diff options
| author | Hordur Freyr Yngvason <hfyngvason@gitlab.com> | 2019-07-02 06:06:21 +0000 |
|---|---|---|
| committer | Evan Read <eread@gitlab.com> | 2019-07-02 06:06:21 +0000 |
| commit | 28997a3b2fc9218044fd893376d5dc9dbab14299 (patch) | |
| tree | 699a796fb2f2a1da5105c284d92093bae944cc2b /doc | |
| parent | df0be8b226bef4f6680719b5b7618d4b7f8a56b5 (diff) | |
| download | gitlab-ce-28997a3b2fc9218044fd893376d5dc9dbab14299.tar.gz | |
Revert "Elaborate instructions and add a reference"
This reverts commit 092542d2fa5c036e4fc01ba3185f1dc0e9ddbebb.
Included a stray file
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/user/project/clusters/serverless/index.md | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/doc/user/project/clusters/serverless/index.md b/doc/user/project/clusters/serverless/index.md index 91f0e24b44e..a06c3d3c662 100644 --- a/doc/user/project/clusters/serverless/index.md +++ b/doc/user/project/clusters/serverless/index.md @@ -94,10 +94,55 @@ adding an existing installation of Knative. It is also possible to use GitLab Serverless with an existing Kubernetes cluster which already has Knative installed. -Simply: +You must do the following: 1. Follow the steps to [add an existing Kubernetes cluster](../index.md#adding-an-existing-kubernetes-cluster). + +1. Ensure GitLab can manage Knative: + - For a non-GitLab managed cluster, ensure that the service account for the token + provided can manage resources in the `serving.knative.dev` API group. + - For a GitLab managed cluster, + GitLab uses a service account with the `edit` cluster role. This account needs + the ability to manage resources in the `serving.knative.dev` API group. + We suggest you do this with an [aggregated ClusterRole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) + adding rules to the default `edit` cluster role: + First, save the following YAML as `knative-serving-only-role.yaml`: + + ```yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: knative-serving-only-role + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rules: + - apiGroups: + - serving.knative.dev + resources: + - configurations + - configurationgenerations + - routes + - revisions + - revisionuids + - autoscalers + - services + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + ``` + + Then run the following command: + + ```bash + kubectl apply -f knative-serving-only-role.yaml + ``` + 1. Follow the steps to deploy [functions](#deploying-functions) or [serverless applications](#deploying-serverless-applications) onto your cluster. |