Installing Knative Serving using YAML files

This topic describes how to install Knative Serving by applying YAML files using the kubectl CLI.

Prerequisites

Before installing Knative, you must meet the following prerequisites:

• For prototyping purposes, Knative works on most local deployments of Kubernetes. For example, you can use a local, one-node cluster that has 2 CPUs and 4 GB of memory.

  Tip

  You can install a local distribution of Knative for development use by following the Getting started guide.

• For production purposes, it is recommended that:

  • If you have only one node in your cluster, you need at least 6 CPUs, 6 GB of memory, and 30 GB of disk storage.
  • If you have multiple nodes in your cluster, for each node you need at least 2 CPUs, 4 GB of memory, and 20 GB of disk storage.
  • You have a cluster that uses Kubernetes v1.18 or newer.
  • You have installed the kubectl CLI.
  • Your Kubernetes cluster must have access to the internet, because Kubernetes needs to be able to fetch images. To pull from a private registry, see Deploying images from a private container registry.

Caution

The system requirements provided are recommendations only. The requirements for your installation might vary, depending on whether you use optional components, such as a networking layer.

Install the Knative Serving component

To install the Knative Serving component:

1. Install the required custom resources by running the command:

   kubectl apply -f https://github.com/knative/serving/releases/download/v0.24.0/serving-crds.yaml

2. Install the core components of Knative Serving by running the command:

   kubectl apply -f https://github.com/knative/serving/releases/download/v0.24.0/serving-core.yaml

   Info

   For information about the YAML files in Knative Serving, see Knative Serving installation files.

Install a networking layer

The tabs below expand to show instructions for installing a networking layer. Follow the procedure for the networking layer of your choice:

Kourier (Choose this if you are not sure)

The following commands install Kourier and enable its Knative integration.

1. Install the Knative Kourier controller by running the command:

   kubectl apply -f https://github.com/knative/net-kourier/releases/download/v0.24.0/kourier.yaml

2. Configure Knative Serving to use Kourier by default by running the command:

   kubectl patch configmap/config-network \
     --namespace knative-serving \
     --type merge \
     --patch '{"data":{"ingress.class":"kourier.ingress.networking.knative.dev"}}'

3. Fetch the External IP address or CNAME by running the command:

   kubectl --namespace kourier-system get service kourier

   Tip

   Save this to use in the Configure DNS section below.

Ambassador

The following commands install Ambassador and enable its Knative integration.

1. Create a namespace in which to install Ambassador by running the command:

   kubectl create namespace ambassador

2. Install Ambassador by running the command:

   kubectl apply --namespace ambassador \
     -f https://getambassador.io/yaml/ambassador/ambassador-crds.yaml \
     -f https://getambassador.io/yaml/ambassador/ambassador-rbac.yaml \
     -f https://getambassador.io/yaml/ambassador/ambassador-service.yaml

3. Give Ambassador the required permissions by running the command:

   kubectl patch clusterrolebinding ambassador -p '{"subjects":[{"kind": "ServiceAccount", "name": "ambassador", "namespace": "ambassador"}]}'

4. Enable Knative support in Ambassador by running the command:

   kubectl set env --namespace ambassador  deployments/ambassador AMBASSADOR_KNATIVE_SUPPORT=true

5. Configure Knative Serving to use Ambassador by default by running the command:

   kubectl patch configmap/config-network \
     --namespace knative-serving \
     --type merge \
     --patch '{"data":{"ingress.class":"ambassador.ingress.networking.knative.dev"}}'

6. Fetch the External IP address or CNAME by running the command:

   kubectl --namespace ambassador get service ambassador

   Tip

   Save this to use in the Configure DNS section below.

Contour

The following commands install Contour and enable its Knative integration.

1. Install a properly configured Contour by running the command:

   kubectl apply -f https://github.com/knative/net-contour/releases/download/v0.24.0/contour.yaml

2. Install the Knative Contour controller by running the command:

   kubectl apply -f https://github.com/knative/net-contour/releases/download/v0.24.0/net-contour.yaml

3. Configure Knative Serving to use Contour by default by running the command:

   kubectl patch configmap/config-network \
     --namespace knative-serving \
     --type merge \
     --patch '{"data":{"ingress.class":"contour.ingress.networking.knative.dev"}}'

4. Fetch the External IP address or CNAME by running the command:

   kubectl --namespace contour-external get service envoy

   Tip

   Save this to use in the Configure DNS section below.

Istio

The following commands install Istio and enable its Knative integration.

1. Install a properly configured Istio by following the Advanced Istio installation instructions or by running the command:

   kubectl apply -l knative.dev/crd-install=true -f https://github.com/knative/net-istio/releases/download/v0.24.0/istio.yaml
   kubectl apply -f https://github.com/knative/net-istio/releases/download/v0.24.0/istio.yaml

2. Install the Knative Istio controller by running the command:

   kubectl apply -f https://github.com/knative/net-istio/releases/download/v0.24.0/net-istio.yaml

3. Fetch the External IP address or CNAME by running the command:

   kubectl --namespace istio-system get service istio-ingressgateway

   Tip

   Save this to use in the Configure DNS section below.

Verify the installation

Success

Monitor the Knative components until all of the components display Running or Completed beneath STATUS:

kubectl get pods --namespace knative-serving

Configure DNS

You can configure DNS to prevent the need to run curl commands with a host header.

The tabs below expand to show instructions for configuring DNS. Follow the procedure for the DNS of your choice:

Magic DNS (sslip.io)

Knative provides a Kubernetes Job called default-domain that configures Knative Serving to use sslip.io as the default DNS suffix.

kubectl apply -f https://github.com/knative/serving/releases/download/v0.24.0/serving-default-domain.yaml

Warning

This will only work if the cluster LoadBalancer Service exposes an IPv4 address or hostname, so it will not work with IPv6 clusters or local setups like minikube unless minikube tunnel is running.

In these cases, see the “Real DNS” or “Temporary DNS” tabs.

Real DNS

To configure DNS for Knative, take the External IP or CNAME from setting up networking, and configure it with your DNS provider as follows:

• If the networking layer produced an External IP address, then configure a wildcard A record for the domain:

# Here knative.example.com is the domain suffix for your cluster
*.knative.example.com == A 35.233.41.212

• If the networking layer produced a CNAME, then configure a CNAME record for the domain:

# Here knative.example.com is the domain suffix for your cluster
*.knative.example.com == CNAME a317a278525d111e89f272a164fd35fb-1510370581.eu-central-1.elb.amazonaws.com

• Once your DNS provider has been configured, direct Knative to use that domain:

# Replace knative.example.com with your domain suffix
kubectl patch configmap/config-domain \
  --namespace knative-serving \
  --type merge \
  --patch '{"data":{"knative.example.com":""}}'

Temporary DNS

If you are using curl to access the sample applications, or your own Knative app, and are unable to use the “Magic DNS (sslip.io)” or “Real DNS” methods, there is a temporary approach. This is useful for those who wish to evaluate Knative without altering their DNS configuration, as per the “Real DNS” method, or cannot use the “Magic DNS” method due to using, for example, minikube locally or IPv6 clusters.

To access your application using curl using this method:

1. After starting your application, get the URL of your application:

   kubectl get ksvc

   The output should be similar to:

   NAME            URL                                        LATESTCREATED         LATESTREADY           READY   REASON
   helloworld-go   http://helloworld-go.default.example.com   helloworld-go-vqjlf   helloworld-go-vqjlf   True

2. Instruct curl to connect to the External IP or CNAME defined by the networking layer in section 3 above, and use the -H "Host:" command-line option to specify the Knative application’s host name. For example, if the networking layer defines your External IP and port to be http://192.168.39.228:32198 and you wish to access the above helloworld-go application, use:

   curl -H "Host: helloworld-go.default.example.com" http://192.168.39.228:32198

   In the case of the provided helloworld-go sample application, using the default configuration, the output is:

   Hello Go Sample v1!

   Refer to the “Real DNS” method for a permanent solution.

Install optional Serving extensions

The tabs below expand to show instructions for installing each Serving extension.

HPA autoscaling

Knative also supports the use of the Kubernetes Horizontal Pod Autoscaler (HPA) for driving autoscaling decisions.

• Install the components needed to support HPA-class autoscaling by running the command:

  kubectl apply -f https://github.com/knative/serving/releases/download/v0.24.0/serving-hpa.yaml

TLS with cert-manager

Knative supports automatically provisioning TLS certificates through cert-manager. The following commands install the components needed to support the provisioning of TLS certificates through cert-manager.

1. Install cert-manager version v1.0.0 or later.

2. Install the component that integrates Knative with cert-manager by running the command:

   kubectl apply -f https://github.com/knative/net-certmanager/releases/download/v0.24.0/release.yaml

3. Configure Knative to automatically configure TLS certificates by following the steps in Enabling automatic TLS certificate provisioning.

TLS with HTTP01

Knative supports automatically provisioning TLS certificates using Encrypt HTTP01 challenges. The following commands install the components needed to support TLS.

1. Install the net-http01 controller by running the command:

   kubectl apply -f https://github.com/knative/net-http01/releases/download/v0.24.0/release.yaml

2. Configure the certificate.class to use this certificate type by running the command:

   kubectl patch configmap/config-network \
     --namespace knative-serving \
     --type merge \
     --patch '{"data":{"certificate.class":"net-http01.certificate.networking.knative.dev"}}'

3. Enable auto-TLS by running the command:

   kubectl patch configmap/config-network \
     --namespace knative-serving \
     --type merge \
     --patch '{"data":{"autoTLS":"Enabled"}}'

TLS wildcard support

Warning

TLS wildcard support does not work with HTTP01.

If you are using a certificate implementation that supports provisioning wildcard certificates (for example, cert-manager with a DNS01 issuer) then the most efficient way to provision certificates is with the namespace wildcard certificate controller.

• Install the components needed to provision wildcard certificates in each namespace by running the command:

  kubectl apply -f https://github.com/knative/serving/releases/download/v0.24.0/serving-nscert.yaml