Knative Serving resolves image tags to a digest when you create a Revision. This helps to provide consistency for Deployments. For more information, see the documentation on Why we resolve tags in Knative.
The Knative Serving controller must be configured to access the container registry to use this feature.
If you are using a registry that has a self-signed certificate, you must configure the default Knative Serving
controller Deployment to trust that certificate. You can configure trusting certificates by mounting your certificates into the
controller Deployment, and then setting the environment variable appropriately.
If you are using a
custom-certssecret that contains your CA certificates, add the following spec to the default Knative Serving
apiVersion: apps/v1 kind: Deployment metadata: name: controller namespace: knative-serving spec: template: spec: containers: - name: controller volumeMounts: - name: custom-certs mountPath: /path/to/custom/certs env: - name: SSL_CERT_DIR value: /path/to/custom/certs volumes: - name: custom-certs secret: secretName: custom-certs
Knative Serving accepts the
Create a secret in the
knative-servingnamespace that points to your root CA certificate, and then save the current Knative Serving
kubectl -n knative-serving create secret generic customca --from-file=ca.crt=/root/ca.crt
kubectl -n knative-serving get deploy/controller -o yaml > knative-serving-controller.yaml
If you are behind a corporate proxy, you must proxy the tag resolution requests between the controller and your registry.
Knative accepts the
HTTPS_PROXY environment variables, so you can configure the controller Deployment as follows:
apiVersion: apps/v1 kind: Deployment metadata: name: controller namespace: knative-serving spec: template: spec: containers: - name: controller env: - name: HTTP_PROXY value: http://proxy.example.com - name: HTTPS_PROXY value: https://proxy.example.com