Tag resolution

Knative Serving resolves image tags to a digest when you create a Revision. This helps to provide consistency for Deployments. For more information, see the documentation on Why we resolve tags in Knative.

Important

The Knative Serving controller must be configured to access the container registry to use this feature.

Custom certificates

If you are using a registry that has a self-signed certificate, you must configure the default Knative Serving controller Deployment to trust that certificate. You can configure trusting certificates by mounting your certificates into the controller Deployment, and then setting the environment variable appropriately.

Procedure

  1. If you are using a custom-certs secret that contains your CA certificates, add the following spec to the default Knative Serving controller Deployment:

    1. apiVersion: apps/v1
    2. kind: Deployment
    3. metadata:
    4. name: controller
    5. namespace: knative-serving
    6. spec:
    7. template:
    8. spec:
    9. containers:
    10. - name: controller
    11. volumeMounts:
    12. - name: custom-certs
    13. mountPath: /path/to/custom/certs
    14. env:
    15. - name: SSL_CERT_DIR
    16. value: /path/to/custom/certs
    17. volumes:
    18. - name: custom-certs
    19. secret:
    20. secretName: custom-certs

    Knative Serving accepts the SSL_CERT_FILE and SSL_CERT_DIR environment variables.

  2. Create a secret in the knative-serving namespace that points to your root CA certificate, and then save the current Knative Serving controller Deployment:

    1. kubectl -n knative-serving create secret generic customca --from-file=ca.crt=/root/ca.crt
    1. kubectl -n knative-serving get deploy/controller -o yaml > knative-serving-controller.yaml

Corporate proxy

If you are behind a corporate proxy, you must proxy the tag resolution requests between the controller and your registry.

Knative accepts the HTTP_PROXY and HTTPS_PROXY environment variables, so you can configure the controller Deployment as follows:

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4. name: controller
  5. namespace: knative-serving
  6. spec:
  7. template:
  8. spec:
  9. containers:
  10. - name: controller
  11. env:
  12. - name: HTTP_PROXY
  13. value: http://proxy.example.com
  14. - name: HTTPS_PROXY
  15. value: https://proxy.example.com