Knative journey EP6: configure Knative with Operators

Continued with the previous episode, it is exciting start to install Knative with Knative operators, but it is more fun to configure Knative with the only source of truth: custom resources. We will dig into each Knative operand one-by-one.

Configure Knative Serving with Serving Operator:

You are able to configure Knative Serving with the following options:

  • Private repository and private secret
  • SSL certificate for controller
  • Knative ingress gateway
  • Cluster local gateway
  • High availability. We cannot specify the number of resources, Knative can scale up or down.
apiVersion: v1
kind: ConfigMap
metadata:
name: config-domain
namespace: knative-serving
data:
example.org: |
selector:

app: prod
example.com: ""
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
config:
domain:
example.org: |
selector:

app: prod
example.com: ""
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
config:
domain:
example.org: |
selector:
app: prod
example.com: ""
autoscaler:
stable-window: "60s"
  • override: this key expects a map of a container name or image name to the full image location of the individual Knative image on a one-on-one basis. We usually need to configure this section when we do not have a common format of the image link for the deployments or images. Usually this key is used alternatively with the previous key default.
  • imagePullSecrets: this key is used to define a list of secrets to be used when pulling the knative images. The secret must be created in the same namespace as the Knative Serving deployments. You do not need to define any secret here if your image is publicly available. Configuration of this field is equivalent to the configuration of deploying images from a private container registry.
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
default: docker.io/knative-images/${NAME}:v0.13.0
  • Image of autoscaler: docker.io/knative-images/autoscaler:v0.13.0.
  • Image of controller: docker.io/knative-images/controller:v0.13.0.
  • Image of webhook: docker.io/knative-images/webhook:v0.13.0.
  • Image of autoscaler-hpa: docker.io/knative-images/autoscaler-hpa:v0.13.0.
  • Image of networking-istio: docker.io/knative-images/networking-istio:v0.13.0.
  • Image of the cache image queue-proxy: docker.io/knative-images/queue-proxy:v0.13.0.
  • Image of autoscaler: docker.io/knative-images-repo2/autoscaler:v0.13.0.
  • Image of controller: docker.io/knative-images-repo3/controller:v0.13.0.
  • Image of webhook: docker.io/knative-images-repo4/webhook:v0.13.0.
  • Image of autoscaler-hpa: docker.io/knative-images-repo5/autoscaler-hpa:v0.13.0.
  • Image of networking-istio: docker.io/knative-images-repo6/prefix-networking-istio:v0.13.0.
  • Image of the cache image queue-proxy: docker.io/knative-images-repo7/queue-proxy-suffix:v0.13.0.
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
override:
activator: docker.io/knative-images-repo1/activator:v0.13.0
autoscaler: docker.io/knative-images-repo2/autoscaler:v0.13.0
controller: docker.io/knative-images-repo3/controller:v0.13.0
webhook: docker.io/knative-images-repo4/webhook:v0.13.0
autoscaler-hpa: docker.io/knative-images-repo5/autoscaler-hpa:v0.13.0
networking-istio: docker.io/knative-images-repo6/prefix-networking-istio:v0.13.0
queue-proxy: docker.io/knative-images-repo7/queue-proxy-suffix:v0.13.0
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
...
imagePullSecrets:
- name: regcred
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
...
imagePullSecrets:
- name: regcred
- name: regcred-2
  • type: the value for this field can be either ConfigMap or Secret, indicating the type for the name.
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
controller-custom-certs:
name: testCert
type: ConfigMap
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
knative-ingress-gateway:
selector:
custom: ingressgateway
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
knative-ingress-gateway:
selector:
custom: ingressgateway
config:
istio:
gateway.knative-serving.knative-ingress-gateway: "custom-ingressgateway.istio-system.svc.cluster.local"
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
cluster-local-gateway:
selector:
istio: cluster-local-gateway
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
cluster-local-gateway:
selector:
custom: custom-local-gateway

config:
istio:
local-gateway.knative-serving.cluster-local-gateway: "custom-local-gateway.istio-system.svc.cluster.local"

Configure Knative Eventing with Eventing Operator:

You are only able to configure Knative Eventing with the following options:

apiVersion: operator.knative.dev/v1alpha1
kind: KnativeEventing
metadata:
name: knative-eventing
namespace: knative-eventing
spec:
registry:
default: docker.io/knative-images/${NAME}:v0.13.0
  • Image of eventing-webhook: docker.io/knative-images/eventing-webhook:v0.13.0.
  • Image of imc-controller: docker.io/knative-images/imc-controller:v0.13.0.
  • Image of imc-dispatcher: docker.io/knative-images/imc-dispatcher:v0.13.0.
  • Image of broker-controller: docker.io/knative-images/broker-controller:v0.13.0.
  • Image of eventing-webhook: docker.io/knative-images-repo2/eventing-webhook:v0.13.0.
  • Image of imc-controller: docker.io/knative-images-repo3/imc-controller:v0.13.0.
  • Image of imc-dispatcher: docker.io/knative-images-repo4/imc-dispatcher:v0.13.0.
  • Image of broker-controller: docker.io/knative-images-repo5/broker-controller:v0.13.0.
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
spec:
registry:
override:
eventing-controller: docker.io/knative-images-repo1/eventing-controller:v0.13.0
eventing-webhook: docker.io/knative-images-repo2/eventing-webhook:v0.13.0
imc-controller: docker.io/knative-images-repo3/imc-controller:v0.13.0
imc-dispatcher:: docker.io/knative-images-repo4/imc-dispatcher::v0.13.0
broker-controller: docker.io/knative-images-repo5/broker-controller:v0.13.0
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeEventing
metadata:
name: knative-eventing
namespace: knative-eventing
spec:
registry:
...
imagePullSecrets:
- name: regcred
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeEventing
metadata:
name: knative-eventing
namespace: knative-eventing
spec:
registry:
...
imagePullSecrets:
- name: regcred
- name: regcred-2

A Chinese software engineer, used to study in Belgium and currently working in US, as Knative & Tekton Operator Lead and Istio Operator Contributor.