Prerequisites for clusters outside Google Cloud

Before you install Knative serving in your cluster outside Google Cloud, you must first ensure that you meet the following requirements:

  • Review and understand the access permissions of components in Knative serving.

  • You must ensure that you have adequate permissions in your Google Cloud project to meet the installation requirements for your cluster, fleet, and Cloud Service Mesh:

    • If you have the Owner role for the Google Cloud project, then you have more than the necessary permissions to create clusters, install, and then configure Knative serving.
    • Your GKE clusters outside of Google Cloud might also require other permissions. See the documentation and requirements for your cluster.
    • Note that the Cloud Service Mesh permissions requirements also meet all the permission requirements for installing and configuring Knative serving.

    • Using other roles and the minimum requirements:

      Depending on your organization, you can also meet the permission requirements through a combination of the following predefined roles:

  • A cluster with the following configuration is required:

    • A supported Google Distributed Cloud cluster. For previous installations on Google Distributed Cloud clusters, you must migrate Knative serving on VMware to a fleet.

      Preview: Other GKE clusters environments outside Google Cloud are currently available as a "Preview". Learn more.

    • Registered to a fleet:

      Go to GKE clusters

      To learn how to register your cluster and enable Workload Identity in your fleet, see Registering a cluster. Supported cluster types outside Google Cloud are registered by default.

    • In-cluster Cloud Service Mesh version 1.18 or later is installed. Additionally, note the following prerequisites:

      • The Google-managed Cloud Service Mesh control plane is currently not fully supported by Knative serving. Use the in-cluster control plane instead.
      • Cloud Service Mesh requires that your cluster use a machine type with at least 4 vCPUs, such as e2-standard-4. See the Cloud Service Mesh installation guide for details about requirements. If you need to change your existing cluster's machine type, see Migrating workloads to different machine types.
      • In order to benefit from the automated provisioning of test domains - Cloud Service Mesh uses an ingress gateway and a service named istio-ingress in namespace istio-system. To enable creation of the gateway during the feature installation use --option legacy-default-ingressgateway of asmcli installation script.
  • The command-line environment must be set up.

  • The following APIs must be enabled in your Google Cloud project:

    • Google Kubernetes Engine API: Build and manage container-based applications.
    • Cloud Build API: Create and manage builds.
    • Container Registry API: Push and pull images in Container Registry.

    Enable the APIs in the Google Cloud console