We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.
Enabling tag to digest resolution
Knative serving resolves image tags to a digest when you create a revision. This gives knative revisions some very nice properties, e.g. your deployments will be consistent, you don’t have to worry about “immutable tags”, etc. For more info, see Why we resolve tags in Knative.
Unfortunately, this means that the knative serving controller needs to be configured to access your container registry.
If you’re using a registry that has a self-signed certificate, you’ll need to
convince the serving controller to trust that certificate. We respect the
environment variables, so you can trust them by mounting the certificates into
the controller’s deployment and setting the environment variable appropriately,
assuming you have a
custom-certs secret containing your CA certs:
apiVersion: apps/v1 kind: Deployment metadata: name: controller namespace: knative-serving spec: template: spec: containers: - name: controller volumeMounts: - name: custom-certs mountPath: /path/to/custom/certs env: - name: SSL_CERT_DIR value: /path/to/custom/certs volumes: - name: custom-certs secret: secretName: custom-certs
If you’re behind a corporate proxy, you’ll need to proxy the tag resolution
requests between the controller and your registry. We respect the
environment variables, so you can configure the controller’s deployment via:
apiVersion: apps/v1 kind: Deployment metadata: name: controller namespace: knative-serving spec: template: spec: containers: - name: controller env: - name: HTTP_PROXY value: http://proxy.example.com - name: HTTPS_PROXY value: https://proxy.example.com
Skipping tag resolution
If this all seems like too much trouble, you can configure serving to skip tag
resolution via the
registriesSkippingTagResolving configmap field:
kubectl -n knative-serving edit configmap config-deployment
E.g., to disable tag resolution for
registry.example.com (note: This is not a complete configmap, it is a snippet showing registriesSkippingTagResolving):
apiVersion: v1 kind: ConfigMap metadata: name: config-deployment namespace: knative-serving data: # List of repositories for which tag to digest resolving should be skipped registriesSkippingTagResolving: registry.example.com
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.