Before you install Knative serving in your cluster outside Google Cloud, you must first ensure that you meet the following requirements:
Review and understand the access permissions of components in Knative serving.
You must ensure that you have adequate permissions in your Google Cloud project to meet the installation requirements for your cluster, fleet, and Anthos Service Mesh:
- If you have the Owner role for the Google Cloud project, then you have more than the necessary permissions to create clusters, install, and then configure Knative serving.
- Your GKE clusters outside of Google Cloud might also require other permissions. See the documentation and requirements for your cluster.
Note that the Anthos Service Mesh permissions requirements also meet all the permission requirements for installing and configuring Knative serving.
Using other roles and the minimum requirements:
Depending on your organization, you can also meet the permission requirements through a combination of the following predefined roles:
Google Cloud project permissions: Basic Editor role
GKE Enterprise fleet permissions: GKE Hub Admin or a role that includes the following permissions:
gkehub.features.create
gkehub.features.update
Cluster permissions: A Kubernetes Engine Admin Role:
- Kubernetes Engine Admin
- Kubernetes Engine Cluster Admin
An GKE Enterprise cluster with the following configuration is required:
A supported Google Distributed Cloud Virtual cluster. For previous installations on Google Distributed Cloud Virtual clusters, you must migrate Knative serving on VMware to a fleet.
Preview: Other GKE clusters environments outside Google Cloud are currently available as a "Preview". Learn more.
Registered in your GKE Enterprise fleet:
To learn how to register your cluster and enable Workload Identity in your fleet, see Registering a cluster
In-cluster Anthos Service Mesh version 1.18 or later is installed. Additionally, note the following prerequisites:
- The Google-managed Anthos Service Mesh control plane is currently not fully supported by Knative serving. Use the in-cluster control plane instead.
- Anthos Service Mesh requires that your cluster use a machine type with at
least 4 vCPUs, such as
e2-standard-4
. See the Anthos Service Mesh installation guide for details about requirements. If you need to change your existing cluster's machine type, see Migrating workloads to different machine types. - In order to benefit from the automated provisioning of test domains -
Anthos Service Mesh uses an ingress gateway and a service named
istio-ingress
in namespaceistio-system
. To enable creation of the gateway during the feature installation use--option legacy-default-ingressgateway
ofasmcli
installation script.
The following APIs must be enabled in your Google Cloud project:
- Google Kubernetes Engine API: Build and manage container-based applications.
- Cloud Build API: Create and manage builds.
- Container Registry API: Push and pull images in Container Registry.