Installing Knative serving outside Google Cloud

Learn how to install Knative serving in your GKE clusters outside Google Cloud. Knative serving now uses Cloud Service Mesh and GKE Enterprise fleets. Learn what's new and changed with Knative serving fleet installations.

For Knative serving on VMware, see the GA-level installation guide.

Support for the following GKE clusters are available as a Preview:

Use the steps on this page to configure a new installation or to update an existing fleet installation of Knative serving.

Before you begin

You must ensure that you meet the installation prerequisites.

Configure your CloudRun custom resource

You need to manually create and configure the CloudRun custom resource to configure your installation.

To manually create a CloudRun custom resource for GKE clusters outside Google Cloud:

  1. You must create or have an existing service account that has been granted the required Monitoring Metric Writer role (monitoring.metricWriter).

    • To create a new service account and then download the key, see Using service accounts.

    • If you have an existing service account with the necessary permissions, locate the key that you downloaded when you created that service account.

  2. Ensure Cloud Monitoring is enabled in your GKE cluster:

  3. Create the knative-serving namespace:

    kubectl create namespace knative-serving
    
  4. Create a secret in the knative-serving namespace that holds the service account with monitoring.metricWriter permissions:

    kubectl create secret -n knative-serving generic SECRET_NAME --from-file=PATH_TO_KEY_FILE/SECRET_KEY
    

    Replace:

    • SECRET_NAME with the name that you choose for the secret.
    • SECRET_KEY with the name of the file that includes your credentials. Example: key.json
    • PATH_TO_KEY_FILE with the path to the directory of the SECRET_KEY.

    See the kubectl create secret reference to learn more, including optional flags.

  5. Create a YAML file with the following attributes, for example cloudrunanthos.yaml:

    apiVersion: operator.run.cloud.google.com/v1alpha1
    kind: CloudRun
    metadata:
      name: cloud-run
    spec:
      metricscollector:
        stackdriver:
          projectid: PROJECT_ID
          gcpzone: CLUSTER_LOCATION
          clustername: CLUSTER_NAME
          secretname: SECRET_NAME
          secretkey: SECRET_KEY
    

    Replace the following:

    • PROJECT_ID with the ID of your Google Cloud project.
    • CLUSTER_LOCATION with the region or zone in which your cluster is located.
    • CLUSTER_NAME with the ID of your cluster or the fully qualified identifier for the cluster.
    • SECRET_NAME with the name of the Secret for the service account of the knative-serving namespace.
    • SECRET_KEY with the key of the Secret for the service account of the knative-serving namespace. For example: key.json

      For details about service accounts, see:

    Example

    In this example CloudRun custom resource, the configuration details for Cloud Monitoring are specified to use the my-gcp-logging-secret secret and key.json key:

     apiVersion: operator.run.cloud.google.com/v1alpha1
     kind: CloudRun
     metadata:
       name: cloud-run
     spec:
       metricscollector:
         stackdriver:
           projectid: my-gcp-project-id
           gcpzone: us-central1-c
           clustername: my-anthos-cluster-name
           secretname: my-gcp-logging-secret
           secretkey: key.json
     ```
    

Enable and install Knative serving

Enable the Knative serving component in your GKE Enterprise fleet and then deploy your CloudRun custom resource:

  1. Enable Knative serving in your fleet:

    gcloud container fleet cloudrun enable --project=PROJECT_ID
    

    Replace PROJECT_ID with the ID of your Google Cloud project.

    For details and additional options, see the gcloud container fleet cloudrun enable reference.

  2. Optional: Verify that the Knative serving feature component is enabled:

    Console

    View if the Knative serving component is Enabled in the Google Cloud console:

    Go to Feature Manager

    Command line

    View if the appdevexperience state is ACTIVE:

    gcloud container fleet features list  --project=PROJECT_ID
    

    Replace PROJECT_ID with the ID of your Google Cloud project.

    For details and additional options, see the gcloud container fleet features list reference.

    Result:

    NAME               STATE
    appdevexperience   ACTIVE
    
  3. For each GKE Enterprise cluster where you want to install Knative serving, you must deploy your CloudRun custom resource:

    gcloud

    gcloud container fleet cloudrun apply --kubeconfig=KUBECONFIG --context=CONTEXT --config=CONFIG_FILE
    

    Replace the following:

    • KUBECONFIG with the absolute path to your kubectl config file.
    • CONTEXT with the name of the context in your kubectl config file to use for connecting.
    • CONFIG_FILE with the filename relative path to your cloudRun custom resource. Example cloudrunanthos.yaml.

    For details and additional options, see the gcloud container fleet cloudrun apply reference.

    kubectl

    kubectl apply --kubeconfig=KUBECONFIG --filename CONFIG_FILE
    

    Replace the following:

    • KUBECONFIG with the absolute path to your kubectl config file.
    • CONFIG_FILE with the filename and relative path to your cloudRun custom resource. Example cloudrunanthos.yaml.

    For details and additional options, see the kubectl apply reference.

  4. Verify that Knative serving has been enabled in your cluster:
    1. Open the Google Cloud console:

      Go to GKE clusters

    2. Click on the name of your cluster to open the details pane.

    3. Run this command to check if you can see the Knative serving version details: kubectl get namespace knative-serving -o 'go-template={{index .metadata.labels "serving.knative.dev/release"}}'
    4. Verify that all Knative serving specific deployments are in running status under knative-serving and appdevexperience namespaces.

What's next

Set up your installation of Knative serving.