diff options
author | Hordur Freyr Yngvason <hfyngvason@gitlab.com> | 2019-07-01 12:39:22 +0200 |
---|---|---|
committer | Hordur Freyr Yngvason <hfyngvason@gitlab.com> | 2019-07-01 12:39:22 +0200 |
commit | 3cae058a8431af32f0066c5514d8528f39420706 (patch) | |
tree | 07388cdc0b889ab224f60ea828dd1e538349f263 | |
parent | 3db5f5033c323df4ceb0d3d1d4cbe60fda238a48 (diff) | |
download | gitlab-ce-hfy/add-missing-step-to-external-knative-docs.tar.gz |
Add non-managed case; improve managed casehfy/add-missing-step-to-external-knative-docs
-rw-r--r-- | doc/user/project/clusters/serverless/index.md | 81 |
1 files changed, 43 insertions, 38 deletions
diff --git a/doc/user/project/clusters/serverless/index.md b/doc/user/project/clusters/serverless/index.md index ff657e85dba..2e92df7b874 100644 --- a/doc/user/project/clusters/serverless/index.md +++ b/doc/user/project/clusters/serverless/index.md @@ -99,44 +99,49 @@ You must do the following: 1. Follow the steps to [add an existing Kubernetes cluster](../index.md#adding-an-existing-kubernetes-cluster). -1. Give GitLab the ability to manage resources in the `serving.knative.dev` API - group. We suggest you do this with an - [aggregated ClusterRole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles). - First, save the following YAML as `knative-serving-only-role.yaml`: - - ```yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: knative-serving-only-role - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rules: - - apiGroups: - - serving.knative.dev - resources: - - configurations - - configurationgenerations - - routes - - revisions - - revisionuids - - autoscalers - - services - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - ``` - - Then run the following command: - - ```bash - kubectl apply -f knative-serving-only-role.yaml - ``` +1. Ensure GitLab can manage Knative: + - For a non-GitLab managed cluster, ensure that the service account for the token + provided can manage resources in the `serving.knative.dev` API group. + - For a GitLab managed cluster, + GitLab uses a service account with the `edit` cluster role. This account needs + the ability to manage resources in the `serving.knative.dev` API group. + We suggest you do this with an [aggregated ClusterRole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) + adding rules to the default `edit` cluster role: + First, save the following YAML as `knative-serving-only-role.yaml`: + + ```yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: knative-serving-only-role + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rules: + - apiGroups: + - serving.knative.dev + resources: + - configurations + - configurationgenerations + - routes + - revisions + - revisionuids + - autoscalers + - services + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + ``` + + Then run the following command: + + ```bash + kubectl apply -f knative-serving-only-role.yaml + ``` 1. Follow the steps to deploy [functions](#deploying-functions) or [serverless applications](#deploying-serverless-applications) onto your |