The artifacts released by Knative serving and eventing consist of many Kubernetes resources, meaning there are combination many enough to configure Knative. The custom resources of Knative Operator enable different fields for configuration, but it is almost impossible for them to enable all the possible options. What if you want to configure something that the CRs of Knative operator do not support? Knative operator offers you an omnipotent way to manipulate the resources by supporting customized manifests. You can either overwrite all the resources or partially update or add some resources.

You can save the resources in a file of…

If you build your Kubernetes Operator with the Operator SDK, you do not need to worry about all the processes, from scaffolding your source code and manifests, to building and publishing your images and artifacts. However, if your operator is not written or generated by the Operator SDK at the beginning, but still plan to build and publish your operator in the Red Hat marketplace, including but not limited to it will certainly be a pain-in-the-ass. …

I give 100% credit to my friend and colleague Andrea Frittoli for sharing his experiences on Tekton with me. Without his guidance, I wouldn’t be able to write this tutorial. I was preparing a demo of Tekton Operator for the session Tekton's Hassle-free Journey with Tekton Operator at the in coming cdCon 2021. However, I ran into the issue of connecting github events to Tekton Trigger installed on Kubernetes service. Andrea’s expertise was like the a beam of light penetrating my darkest tunnel, guiding me through the path to the paradise of Tekton truth. …

After reading the instructions on how to create the conversion webhook and the validating webhook, there is no way for the mutating webhook to escape. The custom resource is the source of truth to configure the operand for the Kubernetes operator. Once we have got the content of the CR ready, it does not necessarily need to change. I have done some researches on the use cases of the mutating webhook. The common one is to fill in the fields with the default values, if they are empty. I have not found any other proper use case. …

Kubernetes provides admission controllers for users to leverage the security capabilities. Kubernetes admission controllers are plugins that govern and enforce how the cluster is used. They are gatekeepers that intercept (authenticated) API requests and may change the request object or deny the request altogether. The admission control process has two phases: the mutating phase is executed first, followed by the validating phase as shown in the diagram:

We have done the official definition. Let’s get to the hard core. What you need to remember is that mutating webhooks are called in series, before the validating webhooks called in parallel. Kubernetes…

You must have searched online a lot of other materials to learn how to create the webhooks with operator-sdk before reading this article. It is lucky for you to find this one, because this article will guarantee you an error-free process, and you don’t even need to look for more.


Prepare your workstation:

  1. Build and install operator-sdk with the latest commit

I even doubt about the official releases. I download the the v1.4.2 version, and ran into many issues…

Continued with the previous episode, it is exciting start to install Knative with Knative operators, but it is more fun to configure Knative with the only source of truth: custom resources. We will dig into each Knative operand one-by-one.

Configure Knative Serving with Serving Operator:

You are able to configure Knative Serving with the following options:

  • All the ConfigMaps
  • Private repository and private secret
  • SSL certificate for controller
  • Knative ingress gateway
  • Cluster local gateway

Currently, Knative operators are NOT able to configure the following options for Knative:

  • The Kubernetes spec-level policies. We cannot specify where and how the resources are launched or retrieved. …

As of v0.10.0, Knative started to release Knative operators as powerful software to install, configure and manage Knative. If you have read some of my previous episodes, e.g. EP1, you probably have tried Knative installation on your Kubernetes cluster. In this tutorial, I will explain Knative operators as an alternative way to install and uninstall Knative.

There are two major components in Knative: Serving and Eventing, and there are two operators: Knative Serving Operator and Knative Eventing Operator, respectively dedicated to each of them. Please make sure you have set up a Kubernetes cluster accessible to your local workstation.


There are a thousand versions of operator upgrade in a thousand people’s heads, as there are a thousand Hamlets in a thousand people’s eyes. To keep everyone on the same, we will try to define the range of operator upgrade. Currently, Knative community has both serving-operator and eventing-operator up online. The serving-operator has conducted the first release and eventing-operator is on its way to the first release. The feature of upgrade will become handy in future after we ship multiple releases. We take the project knative serving-operator as the example in the following context.

One-on-one version mapping for operator:


In this episode, I will run a throughout comparison between controller-runtime and knative/pkg to see how it varies in terms of building Kubernetes operators.

1.Tools to automate the operator creation:

Controller-runtime based operator: there are several frameworks that can be used to facilitate the operator creation, including CR/CRD generation, RBAC generation, controller generation, etc.

You probably heard of multiple frameworks, but we suggest operator-sdk or kubebuilder. For tutorials on operator-sdk, you can visit: For tutorials on kubebuilder, you can visit:

Knative/pkg based operator: there is no framework available to generate everything, but as we introduced in previous episodes…

Vincent Hou

A Chinese software engineer, used to study in Belgium and currently working in US, as Knative & Tekton Operator Lead and Istio Operator Contributor.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store