Skip to content
Snippets Groups Projects
Commit 06881add authored by RichieEscarez's avatar RichieEscarez Committed by Knative Prow Robot
Browse files

invalid since v0.8.1 (#1947) 

* invalid since v0.8.1

fix for https://github.com/knative/docs/issues/1859

* remove references to the invalid topic
parent 85476b5b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/eventing/README.md
+ 0
5
View file @ 06881add
......@@ -96,11 +96,6 @@ Learn more about Eventing development in the
Knative Eventing currently requires Knative Serving installed with either Istio version >=1.0, or Gloo version >=0.18.16.
[Follow the instructions to install on the platform of your choice](../install/README.md).
Many of the sources require making outbound connections to create the event
subscription, and if you have any functions that make use of any external (to
cluster) services, you must enable it also for them to work.
[Follow the instructions to configure outbound network access](../serving/outbound-network-access.md).
## Architecture
The eventing infrastructure supports two forms of event delivery at the moment:
......
docs/install/README.md
+ 2
3
View file @ 06881add
......@@ -125,12 +125,11 @@ Now you're ready to deploy an app:
## Configuring Knative Serving
After your Knative installation is running, you can set up a custom domain with
a static IP address to be able to use Knative for publicly available services
and set up an Istio IP range for outbound network access:
a static IP address to be able to use Knative for publicly available services,
and set up TLS certificates to use HTTPS:
- [Assign a static IP address](../serving/gke-assigning-static-ip-address.md)
- [Configure a custom domain](../serving/using-a-custom-domain.md)
- [Configure outbound network access](../serving/outbound-network-access.md)
- [Configuring HTTPS with a custom certificate](../serving/using-an-ssl-cert.md)
## Checking the version of your Knative Serving installation
......
docs/serving/README.md
+ 0
1
View file @ 06881add
......@@ -74,7 +74,6 @@ in the Knative Serving repository.
## Configuration and Networking
- [Configuring outbound network access](./outbound-network-access.md)
- [Configuring cluster local routes](./cluster-local-route.md)
- [Using a custom domain](./using-a-custom-domain.md)
- [Assigning a static IP address for Knative on Google Kubernetes Engine](./gke-assigning-static-ip-address.md)
......
docs/serving/outbound-network-access.md deleted 100644 → 0
+ 0
104
View file @ 85476b5b
---
title: "Configuring outbound network access"
#linkTitle: "OPTIONAL_ALTERNATE_NAV_TITLE"
weight: 45
type: "docs"
---
This guides walks you through enabling outbound network access for a Knative
app.
Knative blocks all outbound traffic by default. To enable outbound access (when
you want to connect to the Cloud Storage API, for example), you need to change
the scope of the proxy IP range by editing the `config-network` map.
## Determining the IP scope of your cluster
To set the correct scope, you need to determine the IP ranges of your cluster.
The scope varies depending on your platform:
- For Google Kubernetes Engine (GKE) run the following command to determine the
scope. Make sure to replace the variables or export these values first.
```shell
gcloud container clusters describe ${CLUSTER_NAME} \
--zone=${CLUSTER_ZONE} | grep -e clusterIpv4Cidr -e servicesIpv4Cidr
```
- For IBM Cloud Private run the following command:
```shell
cat cluster/config.yaml | grep service_cluster_ip_range
```
- For IBM Cloud Kubernetes Service use
`172.30.0.0/16,172.20.0.0/16,10.10.10.0/24`
- For Azure Container Service (ACS) use `10.244.0.0/16,10.240.0.0/16`
- For Pivotal Container Service (PKS) on GCP use `10.200.0.0/16,10.100.200.0/24`
- For Minikube use `10.0.0.1/24`
## Setting the IP scope
The `istio.sidecar.includeOutboundIPRanges` parameter in the `config-network`
map specifies the IP ranges that Istio sidecar intercepts. To allow outbound
access, replace the default parameter value with the IP ranges of your cluster.
Run the following command to edit the `config-network` map:
```shell
kubectl edit configmap config-network --namespace knative-serving
```
Then, use an editor of your choice to change the
`istio.sidecar.includeOutboundIPRanges` parameter value from `*` to the IP range
you need. Separate multiple IP entries with a comma. For example:
```
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
istio.sidecar.includeOutboundIPRanges: '10.16.0.0/14,10.19.240.0/20'
kind: ConfigMap
metadata:
...
```
By default, the `istio.sidecar.includeOutboundIPRanges` parameter is set to `*`,
which means that Istio intercepts all traffic within the cluster as well as all
traffic that is going outside the cluster. Istio blocks all traffic that is
going outside the cluster unless you create the necessary egress rules.
When you set the parameter to a valid set of IP address ranges, Istio will no
longer intercept traffic that is going to the IP addresses outside the provided
ranges, and you don't need to specify any egress rules.
If you omit the parameter or set it to `''`, Knative uses the value of the
`global.proxy.includeIPRanges` parameter that is provided at Istio deployment
time. In the default Knative Serving deployment, `global.proxy.includeIPRanges`
value is set to `*`.
If an invalid value is passed, `''` is used instead.
If you are still having trouble making off-cluster calls, you can verify that
the policy was applied to the pod running your service by checking the metadata
on the pod. Verify that the `traffic.sidecar.istio.io/includeOutboundIPRanges`
annotation matches the expected value from the config-map.
```shell
$ kubectl get pod ${POD_NAME} --output yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
serving.knative.dev/configurationGeneration: "2"
sidecar.istio.io/inject: "true"
...
traffic.sidecar.istio.io/includeOutboundIPRanges: 10.16.0.0/14,10.19.240.0/20
...
```
docs/serving/samples/rest-api-go/README.md
+ 0
2
View file @ 06881add
......@@ -16,8 +16,6 @@ like `AAPL`,`AMZN`, `GOOG`, `MSFT`, etc.
and DNS configured.
1. [Docker](https://docs.docker.com/get-started/#prepare-your-docker-environment)
installed locally.
1. [Outbound network access](../../outbound-network-access.md) enabled for this
Service to make external API requests.
1. `envsubst` installed locally. This is installed by the `gettext` package. If
not installed it can be installed by a Linux package manager, or by
[Homebrew](https://brew.sh/) on OS X.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment