In this example CloudRun custom resource, the configuration details for
Cloud Monitoring are specified to use the my-gcp-logging-secret secret
and key.json key:
Click on the name of your cluster to open the details pane.
Run this command to check if you can see the Knative serving version details:
kubectl get all -n knative-serving -o 'go-template={{index .metadata.labels "serving.knative.dev/release"}}'
Verify that all Knative serving specific deployments are in running status under knative-serving and appdevexperience namespaces.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Installing Knative serving outside Google Cloud\n\nLearn how to install Knative serving in your GKE clusters outside Google Cloud. Knative serving now uses Cloud Service Mesh and GKE Enterprise fleets. [Learn what's new and changed with Knative serving\nfleet installations](/kubernetes-engine/enterprise/knative-serving/docs/install).\n\n\u003cbr /\u003e\n\nFor **Knative serving on VMware** , see the\n[GA-level installation guide](/kubernetes-engine/enterprise/knative-serving/docs/install/outside-gcp/vmware).\n|\n| **Preview**\n|\n|\n| This product or feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA products and features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nSupport for the following GKE clusters are available as a **Preview**:\n\n- [GKE on AWS](/anthos/clusters/docs/multi-cloud/aws/concepts/architecture)\n- [GKE on Azure](/anthos/clusters/docs/multi-cloud/azure/concepts/architecture)\n- [Google Distributed Cloud](/anthos/clusters/docs/bare-metal/latest/concepts/about-bare-metal)\n- [GKE Enterprise attached clusters](/anthos/docs/setup/attach-kubernetes-clusters)\n\nUse the steps on this page to configure a new installation or to\nupdate an existing [fleet installation](/kubernetes-engine/enterprise/knative-serving/docs/install)\nof Knative serving.\n\nBefore you begin\n----------------\n\nYou must ensure that you meet the\n[installation prerequisites](/kubernetes-engine/enterprise/knative-serving/docs/install/outside-gcp/prerequisites).\n\nConfigure your `CloudRun` custom resource\n-----------------------------------------\n\nYou need to manually create and configure the `CloudRun` custom resource to\nconfigure your installation.\nTo manually create a `CloudRun` custom resource for GKE clusters outside Google Cloud:\n\n\u003cbr /\u003e\n\n1. You must create or have an existing service account that has been\n granted the required\n [Monitoring Metric Writer role](/monitoring/access-control#mon_roles_desc)\n (`monitoring.metricWriter`).\n\n - To create a new service account and then download the key, see\n [Using service accounts](/kubernetes-engine/enterprise/knative-serving/docs/securing/service-accounts).\n\n - If you have an existing service account with the necessary permissions,\n locate the key that you downloaded when you created that service account.\n\n2. Ensure Cloud Monitoring is enabled in your GKE cluster:\n\n - [GKE on AWS](/anthos/clusters/docs/multi-cloud/aws/how-to/create-cluster#telemetry-agent-auth)\n - [GKE on Azure](/anthos/clusters/docs/multi-cloud/azure/how-to/create-cluster#telemetry-agent-auth)\n - [Google Distributed Cloud](/anthos/clusters/docs/bare-metal/latest/how-to/log-monitoring)\n - [GKE Enterprise attached clusters](/anthos/attached-clusters/docs/logging-monitoring)\n3. Create the `knative-serving` namespace:\n\n kubectl create namespace knative-serving\n\n4. Create a secret in the `knative-serving` namespace that holds the\n service account with `monitoring.metricWriter` permissions:\n\n kubectl create secret -n knative-serving generic \u003cvar translate=\"no\"\u003eSECRET_NAME\u003c/var\u003e --from-file=\u003cvar translate=\"no\"\u003ePATH_TO_KEY_FILE\u003c/var\u003e/\u003cvar translate=\"no\"\u003eSECRET_KEY\u003c/var\u003e\n\n Replace:\n - \u003cvar translate=\"no\"\u003eSECRET_NAME\u003c/var\u003e with the name that you choose for the secret.\n - \u003cvar translate=\"no\"\u003eSECRET_KEY\u003c/var\u003e with the name of the file that includes your credentials. Example: `key.json`\n - \u003cvar translate=\"no\"\u003ePATH_TO_KEY_FILE\u003c/var\u003e with the path to the directory of the \u003cvar translate=\"no\"\u003eSECRET_KEY\u003c/var\u003e.\n\n See the\n [`kubectl create secret`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-em-secret-generic-em-) reference to learn more, including optional flags.\n5. Create a YAML file with the following attributes, for example\n `cloudrunanthos.yaml`:\n\n apiVersion: operator.run.cloud.google.com/v1alpha1\n kind: CloudRun\n metadata:\n name: cloud-run\n spec:\n metricscollector:\n stackdriver:\n projectid: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003ePROJECT_ID\u003c/span\u003e\u003c/var\u003e\n gcpzone: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eCLUSTER_LOCATION\u003c/span\u003e\u003c/var\u003e\n clustername: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eCLUSTER_NAME\u003c/span\u003e\u003c/var\u003e\n secretname: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eSECRET_NAME\u003c/span\u003e\u003c/var\u003e\n secretkey: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eSECRET_KEY\u003c/span\u003e\u003c/var\u003e\n\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with the ID of your Google Cloud project.\n - \u003cvar translate=\"no\"\u003eCLUSTER_LOCATION\u003c/var\u003e with the [region or zone](/compute/docs/regions-zones#available) in which your cluster is located.\n - \u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e with the ID of your cluster or the fully qualified identifier for the cluster.\n - \u003cvar translate=\"no\"\u003eSECRET_NAME\u003c/var\u003e with the name of the Secret for the service account of the `knative-serving` namespace.\n - \u003cvar translate=\"no\"\u003eSECRET_KEY\u003c/var\u003e with the key of the Secret for the service account of\n the `knative-serving` namespace. For example: `key.json`\n\n For details about service accounts, see:\n - [Creating service accounts](/iam/docs/creating-managing-service-accounts)\n - [Creating service account keys](/iam/docs/creating-managing-service-account-keys)\n\n **Example**\n\n \u003cbr /\u003e\n\n In this example `CloudRun` custom resource, the configuration details for\n Cloud Monitoring are specified to use the `my-gcp-logging-secret` secret\n and `key.json` key: \n\n apiVersion: operator.run.cloud.google.com/v1alpha1\n kind: CloudRun\n metadata:\n name: cloud-run\n spec:\n metricscollector:\n stackdriver:\n projectid: my-gcp-project-id\n gcpzone: us-central1-c\n clustername: my-anthos-cluster-name\n secretname: my-gcp-logging-secret\n secretkey: key.json\n ```\n\nEnable and install Knative serving\n----------------------------------\n\nEnable the Knative serving component in your GKE Enterprise fleet\nand then deploy your `CloudRun` custom resource:\n\n1. Enable Knative serving in your fleet:\n\n gcloud container fleet cloudrun enable --project=\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with the ID of your Google Cloud project.\n\n For details and additional options, see the\n [gcloud container fleet cloudrun enable](/sdk/gcloud/reference/container/hub/cloudrun/enable)\n reference.\n2. Optional: Verify that the Knative serving feature component is\n enabled:\n\n ### Console\n\n View if the Knative serving component is **Enabled** in the\n Google Cloud console:\n\n [Go to Feature Manager](https://console.cloud.google.com/kubernetes/features)\n\n ### Command line\n\n View if the `appdevexperience` state is `ACTIVE`: \n\n gcloud container fleet features list --project=\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with the ID of your Google Cloud project.\n\n For details and additional options, see the\n [gcloud container fleet features list](/sdk/gcloud/reference/container/hub/features/list)\n reference.\n\n Result: \n\n NAME STATE\n appdevexperience ACTIVE\n\n3. For each GKE Enterprise cluster where you want to install Knative serving,\n\n you must deploy your `CloudRun` custom resource:\n\n ### gcloud\n\n\n gcloud container fleet cloudrun apply --kubeconfig=\u003cvar translate=\"no\"\u003eKUBECONFIG\u003c/var\u003e --context=\u003cvar translate=\"no\"\u003eCONTEXT\u003c/var\u003e --config=\u003cvar translate=\"no\"\u003eCONFIG_FILE\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eKUBECONFIG\u003c/var\u003e with the absolute path to your kubectl config file.\n - \u003cvar translate=\"no\"\u003eCONTEXT\u003c/var\u003e with the name of the context in your kubectl config file to use for connecting.\n - \u003cvar translate=\"no\"\u003eCONFIG_FILE\u003c/var\u003e with the filename relative path to your `cloudRun` custom resource. Example `cloudrunanthos.yaml`.\n\n For details and additional options, see the\n [gcloud container fleet cloudrun apply](/sdk/gcloud/reference/container/hub/cloudrun/apply)\n reference.\n\n \u003cbr /\u003e\n\n ### kubectl\n\n\n kubectl apply --kubeconfig=\u003cvar translate=\"no\"\u003eKUBECONFIG\u003c/var\u003e --filename \u003cvar translate=\"no\"\u003eCONFIG_FILE\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eKUBECONFIG\u003c/var\u003e with the absolute path to your kubectl config file.\n - \u003cvar translate=\"no\"\u003eCONFIG_FILE\u003c/var\u003e with the filename and relative path to your `cloudRun` custom resource. Example `cloudrunanthos.yaml`.\n\n For details and additional options, see the\n [kubectl apply](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply)\n reference.\n\n \u003cbr /\u003e\n\n\n4. Verify that Knative serving has been enabled in your cluster:\n 1. Open the Google Cloud console:\u003cbr /\u003e\n\n [Go to GKE clusters](https://console.cloud.google.com/kubernetes/list/overview)\n 2. Click on the name of your cluster to open the details pane.\u003cbr /\u003e\n\n \u003cbr /\u003e\n\n 3. Run this command to check if you can see the Knative serving version details: `kubectl get all -n knative-serving -o 'go-template={{index .metadata.labels \"serving.knative.dev/release\"}}'`\n 4. Verify that all Knative serving specific deployments are in running status under `knative-serving` and `appdevexperience` namespaces.\n\nWhat's next\n-----------\n\n[Set up your installation of Knative serving](/kubernetes-engine/enterprise/knative-serving/docs/setup)."]]
