Overview¶
This page provides guidance for administrators on how to manage Knative on an existing Kubernetes cluster.
---
config:
theme: mc
layout: elk
look: classic
---
flowchart LR
subgraph Knative["Knative"]
direction LR
Serving["Serving"]
Eventing["Eventing"]
end
subgraph Plugins["Plugins"]
direction LR
net-istio["Istio"]
net-contour["Contour"]
net-gateway-api["Gateway API"]
event-kafka["Kafka"]
event-rabbitmq["RabbitMQ"]
event-nats["NATS"]
end
Dev(["Developers"]) --> dev-acts["Manages defined Kubernetes objects"]
dev-acts --> Serving & Eventing
Admin(["Administrators"]) --> admin-acts["Installs and configures"]
admin-acts --> Knative & Plugins
Serving --> net-impl["implements"]
net-impl --> net-istio & net-contour & net-gateway-api
Eventing --> event-impl["implements"]
event-impl --> event-kafka & event-rabbitmq & event-nats
dev-acts@{ shape: text}
admin-acts@{ shape: text}
net-impl@{ shape: text}
event-impl@{ shape: text}
style Serving fill:#757575,color:#FFFFFF
style net-istio fill:#757575,color:#FFFFFF
style net-contour fill:#757575,color:#FFFFFF
style net-gateway-api fill:#757575,color:#FFFFFF
style Dev fill:#FF6D00,color:#FFFFFF
style Admin fill:#2962FF,color:#FFFFFF
As a cluster administrator, your responsibilities include managing the Kubernetes environment, installing cluster-wide components, and enabling developers to deploy applications on the cluster. Knative aims to simplify developer tasks, while aligning with existing management tools and processes.
Knative includes a plugin system to integrate with existing infrastructure in the cluster, enabling Knative resources such as Routes and Brokers to be implemented using one of multiple underlying suppliers. For example, a Knative Eventing app can deliver events to a Broker that triggers a function based on the received event. In a testing cluster, the delivery might use an in-memory option, while a staging or production environment might use a cloud-provided Kafka service.
Of particular interest to cluster administrators is that Knative supports customizable default values on the parameters defined in resource YAML files. These configurations reduce the amount of environment configuration tasks developers needs to consider.
Installation decisions¶
See the Installation roadmap for prerequisites and installation steps. Your first installation decision is whether to use a YAML-based installation or use the Knative Operator. The Knative Operator is a custom controller that extends the Kubernetes API to install Knative components. If you just need to get acquainted with Knative at this time, you can install the quickstart.
Knative installations are not permanent and you can install clusters differently depending on the situation. Although switching services and applications in real time may be possible, a best practice is to start with a new cluster.
Upgrades¶
Administrators are generally responsible for performing upgrades to cluster infrastructure, apps, and services. Knative is designed and tested for continuous operation during upgrades and rollbacks, allowing you to:
- Upgrade or revert the Knative components while it is serving traffic, rather than needing a maintenance window.
- Downgrade by one Knative version. Downgrades work provided that no applications have used new features since the last upgrade.
Configurations¶
Knative configurations are performed by the following methods:
-
Editing YAML manifests and applying with the
kubectltoolModify resource definitions directly, including labels, annotations, and field values. You can use Kubernetes features such as OPA and Kyverno to enforce specific values on a resource type, or use ConfigMaps in plugin installations to set values at the cluster level.
-
Using ConfigMaps
Store and manage configuration data as key-value pairs. ConfigMaps are frequently used to tune platform-wide behavior. Most of the Knative ConfigMaps are in the
knative-servingandknative-eventingnamespaces. Their settings apply to all the relevant Knative components in all namespaces. -
Using the Knative Operator
Some platform-wide settings can be managed declaratively using the Knative Operator, installed with the
knKnative CLI plugin. You can manage the operator without using theknCLI. TheknCLI manages only operator installations.
For more information, see Installing CLI tools
Knative uses Kubernetes YAML manifests to define and configure system components. These manifests include core resources, custom resource definitions (CRDs), and extensibility features. As with Kubernetes, these configuration resources are declarative and can be managed using the kubectl CLI tool or with continuous delivery tools.
Configuration summaries¶
The following sections provide an overview of the current configurations procedures of interest to Administrators. You make these configurations using kubectl, with some procedures applying YAML files.
Networking¶
| Configuration | ConfigMap | Description |
|---|---|---|
| Domain names | config-domain |
Configure and publish domains. |
| Ingress gateway | config-istio |
For new clusters, you can configure your own gateway and underlying service. |
| Istio authorization | NA | Grant authorization to your deployed Knative services. |
Serving¶
| Configuration | ConfigMap | Description |
|---|---|---|
| Default configurations | config-defaults |
Default resource values such as performance, hardware, and storage settings. |
| Deployment resources | config-deployment |
Kubernetes deployment resources that back Knative services. |
| High-availability | NA | Configure ensure that APIs stay operational if a disruption occurs. |
| Garbage collection | config-gc |
Disable and enable collection and set retention time values. |
| Namespace exclusion from webhook | NA | For performance concerns during an upgrade. |
| Rollout duration for revisions | config-network |
Adjust rollout durations to accommodate longer request queues. |
| Security - Certificates | NA | Describes how to manage automatic certificate provisioning. |
| Security - Encryptions | config-network |
Provides links to procedures for encrypting external domains, the local cluster, and system internal. |
Eventing¶
| Configuration | ConfigMap | Description |
|---|---|---|
| Broker defaults | config-br-defaults |
Specify your own broker class and channel, or use the default MTChannelBasedBroker Broker class and the ConfigMap of channel defaults. |
| Broker features (Kafka) | config-kafka-features |
Configure options for Broker interactions with Apache Kafka clusters. |
| Channel defaults | default-ch-webhook |
Default configurations and labels to use for the channel. |
| Channel defaults (Kafka) | kafka-channel |
Defines how KafkaChannel instances are created. Requires that KafkaChannel custom resource definitions (CRD) are installed. |
| Event source defaults | config-ping-defaults |
Configure the PingSource default resources and the maximum data size for CloudEvents it produces. |
| KEDA Autoscaling of Kafka Resources | config-kafka-features |
Configure how KEDA scales a KafkaSource, trigger, or subscription. Note: This feature is is Alpha pre-release. |
| Sugar Controller | config-sugar |
Configure the Sugar controller, which reacts to label configurations to produce or control eventing resources. See also Knative Eventing Sugar Controller. |
Securing Knative¶
You can grant developers access to additional resources related to their namespace in other services, such as observability, logs, metrics, tracing, and dashboards.
Knative resources are namespaced. Knative adheres to the Kubernetes model of namespace-based isolation that lets you manage development teams and resources by assigning them to namespaces.
Namespaces can also isolate boundaries for tooling such as logs, metrics, tracing, CI/CD integrations, and dashboards. The extent of this isolation depends on both the enforcement strategy and how consistently teams adhere to namespace boundaries.
You can optimize and enforce isolation involving namespaces using standard Kubernetes mechanisms, including: