A Carvel package for Knative Serving, a solution built on Kubernetes to support deploying and serving of applications and functions as serverless containers.
-
Kubernetes 1.29+
-
Carvel
kctrl
CLI. -
Carvel kapp-controller deployed in your Kubernetes cluster. You can install it with Carvel
kapp
(recommended choice) orkubectl
.kapp deploy -a kapp-controller -y \ -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml
Knative Serving requires cert-manager and the Contour ingress controller. You can install them from the Kadras package repository.
Add the Kadras package repository to your Kubernetes cluster:
kctrl package repository add -r kadras-packages \
--url ghcr.io/kadras-io/kadras-packages \
-n kadras-system --create-namespace
Installation without package repository
The recommended way of installing the Knative Serving package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly usingkapp
or kubectl
.
kubectl create namespace kadras-system
kapp deploy -a knative-serving-package -n kadras-system -y \
-f https://github.com/kadras-io/package-for-knative-serving/releases/latest/download/metadata.yml \
-f https://github.com/kadras-io/package-for-knative-serving/releases/latest/download/package.yml
Install the Knative Serving package:
kctrl package install -i knative-serving \
-p knative-serving.packages.kadras.io \
-v ${VERSION} \
-n kadras-system
Note You can find the
${VERSION}
value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.kctrl package available list -p knative-serving.packages.kadras.io -n kadras-system
Verify the installed packages and their status:
kctrl package installed list -n kadras-system
Documentation, tutorials and examples for this package are available in the docs folder. For documentation specific to Knative Serving, check out knative.dev.
The Knative Serving package can be customized via a values.yml
file.
domain_name: labs.thomasvitale.com
ingress_issuer: letsencrypt-issuer
Reference the values.yml
file from the kctrl
command when installing or upgrading the package.
kctrl package install -i knative-serving \
-p knative-serving.packages.kadras.io \
-v ${VERSION} \
-n kadras-system \
--values-file values.yml
The Knative Serving package has the following configurable properties.
Configurable properties
Config | Default | Description |
---|---|---|
ca_cert_data |
"" |
PEM-encoded certificate data to trust TLS connections with a custom CA. |
policies.include |
false |
Whether to include the out-of-the-box Kyverno policies to validate and secure the package installation. |
domain_name |
"" |
Domain name for Knative Services. It must be a valid DNS name. |
ingress_issuer |
"" |
A reference to the ClusterIssuer to use if you want to enable autoTLS. |
Settings for the Knative Serving workloads.
Config | Default | Description |
---|---|---|
workloads.activator.minReplicas |
1 |
The minimum number of replicas as controlled by a HorizontalPodAutoscaler. In order to enable high availability, it should be greater than 1. |
workloads.autoscaler.replicas |
1 |
The number of replicas for this Deployment. In order to enable high availability, it should be greater than 1. |
workloads.controller.replicas |
1 |
The number of replicas for this Deployment. In order to enable high availability, it should be greater than 1. |
workloads.webhook.minReplicas |
1 |
The minimum number of replicas as controlled by a HorizontalPodAutoscaler. In order to enable high availability, it should be greater than 1. |
Configuration stored in the config-deployment
ConfigMap.
Config | Default | Description |
---|---|---|
config.deployment.progress-deadline |
600s |
The duration to wait for the deployment to be ready before considering it failed. |
config.deployment.queue-sidecar-cpu-request |
25m |
The queue proxy's CPU request. If omitted, a default value (currently '25m'), is used. |
config.deployment.queue-sidecar-cpu-limit |
1000m |
The queue proxy's CPU limit. If omitted, a default value (currently 1000m ), is used when queueproxy.resource-defaults is set to Enabled . |
config.deployment.queue-sidecar-memory-request |
50Mi |
The queue proxy's memory request. If omitted, a default value (currently 400Mi ), is used when queueproxy.resource-defaults is set to Enabled . |
config.deployment.queue-sidecar-memory-limit |
200Mi |
The queue proxy's memory limit. If omitted, a default value (currently 800Mi ), is used when queueproxy.resource-defaults is set to Enabled . |
Configuration stored in the config-network
ConfigMap.
Config | Default | Description |
---|---|---|
config.network.namespace-wildcard-cert-selector |
"" |
A LabelSelector which determines which namespaces should have a wildcard certificate provisioned. |
config.network.domain-template |
{{.Name}}.{{.Namespace}}.{{.Domain}} |
The golang text template string to use when constructing the Knative Service's DNS name. |
config.network.http-protocol |
Redirected |
Controls the behavior of the HTTP endpoint for the Knative ingress. Enabled : The Knative ingress will be able to serve HTTP connection. Redirected : The Knative ingress will send a 301 redirect for all http connections, asking the clients to use HTTPS. |
config.network.default-external-scheme |
http |
Defines the scheme used for external URLs if autoTLS is not enabled. This can be used for making Knative report all URLs as https , for example, if you're fronting Knative with an external loadbalancer that deals with TLS termination and Knative doesn't know about that otherwise. |
config.network.rollout-duration |
0 |
The minimal duration in seconds over which the Configuration traffic targets are rolled out to the newest revision. |
Configuration stored in the config-tracing
ConfigMap.
Config | Default | Description |
---|---|---|
config.tracing.backend |
none |
The type of distributed tracing backend. Options: none , zipkin . |
config.tracing.zipkin-endpoint |
http://tempo.observability-system.svc.cluster.local:9411/api/v2/spans |
The Zipkin collector endpoint where traces are sent. |
config.tracing.debug |
false |
Enable the Zipkin debug mode. This allows all spans to be sent to the server bypassing sampling. |
config.tracing.sample-rate |
0.1 |
The percentage (0-1) of requests to trace. |
Settings for the Ingress controller.
Config | Default | Description |
---|---|---|
ingress.contour.default-tls-secret |
"" |
If auto-TLS is disabled, fallback to this certificate. An operator is required to setup a TLSCertificateDelegation for this Secret to be used. |
ingress.contour.external.namespace |
projectcontour |
The namespace where the external Ingress controller is installed. |
ingress.contour.internal.namespace |
projectcontour |
The namespace where the internal Ingress controller is installed. |
Settings for the corporate proxy.
Config | Default | Description |
---|---|---|
proxy.http_proxy |
"" |
The HTTP proxy to use for network traffic. |
proxy.https_proxy |
"" |
The HTTPS proxy to use for network traffic. |
proxy.no_proxy |
"" |
A comma-separated list of hostnames, IP addresses, or IP ranges in CIDR format that should not use a proxy. |
The security process for reporting vulnerabilities is described in SECURITY.md.
This project is licensed under the Apache License 2.0. See LICENSE for more information.
This package is inspired by the original Knative Serving package used in the Tanzu Community Edition project before its retirement.