Skip to content

Kubernetes-native package for Knative Serving, a solution for deploying and serving of applications and functions as serverless containers.

License

Notifications You must be signed in to change notification settings

kadras-io/package-for-knative-serving

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

64 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Knative Serving

Test Workflow Release Workflow The SLSA Level 3 badge The Apache 2.0 license badge Follow us on Twitter

A Carvel package for Knative Serving, a solution built on Kubernetes to support deploying and serving of applications and functions as serverless containers.

๐Ÿš€ย  Getting Started

Prerequisites

  • Kubernetes 1.29+

  • Carvel kctrl CLI.

  • Carvel kapp-controller deployed in your Kubernetes cluster. You can install it with Carvel kapp (recommended choice) or kubectl.

    kapp deploy -a kapp-controller -y \
      -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml

Dependencies

Knative Serving requires cert-manager and the Contour ingress controller. You can install them from the Kadras package repository.

Installation

Add the Kadras package repository to your Kubernetes cluster:

kctrl package repository add -r kadras-packages \
  --url ghcr.io/kadras-io/kadras-packages \
  -n kadras-system --create-namespace
Installation without package repository The recommended way of installing the Knative Serving package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly using kapp or kubectl.
kubectl create namespace kadras-system
kapp deploy -a knative-serving-package -n kadras-system -y \
  -f https://github.com/kadras-io/package-for-knative-serving/releases/latest/download/metadata.yml \
  -f https://github.com/kadras-io/package-for-knative-serving/releases/latest/download/package.yml

Install the Knative Serving package:

kctrl package install -i knative-serving \
  -p knative-serving.packages.kadras.io \
  -v ${VERSION} \
  -n kadras-system

Note You can find the ${VERSION} value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.

kctrl package available list -p knative-serving.packages.kadras.io -n kadras-system

Verify the installed packages and their status:

kctrl package installed list -n kadras-system

๐Ÿ“™ย  Documentation

Documentation, tutorials and examples for this package are available in the docs folder. For documentation specific to Knative Serving, check out knative.dev.

๐ŸŽฏย  Configuration

The Knative Serving package can be customized via a values.yml file.

domain_name: labs.thomasvitale.com
ingress_issuer: letsencrypt-issuer

Reference the values.yml file from the kctrl command when installing or upgrading the package.

kctrl package install -i knative-serving \
  -p knative-serving.packages.kadras.io \
  -v ${VERSION} \
  -n kadras-system \
  --values-file values.yml

Values

The Knative Serving package has the following configurable properties.

Configurable properties
Config Default Description
ca_cert_data "" PEM-encoded certificate data to trust TLS connections with a custom CA.
policies.include false Whether to include the out-of-the-box Kyverno policies to validate and secure the package installation.
domain_name "" Domain name for Knative Services. It must be a valid DNS name.
ingress_issuer "" A reference to the ClusterIssuer to use if you want to enable autoTLS.

Settings for the Knative Serving workloads.

Config Default Description
workloads.activator.minReplicas 1 The minimum number of replicas as controlled by a HorizontalPodAutoscaler. In order to enable high availability, it should be greater than 1.
workloads.autoscaler.replicas 1 The number of replicas for this Deployment. In order to enable high availability, it should be greater than 1.
workloads.controller.replicas 1 The number of replicas for this Deployment. In order to enable high availability, it should be greater than 1.
workloads.webhook.minReplicas 1 The minimum number of replicas as controlled by a HorizontalPodAutoscaler. In order to enable high availability, it should be greater than 1.

Configuration stored in the config-deployment ConfigMap.

Config Default Description
config.deployment.progress-deadline 600s The duration to wait for the deployment to be ready before considering it failed.
config.deployment.queue-sidecar-cpu-request 25m The queue proxy's CPU request. If omitted, a default value (currently '25m'), is used.
config.deployment.queue-sidecar-cpu-limit 1000m The queue proxy's CPU limit. If omitted, a default value (currently 1000m), is used when queueproxy.resource-defaults is set to Enabled.
config.deployment.queue-sidecar-memory-request 50Mi The queue proxy's memory request. If omitted, a default value (currently 400Mi), is used when queueproxy.resource-defaults is set to Enabled.
config.deployment.queue-sidecar-memory-limit 200Mi The queue proxy's memory limit. If omitted, a default value (currently 800Mi), is used when queueproxy.resource-defaults is set to Enabled.

Configuration stored in the config-network ConfigMap.

Config Default Description
config.network.namespace-wildcard-cert-selector "" A LabelSelector which determines which namespaces should have a wildcard certificate provisioned.
config.network.domain-template {{.Name}}.{{.Namespace}}.{{.Domain}} The golang text template string to use when constructing the Knative Service's DNS name.
config.network.http-protocol Redirected Controls the behavior of the HTTP endpoint for the Knative ingress. Enabled: The Knative ingress will be able to serve HTTP connection. Redirected: The Knative ingress will send a 301 redirect for all http connections, asking the clients to use HTTPS.
config.network.default-external-scheme http Defines the scheme used for external URLs if autoTLS is not enabled. This can be used for making Knative report all URLs as https, for example, if you're fronting Knative with an external loadbalancer that deals with TLS termination and Knative doesn't know about that otherwise.
config.network.rollout-duration 0 The minimal duration in seconds over which the Configuration traffic targets are rolled out to the newest revision.

Configuration stored in the config-tracing ConfigMap.

Config Default Description
config.tracing.backend none The type of distributed tracing backend. Options: none, zipkin.
config.tracing.zipkin-endpoint http://tempo.observability-system.svc.cluster.local:9411/api/v2/spans The Zipkin collector endpoint where traces are sent.
config.tracing.debug false Enable the Zipkin debug mode. This allows all spans to be sent to the server bypassing sampling.
config.tracing.sample-rate 0.1 The percentage (0-1) of requests to trace.

Settings for the Ingress controller.

Config Default Description
ingress.contour.default-tls-secret "" If auto-TLS is disabled, fallback to this certificate. An operator is required to setup a TLSCertificateDelegation for this Secret to be used.
ingress.contour.external.namespace projectcontour The namespace where the external Ingress controller is installed.
ingress.contour.internal.namespace projectcontour The namespace where the internal Ingress controller is installed.

Settings for the corporate proxy.

Config Default Description
proxy.http_proxy "" The HTTP proxy to use for network traffic.
proxy.https_proxy "" The HTTPS proxy to use for network traffic.
proxy.no_proxy "" A comma-separated list of hostnames, IP addresses, or IP ranges in CIDR format that should not use a proxy.

๐Ÿ›ก๏ธย  Security

The security process for reporting vulnerabilities is described in SECURITY.md.

๐Ÿ–Š๏ธย  License

This project is licensed under the Apache License 2.0. See LICENSE for more information.

๐Ÿ™ย  Acknowledgments

This package is inspired by the original Knative Serving package used in the Tanzu Community Edition project before its retirement.