Knative Serving resolves image tags to a digest when you create a Revision. This helps to provide consistency for Deployments. For more information, see the documentation on Why we resolve tags in Knative.
The Knative Serving controller must be configured to access the container registry to use this feature.
If you are using a registry that has a self-signed certificate, you must configure the Knative Serving controller to trust that certificate.
Knative Serving accepts the
SSL_CERT_DIR environment variables.
You can configure trusting certificates by mounting your certificates into the controller Deployment, and then setting the environment variable appropriately.
For example, if you are using a
custom-certs secret that contains your CA certificates, the Deployment object is as follows:
apiVersion: apps/v1 kind: Deployment metadata: name: controller namespace: knative-serving spec: template: spec: containers: - name: controller volumeMounts: - name: custom-certs mountPath: /path/to/custom/certs env: - name: SSL_CERT_DIR value: /path/to/custom/certs volumes: - name: custom-certs secret: secretName: custom-certs
If you are behind a corporate proxy, you must proxy the tag resolution requests between the controller and your registry.
Knative accepts the
HTTPS_PROXY environment variables, so you can configure the controller Deployment as follows:
apiVersion: apps/v1 kind: Deployment metadata: name: controller namespace: knative-serving spec: template: spec: containers: - name: controller env: - name: HTTP_PROXY value: http://proxy.example.com - name: HTTPS_PROXY value: https://proxy.example.com