This document describes the spec sub-fields of the
KnativeServing and
KnativeEventing custom resources. A Knative
installation is configured using these sub-fields.
The kubectl explain command shows short descriptions of the custom resource
fields installed on your cluster:
kubectl explain KnativeServing.spec
kubectl explain KnativeEventing.spec
If the output of those commands differs from this doc, you may need to upgrade your operator.
These are the configurable fields in each resource:
- KnativeServing
- KnativeEventing
This is a "map of maps". The top-level keys correspond to the names of the
Knative ConfigMaps, and the operator will ensure their values replace the
entries in the data field of the actual ConfigMap. This provides a central
place to manage all your Knative configuration, without having to update
multiple ConfigMaps.
If the name of the ConfigMap you wish to override begins with config- (the
Knative convention), that prefix may be omitted in the top-level key name.
An example should help clarify. The following spec will cause the operator to
update the config-defaults, config-observability and config-autoscaler
ConfigMaps in the knative namespace with the values you see below:
metadata:
namespace: knative
spec:
config:
defaults:
revision-timeout-seconds: "300" # 5 minutes
observability:
metrics.backend-destination: prometheus
autoscaler:
stable-window: "60s"
container-concurrency-target-default: '100'
This field provides the ability to replace the images in the knative deployment
container specs via three optional sub-fields: override, default, and
imagePullSecrets.
The optional override field is a mapping of container names to docker image
names.
If the container name is not unique across all of the deployments, daemonsets
and jobs, you can prefix the container name with the "parent's" name and a
slash, e.g. deployment/container.
Because some container specs map environment variables to image names, those are
permitted as keys in the override map as well.
The following example overrides only the autoscaler container, the
controller container in the broker deployment spec, and the value of the
DISPATCHER_IMAGE env var.
spec:
registry:
override:
autoscaler: docker.io/my-org/autoscaler:v0.13.0
broker/controller: docker.io/my-org/broker-controller:v0.13.0
DISPATCHER_IMAGE: docker.io/my-org/dispatcher:v0.13.0
The default field enables you to override all the knative container images
with minimal configuration. Its value is essentially a pattern, matching all (or
most) of the image names, with the placeholder ${NAME} representing the
container's name. For example,
spec:
registry:
default: docker.io/my-org/knative-${NAME}:v1.0.0
The operator will replace all image names with this value, after replacing
${NAME} with the container's actual name.
Of course, for any images that don't match the pattern, you'll need to provide
entries in the override field.
For example, if the name of the autoscaler-hpa image is different than all the
others, for whatever reason, you might have this:
spec:
registry:
default: docker.io/my-org/knative-serving-${NAME}:v1.0.0
override:
autoscaler-hpa: docker.io/my-org/ks-hpa:v1.0.1
This field is a list of Secret names required when pulling your container
images. You must create the secrets in the same namespace as the knative
resources.
Once created, simply refer to them in your spec:
spec:
registry:
default: docker.io/my-org/knative-${NAME}:v1.0.0
imagePullSecrets:
- name: my-org-secret
To enable tag-to-digest resolution, the Knative Serving controller needs to access the container registry, and if your registry uses a self-signed cert, you'll need to convince the controller to trust it.
The operator encapsulates
these steps to enable tag-to-digest resolution.
All you have to do is create the ConfigMap or Secret and the operator
configures the serving controller for you.
These sub-fields are required:
name: the name of the ConfigMap or Secret.type: either the string "ConfigMap" or "Secret".
Your ConfigMap or Secret must reside in the same namespace as your knative
resources.
For example, this spec will trigger the operator to create and mount a volume
containing the certificate in the controller and set the required environment
variable properly, assuming that certificate is in a ConfigMap named certs
in the knative-serving namespace.
metadata:
name: knative-serving
namespace: knative-serving
spec:
controller-custom-certs:
name: certs
type: ConfigMap
If you desire to
set up a custom ingress gateway,
you can accomplish steps 2 and 3 in that doc with the following config of the
KnativeServing instance:
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
knative-ingress-gateway:
selector:
custom: ingressgateway
config:
istio:
gateway.knative-serving.knative-ingress-gateway: "custom-ingressgateway.istio-system.svc.cluster.local"
This field enables you to use a custom local gateway with a name other than
cluster-local-gateway
This example shows a service and deployment custom-local-gateway in the
namespace istio-system, with the label custom: custom-local-gw:
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
cluster-local-gateway:
selector:
custom: custom-local-gateway
config:
istio:
local-gateway.knative-serving.cluster-local-gateway: "custom-local-gateway.istio-system.svc.cluster.local"
By default, Knative Serving runs a single instance of each controller. This
field allows you to configure the number of replicas for the following
leader-elected controllers: controller, autoscaler-hpa, and
networking-istio, as well as the HorizontalPodAutoscaler resources for the
data plane (activator):
The following configuration specifies a replica count of 3 for the controllers and a minimum of 3 activators (which may scale higher if needed):
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
high-availability:
replicas: 3
This field enables you to override the default resource settings for the knative containers. It essentially maps container names to Kubernetes resource settings.
The following example configures both the activator and autoscaler to
request 0.3 CPU and 100MB of RAM, and sets hard limits of 1 CPU, 250MB RAM, and
4GB of local storage:
spec:
resources:
- container: activator
requests:
cpu: 300m
memory: 100Mi
limits:
cpu: 1000m
memory: 250Mi
ephemeral-storage: 4Gi
- container: autoscaler
requests:
cpu: 300m
memory: 100Mi
limits:
cpu: 1000m
memory: 250Mi
ephemeral-storage: 4Gi
Knative Eventing allows you to define a default broker class when the user does
not specify one. The operator ships with two broker classes:
ChannelBasedBroker and MTChannelBasedBroker. This field indicates which one
to use, defaulting to ChannelBasedBroker if not set.
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeEventing
metadata:
name: knative-eventing
namespace: knative-eventing
spec:
defaultBrokerClass: MTChannelBasedBroker
Specifies the NamespaceSelector and ObjectSelector for the sinkbinding webhook.
If inclusion is selected, namespaces/objects labelled as
bindings.knative.dev/include:true will be considered by the sinkbinding
webhook. If exclusion is selected, namespaces/objects labelled as
bindings.knative.dev/exclude:true will NOT be considered by the sinkbinding
webhook. The default is exclusion.
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeEventing
metadata:
name: knative-eventing
namespace: knative-eventing
spec:
sinkBindingSelectionMode: exclusion