We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.
Enabling tag to digest resolution
Knative serving resolves image tags to a digest when you create a revision. This
gives knative revisions some very nice properties, e.g. your deployments will be
consistent, you don’t have to worry about “immutable tags”, etc. For more info,
see
Why we resolve tags in Knative
(join
knative-users@googlegroups.com
for access).
Unfortunately, this means that the knative serving controller needs to be configured to access your container registry.
Custom Certificates
If you’re using a registry that has a self-signed certificate, you’ll need to
convince the serving controller to trust that certificate. We respect the
SSL_CERT_FILE and SSL_CERT_DIR
environment variables, so you can trust them by mounting the certificates into
the controller’s deployment and setting the environment variable appropriately,
assuming you have a custom-certs secret containing your CA certs:
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller
namespace: knative-serving
spec:
template:
spec:
containers:
- name: controller
volumeMounts:
- name: custom-certs
mountPath: /path/to/custom/certs
env:
- name: SSL_CERT_DIR
value: /path/to/custom/certs
volumes:
- name: custom-certs
secret:
secretName: custom-certs
Corporate Proxy
If you’re behind a corporate proxy, you’ll need to proxy the tag resolution
requests between the controller and your registry. We respect the
HTTP_PROXY and HTTPS_PROXY
environment variables, so you can configure the controller’s deployment via:
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller
namespace: knative-serving
spec:
template:
spec:
containers:
- name: controller
env:
- name: HTTP_PROXY
value: http://proxy.example.com
- name: HTTPS_PROXY
value: https://proxy.example.com
Skipping tag resolution
If this all seems like too much trouble, you can configure serving to skip tag
resolution via the registriesSkippingTagResolving configmap field:
kubectl -n knative-serving edit configmap config-deployment
E.g., to disable tag resolution for registry.example.com (note: This is not a complete configmap, it is a snippet showing registriesSkippingTagResolving):
apiVersion: v1
kind: ConfigMap
metadata:
name: config-deployment
namespace: knative-serving
data:
# List of repositories for which tag to digest resolving should be skipped
registriesSkippingTagResolving: registry.example.com
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.