto"><code>certbot-auto</code> wrapper script</a>
|
||
instructions.</p>
|
||
</li>
|
||
<li>
|
||
<p>Run the following command to use Certbot to request a certificate using DNS
|
||
challenge during authorization:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">./certbot-auto certonly --manual --preferred-challenges dns -d <span style="color:#4e9a06">&#39;*.default.yourdomain.com&#39;</span>
|
||
</code></pre></div><p>where <code>-d</code> specifies your domain. If you want to validate multiple domain&rsquo;s,
|
||
you can include multiple flags:
|
||
<code>-d MY.EXAMPLEDOMAIN.1 -d MY.EXAMPLEDOMAIN.2</code>. For more information, see the
|
||
<a href="https://certbot.eff.org/docs/using.html#certbot-command-line-options">Cerbot command-line</a> reference.</p>
|
||
<p>The Certbot tool walks you through the steps of validating that you own each
|
||
domain that you specify by creating TXT records in those domains.</p>
|
||
<p>Result: CertBot creates two files:</p>
|
||
<ul>
|
||
<li>Certificate:<code>fullchain.pem</code></li>
|
||
<li>Private key: <code>privkey.pem</code></li>
|
||
</ul>
|
||
</li>
|
||
</ol>
|
||
<p>What&rsquo;s next:</p>
|
||
<p>Add the certificate and private key to your Knative cluster by
|
||
<a href="#manually-adding-a-tls-certificate">creating a Kubernetes secret</a>.</p>
|
||
<h3 id="using-cert-manager-to-obtain-lets-encrypt-certificates">Using cert-manager to obtain Let&rsquo;s Encrypt certificates</h3>
|
||
<p>You can install and use <a href="https://github.com/jetstack/cert-manager">cert-manager</a> to either manually obtain a
|
||
certificate or to configure your Knative cluster for automatic certificate
|
||
provisioning:</p>
|
||
<ul>
|
||
<li>
|
||
<p><strong>Manual certificates</strong>: Install cert-manager and then use the tool to
|
||
manually obtain a certificate.</p>
|
||
<p>To use cert-manager to manually obtain certificates:</p>
|
||
<ol>
|
||
<li>
|
||
<p><a href="../installing-cert-manager">Install and configure cert-manager</a>.</p>
|
||
</li>
|
||
<li>
|
||
<p>Continue to the steps below about
|
||
<a href="#manually-adding-a-tls-certificate">manually adding a TLS certificate</a> by
|
||
creating and using a Kubernetes secret.</p>
|
||
</li>
|
||
</ol>
|
||
</li>
|
||
<li>
|
||
<p><strong>Automatic certificates</strong>: Configure Knative to use cert-manager for
|
||
automatically obtaining and renewing TLS certificate. The steps for installing
|
||
and configuring cert-manager for this method are covered in full in the
|
||
<a href="../using-auto-tls">Enabling automatic TLS cert provisioning</a> topic.</p>
|
||
</li>
|
||
</ul>
|
||
<h2 id="manually-adding-a-tls-certificate">Manually adding a TLS certificate</h2>
|
||
<p>If you have an existing certificate or have used one of the Certbot or
|
||
cert-manager tool to manually obtain a new certificate, you can use the
|
||
following steps to add that certificate to your Knative cluster.</p>
|
||
<p>For instructions about enabling Knative for automatic certificate provisioning,
|
||
see <a href="../using-auto-tls">Enabling automatic TLS cert provisioning</a>. Otherwise,
|
||
continue below for instructions about manually adding a certificate.</p>
|
||
|
||
|
||
|
||
|
||
|
||
<ul class="nav nav-tabs" id="serving_networking" role="tablist">
|
||
|
||
|
||
|
||
|
||
<li class="nav-item ">
|
||
<a class="nav-link " id="serving_networking-0-tab" data-toggle="tab" href="#serving_networking-0" role="tab" aria-controls="serving_networking-0" aria-selected="true">Contour</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="nav-item active">
|
||
<a class="nav-link active" id="serving_networking-1-tab" data-toggle="tab" href="#serving_networking-1" role="tab" aria-controls="serving_networking-1" aria-selected="true">Istio</a>
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
<div class="tab-content" >
|
||
|
||
|
||
|
||
|
||
<div class="tab-pane fade " id="serving_networking-0" role="tabpanel" aria-labelledby="serving_networking-0-tab">
|
||
|
||
<p>To manually add a TLS certificate to your Knative cluster, you must create a
|
||
Kubernetes secret and then configure the Knative Contour plugin</p>
|
||
<ol>
|
||
<li>
|
||
<p>Create a Kubernetes secret to hold your TLS certificate, <code>cert.pem</code>, and the
|
||
private key, <code>key.pem</code>, by entering the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl create --namespace contour-external secret tls default-cert <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --key key.pem <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --cert cert.pem
|
||
</code></pre></div><p><strong>IMPORTANT</strong> Take note of the namespace and secret name. You will need these
|
||
in future steps.</p>
|
||
</li>
|
||
<li>
|
||
<p>Contour requires you to create a delegation to use this certificate and private
|
||
key in different namespaces. This can be done by creating the following resource:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">projectcontour.io/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">TLSCertificateDelegation</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">default-delegation</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">contour-external</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">delegations</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">secretName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">default-cert</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">targetNamespaces</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#4e9a06">&#34;*&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div></li>
|
||
<li>
|
||
<p>Update the Knative Contour plugin to start using the certificate as a fallback
|
||
when auto-TLS is disabled. This can be done with the following patch:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl patch cm config-contour -n knative-serving <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> -p <span style="color:#4e9a06">&#39;{&#34;data&#34;:{&#34;default-tls-secret&#34;:&#34;contour-external/default-cert&#34;}}&#39;</span>
|
||
</code></pre></div></li>
|
||
</ol>
|
||
|
||
|
||
</div>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<div class="tab-pane fade show active" id="serving_networking-1" role="tabpanel" aria-labelledby="serving_networking-1-tab">
|
||
|
||
<p>To manually add a TLS certificate to your Knative cluster, you create a
|
||
Kubernetes secret and then configure the <code>knative-ingress-gateway</code>:</p>
|
||
<ol>
|
||
<li>
|
||
<p>Create a Kubernetes secret to hold your TLS certificate, <code>cert.pem</code>, and the
|
||
private key, <code>key.pem</code>, by entering the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl create --namespace istio-system secret tls tls-cert <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --key key.pem <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --cert cert.pem
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Configure Knative to use the new secret that you created for HTTPS
|
||
connections:</p>
|
||
<ol>
|
||
<li>
|
||
<p>Run the following command to open the Knative shared <code>gateway</code> in edit
|
||
mode:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl edit gateway knative-ingress-gateway --namespace knative-serving
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Update the <code>gateway</code> to include the following <code>tls:</code> section and
|
||
configuration:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">tls</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">mode</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">SIMPLE</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">credentialName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tls-cert</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>Example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#8f5902;font-style:italic"># Please edit the object below. Lines beginning with a &#39;#&#39; will be ignored.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#8f5902;font-style:italic"># and an empty file will abort the edit. If an error occurs while saving this</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#8f5902;font-style:italic"># file will be reopened with the relevant failures.</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">networking.istio.io/v1alpha3</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Gateway</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># ... skipped ...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">selector</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">istio</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ingressgateway</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">servers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">hosts</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#4e9a06">&#34;*&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">port</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">http</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">number</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">80</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">protocol</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">HTTP</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">hosts</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#000">TLS_HOSTS</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">port</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">https</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">number</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">443</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">protocol</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">HTTPS</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">tls</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">mode</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">SIMPLE</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">credentialName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tls-cert</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>In the example above, <code>TLS_HOSTS</code> represents the hosts of your TLS certificate. It can be a single host, multiple hosts, or a wildcard host.
|
||
For detailed instructions, please refer <a href="https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/">Istio documentation</a></p>
|
||
</li>
|
||
</ol>
|
||
</li>
|
||
</ol>
|
||
|
||
|
||
</div>
|
||
|
||
</div>
|
||
|
||
<h2 id="whats-next">What&rsquo;s next:</h2>
|
||
<p>After your changes are running on your Knative cluster, you can begin using the
|
||
HTTPS protocol for secure access your deployed Knative services.</p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Installing cert-manager for TLS certificates</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/installing-cert-manager/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/installing-cert-manager/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Install the <a href="https://github.com/jetstack/cert-manager">Cert-Manager</a> tool to
|
||
obtain TLS certificates that you can use for secure HTTPS connections in
|
||
Knative. For more information about enabling HTTPS connections in Knative, see
|
||
<a href="../using-a-tls-cert">Configuring HTTPS with TLS certificates</a>.</p>
|
||
<p>You can use cert-manager to either manually obtain certificates, or to enable
|
||
Knative for automatic certificate provisioning. Complete instructions about
|
||
automatic certificate provisioning are provided in
|
||
<a href="../using-auto-tls">Enabling automatic TLS cert provisioning</a>.</p>
|
||
<p>Regardless of if your want to manually obtain certificates, or configure Knative
|
||
for automatic provisioning, you can use the following steps to install
|
||
cert-manager.</p>
|
||
<h2 id="before-you-begin">Before you begin</h2>
|
||
<p>You must meet the following requirements to install cert-manager for Knative:</p>
|
||
<ul>
|
||
<li>Knative Serving must be installed. For details about installing the Serving
|
||
component, see the <a href="../../install/">Knative installation guides</a>.</li>
|
||
<li>You must configure your Knative cluster to use a
|
||
<a href="../using-a-custom-domain">custom domain</a>.</li>
|
||
<li>Knative currently supports cert-manager version <code>1.0.0</code> and higher.</li>
|
||
</ul>
|
||
<h2 id="downloading-and-installing-cert-manager">Downloading and installing cert-manager</h2>
|
||
<p>Follow the steps from the official <code>cert-manager</code> website to download and install cert-manager</p>
|
||
<p><a href="https://cert-manager.io/docs/installation/kubernetes/">Installation steps</a></p>
|
||
<h2 id="completing-the-knative-configuration-for-tls-support">Completing the Knative configuration for TLS support</h2>
|
||
<p>Before you can use a TLS certificate for secure connections, you must finish
|
||
configuring Knative:</p>
|
||
<ul>
|
||
<li>
|
||
<p><strong>Manual</strong>: If you installed cert-manager to manually obtain certificates,
|
||
continue to the following topic for instructions about creating a Kubernetes
|
||
secret:
|
||
<a href="../using-a-tls-cert#manually-adding-a-tls-certificate">Manually adding a TLS certificate</a></p>
|
||
</li>
|
||
<li>
|
||
<p><strong>Automatic</strong>: If you installed cert-manager to use for automatic certificate
|
||
provisioning, continue to the following topic to enable that feature:
|
||
<a href="../using-auto-tls">Enabling automatic TLS certificate provisioning in Knative</a></p>
|
||
</li>
|
||
</ul>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Configuring HTTPS with cert-manager and Google Cloud DNS</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/using-cert-manager-on-gcp/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/using-cert-manager-on-gcp/</guid>
|
||
<description>
|
||
|
||
|
||
<p>You can use cert-manager with Knative to automatically provision TLS
|
||
certificates from Let&rsquo;s Encrypt and use
|
||
<a href="https://cloud.google.com/dns/">Google Cloud DNS</a> to handle HTTPS requests and
|
||
validate DNS challenges.</p>
|
||
<p>The following guide demonstrates how you can setup Knative to handle secure
|
||
HTTPS requests on Google Cloud Platform, specifically using cert-manager for TLS
|
||
certificates and <a href="https://cloud.google.com/dns/">Google Cloud DNS</a> as the DNS
|
||
provider.</p>
|
||
<p>Learn more about using TLS certificates in Knative:</p>
|
||
<ul>
|
||
<li><a href="../using-a-tls-cert">Configuring HTTPS with TLS certificates</a></li>
|
||
<li><a href="../using-auto-tls">Enabling automatic TLS certificate provisioning</a></li>
|
||
</ul>
|
||
<h2 id="before-you-begin">Before you begin</h2>
|
||
<p>You must meet the following prerequisites to configure Knative with cert-manager
|
||
and Cloud DNS:</p>
|
||
<ul>
|
||
<li>You must have a
|
||
<a href="https://console.cloud.google.com/cloud-resource-manager">GCP project ID with owner privileges</a>.</li>
|
||
<li><a href="https://cloud.google.com/dns/docs/how-to">Google Cloud DNS</a> must set up and
|
||
configure for your domain.</li>
|
||
<li>You must have a Knative cluster with the following requirements:
|
||
<ul>
|
||
<li>Knative Serving running.</li>
|
||
<li>The Knative cluster must be running on Google Cloud Platform. For details
|
||
about installing the Serving component, see the
|
||
<a href="../../install/">Knative installation guides</a>.</li>
|
||
<li>Your Knative cluster must be configured to use a
|
||
<a href="../using-a-custom-domain">custom domain</a>.</li>
|
||
<li><a href="../installing-cert-manager">cert-manager v0.6.1 or higher installed</a></li>
|
||
</ul>
|
||
</li>
|
||
<li>Your DNS provider must be setup and configured to your domain.</li>
|
||
</ul>
|
||
<h2 id="creating-a-service-account-and-using-a-kubernetes-secret">Creating a service account and using a Kubernetes secret</h2>
|
||
<p>To allow cert-manager to access and update the DNS record, you must create a
|
||
service account in GCP, add the key in a Kubernetes secret, and then add that
|
||
secret to your Knative cluster.</p>
|
||
<p>Note that several example names are used in the following commands, for example
|
||
secret or file names, which can all be changed to your liking.</p>
|
||
<ol>
|
||
<li>
|
||
<p>Create a service account in GCP with <code>dns.admin</code> project role by running the
|
||
following commands, where <code>&lt;your-project-id&gt;</code> is the ID of your GCP project:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Set this to your GCP project ID</span>
|
||
<span style="color:#204a87">export</span> <span style="color:#000">PROJECT_ID</span><span style="color:#ce5c00;font-weight:bold">=</span>&lt;your-project-id&gt;
|
||
|
||
<span style="color:#8f5902;font-style:italic"># Name of the service account you want to create.</span>
|
||
<span style="color:#204a87">export</span> <span style="color:#000">CLOUD_DNS_SA</span><span style="color:#ce5c00;font-weight:bold">=</span>cert-manager-cloud-dns-admin
|
||
gcloud --project <span style="color:#000">$PROJECT_ID</span> iam service-accounts <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> create <span style="color:#000">$CLOUD_DNS_SA</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --display-name <span style="color:#4e9a06">&#34;Service Account to support ACME DNS-01 challenge.&#34;</span>
|
||
|
||
<span style="color:#8f5902;font-style:italic"># Fully-qualified service account name also has project-id information.</span>
|
||
<span style="color:#204a87">export</span> <span style="color:#000">CLOUD_DNS_SA</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$CLOUD_DNS_SA</span>@<span style="color:#000">$PROJECT_ID</span>.iam.gserviceaccount.com
|
||
|
||
<span style="color:#8f5902;font-style:italic"># Bind the role dns.admin to this service account, so it can be used to support</span>
|
||
<span style="color:#8f5902;font-style:italic"># the ACME DNS01 challenge.</span>
|
||
gcloud projects add-iam-policy-binding <span style="color:#000">$PROJECT_ID</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --member serviceAccount:<span style="color:#000">$CLOUD_DNS_SA</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --role roles/dns.admin
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Download the service account key by running the following commands:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Make a temporary directory to store key</span>
|
||
<span style="color:#000">KEY_DIRECTORY</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">`</span>mktemp -d<span style="color:#4e9a06">`</span>
|
||
|
||
<span style="color:#8f5902;font-style:italic"># Download the secret key file for your service account.</span>
|
||
gcloud iam service-accounts keys create <span style="color:#000">$KEY_DIRECTORY</span>/cloud-dns-key.json <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --iam-account<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$CLOUD_DNS_SA</span>
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Create a Kubernetes secret and then add that secret to your Knative cluster
|
||
by running the following commands:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Upload that as a secret in your Kubernetes cluster.</span>
|
||
kubectl create secret --namespace cert-manager generic cloud-dns-key <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --from-file<span style="color:#ce5c00;font-weight:bold">=</span>key.json<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$KEY_DIRECTORY</span>/cloud-dns-key.json
|
||
|
||
<span style="color:#8f5902;font-style:italic"># Delete the local secret</span>
|
||
rm -rf <span style="color:#000">$KEY_DIRECTORY</span>
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<h2 id="adding-your-service-account-to-cert-manager">Adding your service account to cert-manager</h2>
|
||
<p>Create a <code>ClusterIssuer</code> configuration file to define how cert-manager obtains
|
||
TLS certificates and how the requests are validated with Cloud DNS.</p>
|
||
<ol>
|
||
<li>
|
||
<p>Run the following command to create the <code>ClusterIssuer</code> configuration. The
|
||
following creates the <code>letsencrypt-issuer</code> <code>ClusterIssuer</code>, that includes
|
||
your Let&rsquo;s Encrypt account info, <code>DNS-01</code> challenge type, and Cloud DNS
|
||
provider info, including your <code>cert-manager-cloud-dns-admin</code> service account.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl apply --filename - <span style="color:#4e9a06">&lt;&lt;EOF
|
||
</span><span style="color:#4e9a06">apiVersion: cert-manager.io/v1alpha2
|
||
</span><span style="color:#4e9a06">kind: ClusterIssuer
|
||
</span><span style="color:#4e9a06">metadata:
|
||
</span><span style="color:#4e9a06"> name: letsencrypt-issuer
|
||
</span><span style="color:#4e9a06">spec:
|
||
</span><span style="color:#4e9a06"> acme:
|
||
</span><span style="color:#4e9a06"> server: https://acme-v02.api.letsencrypt.org/directory
|
||
</span><span style="color:#4e9a06"> # This will register an issuer with LetsEncrypt. Replace
|
||
</span><span style="color:#4e9a06"> # with your admin email address.
|
||
</span><span style="color:#4e9a06"> email: myemail@gmail.com
|
||
</span><span style="color:#4e9a06"> privateKeySecretRef:
|
||
</span><span style="color:#4e9a06"> # Set privateKeySecretRef to any unused secret name.
|
||
</span><span style="color:#4e9a06"> name: letsencrypt-issuer
|
||
</span><span style="color:#4e9a06"> solvers:
|
||
</span><span style="color:#4e9a06"> - dns01:
|
||
</span><span style="color:#4e9a06"> clouddns:
|
||
</span><span style="color:#4e9a06"> # Set this to your GCP project-id
|
||
</span><span style="color:#4e9a06"> project: $PROJECT_ID
|
||
</span><span style="color:#4e9a06"> # Set this to the secret that we publish our service account key
|
||
</span><span style="color:#4e9a06"> # in the previous step.
|
||
</span><span style="color:#4e9a06"> serviceAccountSecretRef:
|
||
</span><span style="color:#4e9a06"> name: cloud-dns-key
|
||
</span><span style="color:#4e9a06"> key: key.json
|
||
</span><span style="color:#4e9a06">EOF</span>
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Ensure that <code>letsencrypt-issuer</code> is created successfully by running the
|
||
following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get clusterissuer --namespace cert-manager letsencrypt-issuer --output yaml
|
||
</code></pre></div><p>Result: The <code>Status.Conditions</code> should include <code>Ready=True</code>. For example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">status</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">acme</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">uri</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">https://acme-v02.api.letsencrypt.org/acme/acct/40759665</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">conditions</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">lastTransitionTime</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">2018-08-23T01:44:54Z</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">message</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">The ACME account was registered with the ACME server</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">reason</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ACMEAccountRegistered</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">status</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;True&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Ready</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div></li>
|
||
</ol>
|
||
<h2 id="add-letsencrypt-issuer-to-your-ingress-secret-to-configure-your-certificate">Add <code>letsencrypt-issuer</code> to your ingress secret to configure your certificate</h2>
|
||
<p>To configure how Knative uses your TLS certificates, you create a <code>Certificate</code>
|
||
to add <code>letsencrypt-issuer</code> to the <code>istio-ingressgateway-certs</code> secret.</p>
|
||
<p>Note that <code>istio-ingressgateway-certs</code> will be overridden if the secret already
|
||
exists.</p>
|
||
<ol>
|
||
<li>
|
||
<p>Run the following commands to create the <code>my-certificate</code> <code>Certificate</code>,
|
||
where <code>&lt;your-domain.com&gt;</code> is your domain:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Change this value to the domain you want to use.</span>
|
||
<span style="color:#204a87">export</span> <span style="color:#000">DOMAIN</span><span style="color:#ce5c00;font-weight:bold">=</span>&lt;your-domain.com&gt;
|
||
|
||
kubectl apply --filename - <span style="color:#4e9a06">&lt;&lt;EOF
|
||
</span><span style="color:#4e9a06">apiVersion: cert-manager.io/v1alpha2
|
||
</span><span style="color:#4e9a06">kind: Certificate
|
||
</span><span style="color:#4e9a06">metadata:
|
||
</span><span style="color:#4e9a06"> name: my-certificate
|
||
</span><span style="color:#4e9a06"> namespace: istio-system
|
||
</span><span style="color:#4e9a06">spec:
|
||
</span><span style="color:#4e9a06"> secretName: istio-ingressgateway-certs
|
||
</span><span style="color:#4e9a06"> issuerRef:
|
||
</span><span style="color:#4e9a06"> name: letsencrypt-issuer
|
||
</span><span style="color:#4e9a06"> kind: ClusterIssuer
|
||
</span><span style="color:#4e9a06"> dnsNames:
|
||
</span><span style="color:#4e9a06"> - &#34;*.default.$DOMAIN&#34;
|
||
</span><span style="color:#4e9a06"> - &#34;*.other-namespace.$DOMAIN&#34;
|
||
</span><span style="color:#4e9a06">EOF</span>
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Ensure that <code>my-certificate</code> is created successfully by running the following
|
||
command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get certificate --namespace istio-system my-certificate --output yaml
|
||
</code></pre></div><p>Result: The <code>Status.Conditions</code> should include <code>Ready=True</code>. For example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">status</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">acme</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">order</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">url</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">https://acme-v02.api.letsencrypt.org/acme/order/40759665/45358362</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">conditions</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">lastTransitionTime</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">2018-08-23T02:28:44Z</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">message</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Certificate issued successfully</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">reason</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">CertIssued</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">status</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;True&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Ready</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div></li>
|
||
</ol>
|
||
<p>Note: If <code>Status.Conditions</code> is <code>Ready=False</code>, that indicates a failure to
|
||
obtain a certificate, which should be explained in the accompanying error
|
||
message.</p>
|
||
<h2 id="configuring-the-knative-ingress-gateway">Configuring the Knative ingress gateway</h2>
|
||
<p>To configure the <code>knative-ingress-gateway</code> to use the TLS certificate that you
|
||
created, append the <code>tls:</code> section to the end of your HTTPS port configuration.</p>
|
||
<p>Run the following commands to configure Knative to use HTTPS connections and
|
||
send a <code>301</code> redirect response for all HTTP requests:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl apply --filename - <span style="color:#4e9a06">&lt;&lt;EOF
|
||
</span><span style="color:#4e9a06">apiVersion: networking.istio.io/v1alpha3
|
||
</span><span style="color:#4e9a06">kind: Gateway
|
||
</span><span style="color:#4e9a06">metadata:
|
||
</span><span style="color:#4e9a06"> name: knative-ingress-gateway
|
||
</span><span style="color:#4e9a06"> namespace: knative-serving
|
||
</span><span style="color:#4e9a06">spec:
|
||
</span><span style="color:#4e9a06"> selector:
|
||
</span><span style="color:#4e9a06"> istio: ingressgateway
|
||
</span><span style="color:#4e9a06"> servers:
|
||
</span><span style="color:#4e9a06"> - port:
|
||
</span><span style="color:#4e9a06"> number: 80
|
||
</span><span style="color:#4e9a06"> name: http
|
||
</span><span style="color:#4e9a06"> protocol: HTTP
|
||
</span><span style="color:#4e9a06"> hosts:
|
||
</span><span style="color:#4e9a06"> - &#34;*&#34;
|
||
</span><span style="color:#4e9a06"> tls:
|
||
</span><span style="color:#4e9a06"> # Sends 301 redirect for all http requests.
|
||
</span><span style="color:#4e9a06"> # Omit to allow http and https.
|
||
</span><span style="color:#4e9a06"> httpsRedirect: true
|
||
</span><span style="color:#4e9a06"> - port:
|
||
</span><span style="color:#4e9a06"> number: 443
|
||
</span><span style="color:#4e9a06"> name: https
|
||
</span><span style="color:#4e9a06"> protocol: HTTPS
|
||
</span><span style="color:#4e9a06"> hosts:
|
||
</span><span style="color:#4e9a06"> - &#34;*&#34;
|
||
</span><span style="color:#4e9a06"> tls:
|
||
</span><span style="color:#4e9a06"> mode: SIMPLE
|
||
</span><span style="color:#4e9a06"> privateKey: /etc/istio/ingressgateway-certs/tls.key
|
||
</span><span style="color:#4e9a06"> serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
||
</span><span style="color:#4e9a06">EOF</span>
|
||
</code></pre></div><p>Congratulations, you can now access your Knative services with secure HTTPS
|
||
connections. Your Knative cluster is configured to use cert-manager to manually
|
||
obtain TLS certificates but see the following section about automating that
|
||
process.</p>
|
||
<h2 id="configure-knative-for-automatic-certificate-provisioning">Configure Knative for automatic certificate provisioning</h2>
|
||
<p>You can update your Knative configuration to automatically obtain and renew TLS
|
||
certificates before they expire. To learn more about automatic certificates, see
|
||
<a href="../using-auto-tls">Enabling automatic TLS certificate provisioning</a>.</p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Creating a Mapping between a Custom Domain Name and a Knative Service (Alpha)</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/creating-domain-mappings/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/creating-domain-mappings/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Knative Services are automatically given a default domain name based on the
|
||
cluster configuration, e.g. &ldquo;mysvc.mynamespace.mydomain&rdquo;. You can also map a
|
||
single custom domain name that you own to a specific Knative Service using the
|
||
Domain Mapping feature, if enabled.</p>
|
||
<p>For example, if you own the &ldquo;example.org&rdquo; domain name, and configure its DNS
|
||
to reference your Knative cluster, you can use the DomainMapping feature to
|
||
have this domain be served by a Knative Service.</p>
|
||
<h2 id="before-you-begin">Before you begin</h2>
|
||
<ol>
|
||
<li>You need to enable the DomainMapping feature (and a supported Knative
|
||
Ingress implementation) to use it.
|
||
See <a href="../../install/install-extensions#install-optional-serving-extensions">Install optional Serving extensions</a>.</li>
|
||
<li>To map a custom domain to a Knative Service, you must first <a href="../../serving/services/creating-services">create a Knative
|
||
Service</a>.</li>
|
||
<li>You will need a Domain Name to map, and the ability to change its DNS to
|
||
point to your Knative Cluster. The details of this step are dependant on
|
||
your domain registrar.</li>
|
||
</ol>
|
||
<h2 id="creating-a-domain-mapping">Creating a Domain Mapping</h2>
|
||
<p>To create a mapping from a custom domain name that you control to a Knative
|
||
Service, you need to create a YAML file that defines a Domain Mapping. This
|
||
YAML file specifies the domain name to map and the Knative Service to use to
|
||
service requests.</p>
|
||
<p>You will also need to point the domain name at your Knative cluster using the
|
||
tools provided by your domain registrar.</p>
|
||
<p>Domain Mappings map a single, non-wildcard domain to a specific Knative
|
||
Service. For example in the example yaml below, the &ldquo;example.org&rdquo; Domain
|
||
Mapping maps only &ldquo;example.org&rdquo; and not &ldquo;<a href="http://www.example.org">www.example.org</a>&rdquo;. You can create
|
||
multiple Domain Mappings to map multiple domains and subdomains.</p>
|
||
<h3 id="procedure">Procedure</h3>
|
||
<ol>
|
||
<li>Create a new file named <code>domainmapping.yaml</code> containing the following information.</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">DomainMapping</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">example.org</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">default</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">ref</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">helloworld-go</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><ul>
|
||
<li><code>name</code>(metadata): The domain name you wish to map to the Knative Service.</li>
|
||
<li><code>namespace</code>: The namespace that both the DomainMapping and Knative Service use.</li>
|
||
<li><code>name</code>(ref): The Knative Service which should be used to service requests
|
||
for the custom domain name. You can also map to other targets as long as
|
||
they conform to the Addressable contract and their resolved URL is of the
|
||
form <code>{name}.{namespace}.{clusterdomain}</code> where <code>{name}</code> and <code>{namespace}</code>
|
||
are the name and namespace of a Kubernetes service, and <code>{clusterdomain}</code>
|
||
is the cluster domain. Objects conforming to this contract include Knative
|
||
Services and Routes, and Kubernetes Services.</li>
|
||
</ul>
|
||
<ol>
|
||
<li>From the directory where the new <code>domainmapping.yaml</code> file was created,
|
||
deploy the domain mapping by applying the <code>domainmapping.yaml</code> file.</li>
|
||
</ol>
|
||
<pre><code>kubectl apply --filename domainmapping.yaml
|
||
</code></pre><ol>
|
||
<li>You will also need to point the &ldquo;example.org&rdquo; domain name at the IP
|
||
address of your Knative cluster. Details of this step differ depending on
|
||
your domain registrar.</li>
|
||
</ol>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Enabling automatic TLS certificate provisioning</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/using-auto-tls/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/using-auto-tls/</guid>
|
||
<description>
|
||
|
||
|
||
<p>If you install and configure cert-manager, you can configure Knative to
|
||
automatically obtain new TLS certificates and renew existing ones for Knative
|
||
Services.
|
||
To learn more about using secure connections in Knative, see
|
||
<a href="../using-a-tls-cert">Configuring HTTPS with TLS certificates</a>.</p>
|
||
<h2 id="automatic-tls-provision-mode">Automatic TLS provision mode</h2>
|
||
<p>Knative supports the following Auto TLS modes:</p>
|
||
<ol>
|
||
<li>
|
||
<p>Using DNS-01 challenge</p>
|
||
<p>In this mode, your cluster needs to be able to talk to your DNS server to verify the ownership of your domain.</p>
|
||
<ul>
|
||
<li>
|
||
<p><strong>Provision Certificate per namespace is supported when using DNS-01 challenge mode.</strong></p>
|
||
<ul>
|
||
<li>This is the recommended mode for faster certificate provision.</li>
|
||
<li>In this mode, a single Certificate will be provisioned per namespace and is reused across the Knative Services within the same namespace.</li>
|
||
</ul>
|
||
</li>
|
||
<li>
|
||
<p><strong>Provision Certificate per Knative Service is supported when using DNS-01 challenge mode.</strong></p>
|
||
<ul>
|
||
<li>This is the recommended mode for better certificate islation between Knative Services.</li>
|
||
<li>In this mode, a Certificate will be provisioned for each Knative Service.</li>
|
||
<li>The TLS effective time is longer as it needs Certificate provision for each Knative Service creation.</li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li>
|
||
<p>Using HTTP-01 challenge</p>
|
||
<ul>
|
||
<li>In this type, your cluster does not need to be able to talk to your DNS server. You must map your domain to the IP of the cluser ingress.</li>
|
||
<li>When using HTTP-01 challenge, <strong>a certificate will be provisioned per Knative Service.</strong></li>
|
||
<li><strong>HTTP-01 does not support provisioning a certificate per namespace.</strong></li>
|
||
</ul>
|
||
</li>
|
||
</ol>
|
||
<h2 id="before-you-begin">Before you begin</h2>
|
||
<p>You must meet the following prerequisites to enable Auto TLS:</p>
|
||
<ul>
|
||
<li>The following must be installed on your Knative cluster:
|
||
<ul>
|
||
<li><a href="../../install/">Knative Serving</a>.</li>
|
||
<li>A Networking layer such as Kourier, Istio with SDS v1.3 or higher, Contour v1.1 or higher, or Gloo v0.18.16 or higher.
|
||
See <a href="../../install/install-serving-with-yaml#install-a-networking-layer">Install a networking layer</a> or
|
||
<a href="../../install/installing-istio#installing-istio-with-SDS-to-secure-the-ingress-gateway">Istio with SDS, version 1.3 or higher</a>.<br>
|
||
<strong>Note:</strong> Currently, <a href="https://github.com/datawire/ambassador">Ambassador</a> is unsupported for use with Auto TLS.</li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="../installing-cert-manager">cert-manager version <code>1.0.0</code> and higher</a>.</li>
|
||
<li>Your Knative cluster must be configured to use a
|
||
<a href="../using-a-custom-domain">custom domain</a>.</li>
|
||
<li>Your DNS provider must be setup and configured to your domain.</li>
|
||
<li>If you want to use HTTP-01 challenge, you need to configure your custom
|
||
domain to map to the IP of ingress. You can achieve this by adding a DNS A record to map the domain to the IP according to the instructions of your DNS provider.</li>
|
||
</ul>
|
||
<h2 id="enabling-auto-tls">Enabling Auto TLS</h2>
|
||
<p>To enable support for Auto TLS in Knative:</p>
|
||
<h3 id="create-cert-manager-clusterissuer">Create cert-manager ClusterIssuer</h3>
|
||
<ol>
|
||
<li>
|
||
<p>Create and add the <code>ClusterIssuer</code> configuration file to your Knative cluster
|
||
to define who issues the TLS certificates, how requests are validated,
|
||
and which DNS provider validates those requests.</p>
|
||
<h4 id="clusterissuer-for-dns-01-challenge">ClusterIssuer for DNS-01 challenge</h4>
|
||
<p>Use the cert-manager reference to determine how to configure your
|
||
<code>ClusterIssuer</code> file:</p>
|
||
<ul>
|
||
<li>
|
||
<p>See the generic
|
||
<a href="https://cert-manager.io/docs/configuration/acme/#creating-a-basic-acme-issuer"><code>ClusterIssuer</code> example</a></p>
|
||
</li>
|
||
<li>
|
||
<p>Also see the
|
||
<a href="https://docs.cert-manager.io/en/latest/tasks/acme/configuring-dns01/index.html"><code>DNS01</code> example</a></p>
|
||
<p><strong>Example</strong>: Cloud DNS <code>ClusterIssuer</code> configuration file:</p>
|
||
<p>The following <code>letsencrypt-issuer</code> named <code>ClusterIssuer</code> file is
|
||
configured for the Let&rsquo;s Encrypt CA and Google Cloud DNS. Under <code>spec</code>,
|
||
the Let&rsquo;s Encrypt account info, required <code>DNS-01</code> challenge type, and
|
||
Cloud DNS provider info defined. For the complete Google Cloud DNS
|
||
example, see
|
||
<a href="../using-cert-manager-on-gcp">Configuring HTTPS with cert-manager and Google Cloud DNS</a>.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">apiVersion: cert-manager.io/v1alpha2
|
||
kind: ClusterIssuer
|
||
metadata:
|
||
name: letsencrypt-dns-issuer
|
||
spec:
|
||
acme:
|
||
server: https://acme-v02.api.letsencrypt.org/directory
|
||
<span style="color:#8f5902;font-style:italic"># This will register an issuer with LetsEncrypt. Replace</span>
|
||
<span style="color:#8f5902;font-style:italic"># with your admin email address.</span>
|
||
email: myemail@gmail.com
|
||
privateKeySecretRef:
|
||
<span style="color:#8f5902;font-style:italic"># Set privateKeySecretRef to any unused secret name.</span>
|
||
name: letsencrypt-dns-issuer
|
||
solvers:
|
||
- dns01:
|
||
clouddns:
|
||
<span style="color:#8f5902;font-style:italic"># Set this to your GCP project-id</span>
|
||
project: <span style="color:#000">$PROJECT_ID</span>
|
||
<span style="color:#8f5902;font-style:italic"># Set this to the secret that we publish our service account key</span>
|
||
<span style="color:#8f5902;font-style:italic"># in the previous step.</span>
|
||
serviceAccountSecretRef:
|
||
name: cloud-dns-key
|
||
key: key.json
|
||
</code></pre></div></li>
|
||
</ul>
|
||
<h4 id="clusterissuer-for-http-01-challenge">ClusterIssuer for HTTP-01 challenge</h4>
|
||
<p>Run the following command to apply the ClusterIssuer for HTT01 challenge:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl apply -f - <span style="color:#4e9a06">&lt;&lt;EOF
|
||
</span><span style="color:#4e9a06">apiVersion: cert-manager.io/v1alpha2
|
||
</span><span style="color:#4e9a06">kind: ClusterIssuer
|
||
</span><span style="color:#4e9a06">metadata:
|
||
</span><span style="color:#4e9a06"> name: letsencrypt-http01-issuer
|
||
</span><span style="color:#4e9a06">spec:
|
||
</span><span style="color:#4e9a06"> acme:
|
||
</span><span style="color:#4e9a06"> privateKeySecretRef:
|
||
</span><span style="color:#4e9a06"> name: letsencrypt
|
||
</span><span style="color:#4e9a06"> server: https://acme-v02.api.letsencrypt.org/directory
|
||
</span><span style="color:#4e9a06"> solvers:
|
||
</span><span style="color:#4e9a06"> - http01:
|
||
</span><span style="color:#4e9a06"> ingress:
|
||
</span><span style="color:#4e9a06"> class: istio
|
||
</span><span style="color:#4e9a06">EOF</span>
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Ensure that the ClusterIssuer is created successfully:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get clusterissuer &lt;cluster-issuer-name&gt; --output yaml
|
||
</code></pre></div><p>Result: The <code>Status.Conditions</code> should include <code>Ready=True</code>.</p>
|
||
</li>
|
||
</ol>
|
||
<h3 id="dns-01-challenge-only-configure-your-dns-provider">DNS-01 challenge only: Configure your DNS provider</h3>
|
||
<p>If you choose to use DNS-01 challenge, configure which DNS provider is used to
|
||
validate the DNS-01 challenge requests.</p>
|
||
<p>Instructions about configuring cert-manager, for all the supported DNS
|
||
providers, are provided in
|
||
<a href="https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers">DNS01 challenge providers and configuration instructions</a>.</p>
|
||
<p>Example:</p>
|
||
<p>See how the Google Cloud DNS is defined as the provider:
|
||
<a href="../using-cert-manager-on-gcp#creating-a-service-account-and-using-a-kubernetes-secret">Configuring HTTPS with cert-manager and Google Cloud DNS</a></p>
|
||
<h3 id="install-networking-certmanager-deployment">Install networking-certmanager deployment</h3>
|
||
<ol>
|
||
<li>
|
||
<p>Determine if <code>networking-certmanager</code> is already installed by running the
|
||
following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get deployment networking-certmanager -n knative-serving
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>If <code>networking-certmanager</code> is not found, run the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl apply --filename https://github.com/knative/net-certmanager/releases/download/v0.22.0/release.yaml
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<h3 id="install-networking-ns-cert-component">Install networking-ns-cert component</h3>
|
||
<p>If you choose to use the mode of provisioning certificate per namespace, you need to install <code>networking-ns-cert</code> components.</p>
|
||
<p><strong>IMPORTANT:</strong> Provisioning a certificate per namespace only works with DNS-01
|
||
challenge. This component cannot be used with HTTP-01 challenge.</p>
|
||
<ol>
|
||
<li>
|
||
<p>Determine if <code>networking-ns-cert</code> deployment is already installed by
|
||
running the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get deployment networking-ns-cert -n knative-serving
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>If <code>networking-ns-cert</code> deployment is not found, run the following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl apply --filename https://github.com/knative/serving/releases/download/v0.22.0/serving-nscert.yaml
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<h3 id="configure-config-certmanager-configmap">Configure config-certmanager ConfigMap</h3>
|
||
<p>Update your <a href="https://github.com/knative-sandbox/net-certmanager/blob/main/config/config.yaml"><code>config-certmanager</code> ConfigMap</a>
|
||
in the <code>knative-serving</code> namespace to reference your new <code>ClusterIssuer</code>.</p>
|
||
<ol>
|
||
<li>
|
||
<p>Run the following command to edit your <code>config-certmanager</code> ConfigMap:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl edit configmap config-certmanager --namespace knative-serving
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Add the <code>issuerRef</code> within the <code>data</code> section:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">...
|
||
data:
|
||
...
|
||
issuerRef: <span style="color:#000;font-weight:bold">|</span>
|
||
kind: ClusterIssuer
|
||
name: letsencrypt-issuer
|
||
</code></pre></div><p>Example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">apiVersion: v1
|
||
kind: ConfigMap
|
||
metadata:
|
||
name: config-certmanager
|
||
namespace: knative-serving
|
||
labels:
|
||
networking.knative.dev/certificate-provider: cert-manager
|
||
data:
|
||
issuerRef: <span style="color:#000;font-weight:bold">|</span>
|
||
kind: ClusterIssuer
|
||
name: letsencrypt-http01-issuer
|
||
</code></pre></div><p><code>issueRef</code> defines which <code>ClusterIssuer</code> will be used by Knative to issue
|
||
certificates.</p>
|
||
</li>
|
||
<li>
|
||
<p>Ensure that the file was updated successfully:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get configmap config-certmanager --namespace knative-serving --output yaml
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<h3 id="turn-on-auto-tls">Turn on Auto TLS</h3>
|
||
<p>Update the
|
||
<a href="https://github.com/knative/serving/blob/main/config/core/configmaps/network.yaml"><code>config-network</code> ConfigMap</a>
|
||
in the <code>knative-serving</code> namespace to enable <code>autoTLS</code>and specify how HTTP
|
||
requests are handled:</p>
|
||
<ol>
|
||
<li>
|
||
<p>Run the following command to edit your <code>config-network</code> ConfigMap:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl edit configmap config-network --namespace knative-serving
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Add the <code>autoTLS: Enabled</code> attribute under the <code>data</code> section:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">...
|
||
data:
|
||
...
|
||
autoTLS: Enabled
|
||
...
|
||
</code></pre></div><p>Example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">apiVersion: v1
|
||
kind: ConfigMap
|
||
metadata:
|
||
name: config-network
|
||
namespace: knative-serving
|
||
data:
|
||
...
|
||
autoTLS: Enabled
|
||
...
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>Configure how HTTP and HTTPS requests are handled in the
|
||
<a href="https://github.com/knative/serving/blob/main/config/core/configmaps/network.yaml#L109"><code>httpProtocol</code></a>
|
||
attribute.</p>
|
||
<p>By default, Knative ingress is configured to serve HTTP traffic
|
||
(<code>httpProtocol: Enabled</code>). Now that your cluster is configured to use TLS
|
||
certificates and handle HTTPS traffic, you can specify whether or not any
|
||
HTTP traffic is allowed.</p>
|
||
<p>Supported <code>httpProtocol</code> values:</p>
|
||
<ul>
|
||
<li><code>Enabled</code>: Serve HTTP traffic.</li>
|
||
<li><code>Disabled</code>: Rejects all HTTP traffic.</li>
|
||
<li><code>Redirected</code>: Responds to HTTP request with a <code>302</code> redirect to ask the
|
||
clients to use HTTPS.</li>
|
||
</ul>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">...
|
||
data:
|
||
...
|
||
autoTLS: Enabled
|
||
...
|
||
</code></pre></div><p>Example:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">apiVersion: v1
|
||
kind: ConfigMap
|
||
metadata:
|
||
name: config-network
|
||
namespace: knative-serving
|
||
data:
|
||
...
|
||
autoTLS: Enabled
|
||
...
|
||
httpProtocol: Redirected
|
||
...
|
||
</code></pre></div><p><strong>Note:</strong>
|
||
When using HTTP-01 challenge, <code>httpProtocol</code> field has to be set to <code>Enabled</code> to make sure HTTP-01 challenge requests can be accepted by the cluster.</p>
|
||
</li>
|
||
<li>
|
||
<p>Ensure that the file was updated successfully:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get configmap config-network --namespace knative-serving --output yaml
|
||
</code></pre></div></li>
|
||
</ol>
|
||
<p>Congratulations! Knative is now configured to obtain and renew TLS certificates.
|
||
When your TLS certificate is active on your cluster, your Knative services will
|
||
be able to handle HTTPS traffic.</p>
|
||
<h3 id="verify-auto-tls">Verify Auto TLS</h3>
|
||
<ol>
|
||
<li>
|
||
<p>Run the following comand to create a Knative Service:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl apply -f https://raw.githubusercontent.com/knative/docs/main/docs/serving/autoscaling/autoscale-go/service.yaml
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>When the certificate is provisioned (which could take up to several minutes depending on
|
||
the challenge type), you should see something like:</p>
|
||
<pre><code>NAME URL LATESTCREATED LATESTREADY READY REASON
|
||
autoscale-go https://autoscale-go.default.{custom-domain} autoscale-go-6jf85 autoscale-go-6jf85 True
|
||
</code></pre><p>Note that the URL will be <strong>https</strong> in this case.</p>
|
||
</li>
|
||
</ol>
|
||
<h3 id="disable-auto-tls-per-service-or-route">Disable Auto TLS per service or route</h3>
|
||
<p>If you have Auto TLS enabled in your cluster, you can choose to disable Auto TLS for individual services or routes by adding the annotation <code>networking.knative.dev/disableAutoTLS: true</code>.</p>
|
||
<p>Using the previous <code>autoscale-go</code> example:</p>
|
||
<ol>
|
||
<li>Edit the service using <code>kubectl edit service.serving.knative.dev/autoscale-go -n default</code> and add the annotation:</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">serving.knative.dev/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">annotations</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">networking.knative.dev/disableAutoTLS</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;true&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">...</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><ol start="2">
|
||
<li>The service URL should now be <strong>http</strong>, indicating that AutoTLS is disabled:</li>
|
||
</ol>
|
||
<pre><code>NAME URL LATEST AGE CONDITIONS READY REASON
|
||
autoscale-go http://autoscale-go.default.1.arenault.dev autoscale-go-dd42t 8m17s 3 OK / 3 True
|
||
</code></pre>
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Exclude namespaces from the Knative webhook</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/webhook-customizations/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/webhook-customizations/</guid>
|
||
<description>
|
||
|
||
|
||
<p>The Knative webhook examines resources that are created, read, updated, or deleted. This includes system namespaces, which can cause issues during an upgrade if the webhook becomes non-responsive. Cluster administrators may want to disable the Knative webhook on system namespaces to prevent issues during upgrades.</p>
|
||
<p>You can configure the label <code>webhooks.knative.dev/exclude</code> to allow namespaces to bypass the Knative webhook.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Namespace</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">knative-dev</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">labels</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">webhooks.knative.dev/exclude</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;true&#34;</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div>
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Using ExternalDNS on Google Cloud Platform to automate DNS setup</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/using-external-dns-on-gcp/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/using-external-dns-on-gcp/</guid>
|
||
<description>
|
||
|
||
|
||
<p><a href="https://github.com/kubernetes-incubator/external-dns">ExternalDNS</a> is a tool
|
||
that synchronizes exposed Kubernetes Services and Ingresses with DNS providers.</p>
|
||
<p>This doc explains how to set up ExternalDNS within a Knative cluster using
|
||
<a href="https://cloud.google.com/dns/">Google Cloud DNS</a> to automate the process of
|
||
publishing the Knative domain.</p>
|
||
<h2 id="set-up-environtment-variables">Set up environtment variables</h2>
|
||
<p>Run the following command to configure the environment variables</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#204a87">export</span> <span style="color:#000">PROJECT_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span>&lt;your-google-cloud-project-name&gt;
|
||
|
||
<span style="color:#204a87">export</span> <span style="color:#000">CUSTOM_DOMAIN</span><span style="color:#ce5c00;font-weight:bold">=</span>&lt;your-custom-domain-used-in-knative&gt;
|
||
|
||
<span style="color:#204a87">export</span> <span style="color:#000">CLUSTER_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span>&lt;knative-cluster-name&gt;
|
||
|
||
<span style="color:#204a87">export</span> <span style="color:#000">CLUSTER_ZONE</span><span style="color:#ce5c00;font-weight:bold">=</span>&lt;knative-cluster-zone&gt;
|
||
</code></pre></div><h2 id="set-up-kubernetes-engine-cluster-with-clouddns-readwrite-permissions">Set up Kubernetes Engine cluster with CloudDNS read/write permissions</h2>
|
||
<p>There are two ways to set up a Kubernetes Engine cluster with CloudDNS
|
||
read/write permissions.</p>
|
||
<h3 id="cluster-with-cloud-dns-scope">Cluster with Cloud DNS scope</h3>
|
||
<p>You can create a GKE cluster with Cloud DNS scope by entering the following
|
||
command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud container clusters create <span style="color:#000">$CLUSTER_NAME</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --zone<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$CLUSTER_ZONE</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --cluster-version<span style="color:#ce5c00;font-weight:bold">=</span>latest <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --machine-type<span style="color:#ce5c00;font-weight:bold">=</span>n1-standard-4 <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --enable-autoscaling --min-nodes<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> --max-nodes<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">10</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --enable-autorepair <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --scopes<span style="color:#ce5c00;font-weight:bold">=</span>service-control,service-management,compute-rw,storage-ro,cloud-platform,logging-write,monitoring-write,pubsub,datastore,<span style="color:#4e9a06">&#34;https://www.googleapis.com/auth/ndev.clouddns.readwrite&#34;</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --num-nodes<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">3</span>
|
||
</code></pre></div><p>Note that by using this way, any pod within the cluster will have permissions to
|
||
read/write CloudDNS.</p>
|
||
<h3 id="cluster-with-cloud-dns-admin-service-account-credential">Cluster with Cloud DNS Admin Service Account credential</h3>
|
||
<ol>
|
||
<li>Create a GKE cluster without Cloud DNS scope by entering the following
|
||
command:</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud container clusters create <span style="color:#000">$CLUSTER_NAME</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --zone<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$CLUSTER_ZONE</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --cluster-version<span style="color:#ce5c00;font-weight:bold">=</span>latest <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --machine-type<span style="color:#ce5c00;font-weight:bold">=</span>n1-standard-4 <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --enable-autoscaling --min-nodes<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> --max-nodes<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">10</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --enable-autorepair <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --scopes<span style="color:#ce5c00;font-weight:bold">=</span>service-control,service-management,compute-rw,storage-ro,cloud-platform,logging-write,monitoring-write,pubsub,datastore <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --num-nodes<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">3</span>
|
||
</code></pre></div><ol start="2">
|
||
<li>Create a new service account for Cloud DNS admin role.</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Name of the service account you want to create.</span>
|
||
<span style="color:#204a87">export</span> <span style="color:#000">CLOUD_DNS_SA</span><span style="color:#ce5c00;font-weight:bold">=</span>cloud-dns-admin
|
||
|
||
gcloud --project <span style="color:#000">$PROJECT_NAME</span> iam service-accounts <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> create <span style="color:#000">$CLOUD_DNS_SA</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --display-name <span style="color:#4e9a06">&#34;Service Account to support ACME DNS-01 challenge.&#34;</span>
|
||
</code></pre></div><ol start="3">
|
||
<li>Bind the role <code>dns.admin</code> to the newly created service account.</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># Fully-qualified service account name also has project-id information.</span>
|
||
<span style="color:#204a87">export</span> <span style="color:#000">CLOUD_DNS_SA</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$CLOUD_DNS_SA</span>@<span style="color:#000">$PROJECT_NAME</span>.iam.gserviceaccount.com
|
||
|
||
gcloud projects add-iam-policy-binding <span style="color:#000">$PROJECT_NAME</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --member serviceAccount:<span style="color:#000">$CLOUD_DNS_SA</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --role roles/dns.admin
|
||
</code></pre></div><ol start="4">
|
||
<li>Download the secret key file for your service account.</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud iam service-accounts keys create ~/key.json <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --iam-account<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$CLOUD_DNS_SA</span>
|
||
</code></pre></div><ol start="5">
|
||
<li>Upload the service account credential to your cluster. This command uses the
|
||
secret name <code>cloud-dns-key</code>, but you can choose a different name.</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl create secret generic cloud-dns-key <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --from-file<span style="color:#ce5c00;font-weight:bold">=</span>key.json<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$HOME</span>/key.json
|
||
</code></pre></div><ol start="6">
|
||
<li>Delete the local secret</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">rm ~/key.json
|
||
</code></pre></div><p>Now your cluster has the credential of your CloudDNS admin service account. And
|
||
it can be used to access your Cloud DNS. You can enforce the access of the
|
||
credentail secret within your cluster, so that only the pods that have the
|
||
permission to get the credential secret can access your Cloud DNS.</p>
|
||
<h2 id="set-up-knative">Set up Knative</h2>
|
||
<ol>
|
||
<li>Follow the <a href="../../install/index.html">instruction</a> to install Knative on your
|
||
cluster.</li>
|
||
<li>Configure Knative to use your custom domain.</li>
|
||
</ol>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl edit cm config-domain --namespace knative-serving
|
||
</code></pre></div><p>This command opens your default text editor and allows you to edit the config
|
||
map.</p>
|
||
<pre><code>apiVersion: v1
|
||
data:
|
||
example.com: &quot;&quot;
|
||
kind: ConfigMap
|
||
[...]
|
||
</code></pre><p>Edit the file to replace <code>example.com</code> with your custom domain (the value of
|
||
<code>$CUSTOM_DOMAIN</code>) and save your changes. In this example, we use domain
|
||
<code>external-dns-test.my-org.do</code> for all routes:</p>
|
||
<pre><code>apiVersion: v1
|
||
data:
|
||
external-dns-test.my-org.do: &quot;&quot;
|
||
kind: ConfigMap
|
||
[...]
|
||
</code></pre><h2 id="set-up-externaldns">Set up ExternalDNS</h2>
|
||
<p>This guide uses Google Cloud Platform as an example to show how to set up
|
||
ExternalDNS. You can find detailed instructions for other cloud providers in the
|
||
<a href="https://github.com/kubernetes-incubator/external-dns#deploying-to-a-cluster">ExternalDNS documentation</a>.</p>
|
||
<h3 id="create-a-dns-zone-for-managing-dns-records">Create a DNS zone for managing DNS records</h3>
|
||
<p>Skip this step if you already have a zone for managing the DNS records of your
|
||
custom domain.</p>
|
||
<p>A DNS zone which will contain the managed DNS records needs to be created.</p>
|
||
<p>Use the following command to create a DNS zone with
|
||
<a href="https://cloud.google.com/dns/">Google Cloud DNS</a>:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#204a87">export</span> <span style="color:#000">DNS_ZONE_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span>&lt;dns-zone-name&gt;
|
||
|
||
gcloud dns managed-zones create <span style="color:#000">$DNS_ZONE_NAME</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --dns-name <span style="color:#000">$CUSTOM_DOMAIN</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --description <span style="color:#4e9a06">&#34;Automatically managed zone by kubernetes.io/external-dns&#34;</span>
|
||
</code></pre></div><p>Make a note of the nameservers that were assigned to your new zone.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud dns record-sets list <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --zone <span style="color:#000">$DNS_ZONE_NAME</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --name <span style="color:#000">$CUSTOM_DOMAIN</span> <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --type NS
|
||
</code></pre></div><p>You should see output similar to the following assuming your custom domain is
|
||
<code>external-dns-test.my-org.do</code>:</p>
|
||
<pre><code>NAME TYPE TTL DATA
|
||
external-dns-test.my-org.do. NS 21600 ns-cloud-e1.googledomains.com.,ns-cloud-e2.googledomains.com.,ns-cloud-e3.googledomains.com.,ns-cloud-e4.googledomains.com.
|
||
</code></pre><p>In this case, the DNS nameservers are <code>ns-cloud-{e1-e4}.googledomains.com</code>.
|
||
Yours could differ slightly, e.g. {a1-a4}, {b1-b4} etc.</p>
|
||
<p>If this zone has the parent zone, you need to add NS records of this zone into
|
||
the parent zone so that this zone can be found from the parent. Assuming the
|
||
parent zone is <code>my-org-do</code> and the parent domain is <code>my-org.do</code>, and the parent
|
||
zone is also hosted at Google Cloud DNS, you can follow these steps to add the
|
||
NS records of this zone into the parent zone:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud dns record-sets transaction start --zone <span style="color:#4e9a06">&#34;my-org-do&#34;</span>
|
||
gcloud dns record-sets transaction add ns-cloud-e<span style="color:#ce5c00;font-weight:bold">{</span>1..4<span style="color:#ce5c00;font-weight:bold">}</span>.googledomains.com. <span style="color:#4e9a06">\
|
||
</span><span style="color:#4e9a06"></span> --name <span style="color:#4e9a06">&#34;external-dns-test.my-org.do.&#34;</span> --ttl <span style="color:#0000cf;font-weight:bold">300</span> --type NS --zone <span style="color:#4e9a06">&#34;my-org-do&#34;</span>
|
||
gcloud dns record-sets transaction execute --zone <span style="color:#4e9a06">&#34;my-org-do&#34;</span>
|
||
</code></pre></div><h3 id="deploy-externaldns">Deploy ExternalDNS</h3>
|
||
<p>Firstly, choose the manifest of ExternalDNS.</p>
|
||
<p>Use below manifest if you set up your cluster with
|
||
<a href="#cluster-with-cloud-dns-scope">CloudDNS scope</a>.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ServiceAccount</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">---</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">rbac.authorization.k8s.io/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ClusterRole</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">rules</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">apiGroups</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">resources</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;services&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">verbs</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;get&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;watch&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;list&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">apiGroups</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">resources</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;pods&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">verbs</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;get&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;watch&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;list&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">apiGroups</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;extensions&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">resources</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;ingresses&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">verbs</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;get&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;watch&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;list&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">apiGroups</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">resources</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;nodes&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">verbs</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;list&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">---</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">rbac.authorization.k8s.io/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ClusterRoleBinding</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns-viewer</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">roleRef</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">apiGroup</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">rbac.authorization.k8s.io</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ClusterRole</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">subjects</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ServiceAccount</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">default</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">---</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">extensions/v1beta1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Deployment</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">strategy</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Recreate</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">labels</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">app</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">serviceAccountName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">containers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">image</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">registry.opensource.zalan.do/teapot/external-dns:latest</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">args</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">source=service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">domain-filter=$CUSTOM_DOMAIN</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">provider=google</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">google-project=$PROJECT_NAME</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Use this to specify a project different from the one external-dns is running inside</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">policy=sync</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># would prevent ExternalDNS from deleting any records, omit to enable full synchronization</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">registry=txt</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">txt-owner-id=my-identifier</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>Or use below manifest if you set up your cluster with
|
||
<a href="#cluster-with-cloud-dns-admin-service-account-credential">CloudDNS service account credential</a>.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ServiceAccount</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">---</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">rbac.authorization.k8s.io/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ClusterRole</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">rules</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">apiGroups</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">resources</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;services&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">verbs</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;get&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;watch&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;list&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">apiGroups</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">resources</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;pods,secrets&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">verbs</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;get&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;watch&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;list&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">apiGroups</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;extensions&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">resources</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;ingresses&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">verbs</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;get&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;watch&#34;</span><span style="color:#000;font-weight:bold">,</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;list&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">apiGroups</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">resources</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;nodes&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">verbs</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#4e9a06">&#34;list&#34;</span><span style="color:#000;font-weight:bold">]</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">---</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">rbac.authorization.k8s.io/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ClusterRoleBinding</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns-viewer</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">roleRef</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">apiGroup</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">rbac.authorization.k8s.io</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ClusterRole</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">subjects</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ServiceAccount</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">default</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#000">---</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">extensions/v1beta1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Deployment</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">strategy</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Recreate</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">labels</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">app</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">volumes</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">google-cloud-key</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">secret</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">secretName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">cloud-dns-key</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">serviceAccountName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">containers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">external-dns</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">image</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">registry.opensource.zalan.do/teapot/external-dns:latest</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">volumeMounts</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">google-cloud-key</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">mountPath</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">/var/secrets/google</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">env</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">GOOGLE_APPLICATION_CREDENTIALS</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">/var/secrets/google/key.json</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">args</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">source=service</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">domain-filter=$CUSTOM_DOMAIN</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">provider=google</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">google-project=$PROJECT_NAME</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># Use this to specify a project different from the one external-dns is running inside</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">policy=sync</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># would prevent ExternalDNS from deleting any records, omit to enable full synchronization</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">registry=txt</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">txt-owner-id=my-identifier</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><p>Then use the following command to apply the manifest you chose to install
|
||
ExternalDNS</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">cat <span style="color:#4e9a06">&lt;&lt;EOF | kubectl apply --filename -
|
||
</span><span style="color:#4e9a06">&lt;your-chosen-manifest&gt;
|
||
</span><span style="color:#4e9a06">EOF</span>
|
||
</code></pre></div><p>You should see ExternalDNS is installed by running:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">kubectl get deployment external-dns
|
||
</code></pre></div><h3 id="configuring-knative-gateway-service">Configuring Knative Gateway service</h3>
|
||
<p>In order to publish the Knative Gateway service, the annotation
|
||
<code>external-dns.alpha.kubernetes.io/hostname: '*.$CUSTOM_DOMAIN</code> needs to be added
|
||
into Knative gateway service:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">INGRESSGATEWAY</span><span style="color:#ce5c00;font-weight:bold">=</span>istio-ingressgateway
|
||
|
||
kubectl edit svc <span style="color:#000">$INGRESSGATEWAY</span> --namespace istio-system
|
||
</code></pre></div><p>This command opens your default text editor and allows you to add the annotation
|
||
to <code>istio-ingressgateway</code> service. After you&rsquo;ve added your annotation, your
|
||
file may look similar to this (assuming your custom domain is
|
||
<code>external-dns-test.my-org.do</code>):</p>
|
||
<pre><code>apiVersion: v1
|
||
kind: Service
|
||
metadata:
|
||
annotations:
|
||
external-dns.alpha.kubernetes.io/hostname: '*.external-dns-test.my-org.do'
|
||
...
|
||
</code></pre><h3 id="verify-externaldns-works">Verify ExternalDNS works</h3>
|
||
<p>After roughly two minutes, check that a corresponding DNS record for your
|
||
service was created.</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud dns record-sets list --zone <span style="color:#000">$DNS_ZONE_NAME</span> --name <span style="color:#4e9a06">&#34;*.</span><span style="color:#000">$CUSTOM_DOMAIN</span><span style="color:#4e9a06">.&#34;</span>
|
||
</code></pre></div><p>You should see output similar to:</p>
|
||
<pre><code>NAME TYPE TTL DATA
|
||
*.external-dns-test.my-org.do. A 300 35.231.248.30
|
||
*.external-dns-test.my-org.do. TXT 300 &quot;heritage=external-dns,external-dns/owner=my-identifier,external-dns/resource=service/istio-system/istio-ingressgateway&quot;
|
||
</code></pre><h3 id="verify-domain-has-been-published">Verify domain has been published</h3>
|
||
<p>You can check if the domain has been published to the Internet be entering the
|
||
following command:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">host test.external-dns-test.my-org.do
|
||
</code></pre></div><p>You should see the below result after the domain is published:</p>
|
||
<pre><code>test.external-dns-test.my-org.do has address 35.231.248.30
|
||
</code></pre><blockquote>
|
||
<p>Note: The process of publishing the domain to the Internet can take several
|
||
minutes.</p>
|
||
</blockquote>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Enabling tag to digest resolution</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/tag-resolution/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/tag-resolution/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Knative serving resolves image tags to a digest when you create a revision. This
|
||
gives knative revisions some very nice properties, e.g. your deployments will be
|
||
consistent, you don&rsquo;t have to worry about &ldquo;immutable tags&rdquo;, etc. For more info,
|
||
see
|
||
<a href="https://docs.google.com/presentation/d/e/2PACX-1vTgyp2lGDsLr_bohx3Ym_2mrTcMoFfzzd6jocUXdmWQFdXydltnraDMoLxvEe6WY9pNPpUUvM-geJ-g/pub">Why we resolve tags in Knative</a>.</p>
|
||
<p>Unfortunately, this means that the knative serving controller needs to be
|
||
configured to access your container registry.</p>
|
||
<h2 id="custom-certificates">Custom Certificates</h2>
|
||
<p>If you&rsquo;re using a registry that has a self-signed certificate, you&rsquo;ll need to
|
||
convince the serving controller to trust that certificate. We respect the
|
||
<a href="https://golang.org/pkg/crypto/x509/#pkg-overview"><code>SSL_CERT_FILE</code> and <code>SSL_CERT_DIR</code></a>
|
||
environment variables, so you can trust them by mounting the certificates into
|
||
the controller&rsquo;s deployment and setting the environment variable appropriately,
|
||
assuming you have a <code>custom-certs</code> secret containing your CA certs:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">apps/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Deployment</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controller</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">knative-serving</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">containers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controller</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">volumeMounts</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">custom-certs</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">mountPath</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">/path/to/custom/certs</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">env</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">SSL_CERT_DIR</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">/path/to/custom/certs</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">volumes</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">custom-certs</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">secret</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">secretName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">custom-certs</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="corporate-proxy">Corporate Proxy</h2>
|
||
<p>If you&rsquo;re behind a corporate proxy, you&rsquo;ll need to proxy the tag resolution
|
||
requests between the controller and your registry. We respect the
|
||
<a href="https://golang.org/pkg/net/http/#ProxyFromEnvironment"><code>HTTP_PROXY</code> and <code>HTTPS_PROXY</code></a>
|
||
environment variables, so you can configure the controller&rsquo;s deployment via:</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">apps/v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Deployment</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controller</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">knative-serving</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">containers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controller</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">env</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">HTTP_PROXY</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">http://proxy.example.com</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">HTTPS_PROXY</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">https://proxy.example.com</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div><h2 id="skipping-tag-resolution">Skipping tag resolution</h2>
|
||
<p>If this all seems like too much trouble, you can configure serving to skip tag
|
||
resolution via the <code>registriesSkippingTagResolving</code> configmap field:</p>
|
||
<pre><code>kubectl -n knative-serving edit configmap config-deployment
|
||
</code></pre><p>E.g., to disable tag resolution for <code>registry.example.com</code> (note: This is not a complete configmap, it is a snippet showing registriesSkippingTagResolving):</p>
|
||
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ConfigMap</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">config-deployment</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">knative-serving</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">data</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># List of repositories for which tag to digest resolving should be skipped</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">registriesSkippingTagResolving</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">registry.example.com</span><span style="color:#f8f8f8;text-decoration:underline">
|
||
</span></code></pre></div>
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: Knative Serving code samples</title>
|
||
<link>https://knative.dev/v0.22-docs/serving/samples/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/samples/</guid>
|
||
<description>
|
||
|
||
|
||
<p>Use the following code samples to help you understand the various Knative
|
||
Serving resources and how they can be applied across common use cases.
|
||
<a href="../index.html">Learn more about Knative Serving resources</a>.</p>
|
||
<p><a href="../../samples"><strong>See all Knative code samples</strong></a></p>
|
||
<table>
|
||
<thead>
|
||
<tr>
|
||
<th>Name</th>
|
||
<th>Description</th>
|
||
<th style="text-align:center">Languages</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td>Hello World</td>
|
||
<td>A quick introduction that highlights how to deploy an app using Knative Serving.</td>
|
||
<td style="text-align:center"><a href="./hello-world/helloworld-csharp/index.html">C#</a>, <a href="./hello-world/helloworld-go/index.html">Go</a>, <a href="./hello-world/helloworld-java-spark/index.html">Java (Spark)</a>, <a href="./hello-world/helloworld-java-spring/index.html">Java (Spring)</a>, <a href="./hello-world/helloworld-kotlin/index.html">Kotlin</a>, <a href="./hello-world/helloworld-nodejs/index.html">Node.js</a>, <a href="./hello-world/helloworld-php/index.html">PHP</a>, <a href="./hello-world/helloworld-python/index.html">Python</a>, <a href="./hello-world/helloworld-ruby/index.html">Ruby</a>, <a href="./hello-world/helloworld-scala/index.html">Scala</a>, <a href="./hello-world/helloworld-shell/index.html">Shell</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>Cloud Events</td>
|
||
<td>A quick introduction that highlights how to send and receive Cloud Events.</td>
|
||
<td style="text-align:center"><a href="./cloudevents/cloudevents-dotnet/index.html">C#</a>, <a href="./cloudevents/cloudevents-go/index.html">Go</a>, <a href="./cloudevents/cloudevents-nodejs/index.html">Node.js</a>, <a href="./cloudevents/cloudevents-rust/index.html">Rust</a>, <a href="./cloudevents/cloudevents-vertx/index.html">Java (Vert.x)</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>Advanced Deployment</td>
|
||
<td>Simple blue/green-like application deployment pattern illustrating the process of updating a live application without dropping any traffic.</td>
|
||
<td style="text-align:center"><a href="./blue-green-deployment">YAML</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>Autoscale</td>
|
||
<td>A demonstration of the autoscaling capabilities of Knative.</td>
|
||
<td style="text-align:center"><a href="../autoscaling/autoscale-go/index.html">Go</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>Github Webhook</td>
|
||
<td>A simple webhook handler that demonstrates interacting with Github.</td>
|
||
<td style="text-align:center"><a href="./gitwebhook-go/index.html">Go</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>gRPC</td>
|
||
<td>A simple gRPC server.</td>
|
||
<td style="text-align:center"><a href="./grpc-ping-go/index.html">Go</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>Knative Routing</td>
|
||
<td>An example of mapping multiple Knative services to different paths under a single domain name using the Istio VirtualService concept.</td>
|
||
<td style="text-align:center"><a href="./knative-routing-go/index.html">Go</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>Knative Secrets</td>
|
||
<td>A simple app that demonstrates how to use a Kubernetes secret as a Volume in Knative.</td>
|
||
<td style="text-align:center"><a href="./secrets-go/index.html">Go</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>REST API</td>
|
||
<td>A simple Restful service that exposes an endpoint defined by an environment variable described in the Knative Configuration.</td>
|
||
<td style="text-align:center"><a href="./rest-api-go/index.html">Go</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>Traffic Splitting</td>
|
||
<td>This samples builds off the <a href="./rest-api-go">Creating a RESTful Service</a> sample to illustrate applying a revision, then using that revision for manual traffic splitting.</td>
|
||
<td style="text-align:center"><a href="./traffic-splitting/index.html">YAML</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td>Multi Container</td>
|
||
<td>A quick introduction that highlights how to build and deploy an app using Knative Serving for multiple containers.</td>
|
||
<td style="text-align:center"><a href="./multi-container/index.html">Go</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
<item>
|
||
<title>V0.22-Docs: </title>
|
||
<link>https://knative.dev/v0.22-docs/serving/spec/knative-api-specification-1.0/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
|
||
<guid>https://knative.dev/v0.22-docs/serving/spec/knative-api-specification-1.0/</guid>
|
||
<description>
|
||
|
||
|
||
<h1 id="knative-serving-api-specification">Knative Serving API Specification</h1>
|
||
<p>This file has been moved to the <a href="https://github.com/knative/specs/blob/main/specs/serving/knative-api-specification-1.0.md">Knative Specs Repository</a></p>
|
||
|
||
</description>
|
||
</item>
|
||
|
||
</channel>
|
||
</rss>
|