{"id":47664757,"url":"https://github.com/hops-ops/knative-stack","last_synced_at":"2026-04-29T03:03:46.007Z","repository":{"id":339463553,"uuid":"1147574772","full_name":"hops-ops/knative-stack","owner":"hops-ops","description":"Crossplane configuration for Knative: Knative Operator, Knative Serving/Eventing, and optional NATS","archived":false,"fork":false,"pushed_at":"2026-03-17T18:00:26.000Z","size":48,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-18T07:05:40.267Z","etag":null,"topics":["crossplane","crossplane-configuration","knative","knative-eventing","knative-serving","nats"],"latest_commit_sha":null,"homepage":null,"language":"KCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hops-ops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-02-02T00:13:44.000Z","updated_at":"2026-03-17T17:33:49.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/hops-ops/knative-stack","commit_stats":null,"previous_names":["hops-ops/stack-microservices","hops-ops/stack-knative","hops-ops/knative-stack"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/hops-ops/knative-stack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Fknative-stack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Fknative-stack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Fknative-stack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Fknative-stack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hops-ops","download_url":"https://codeload.github.com/hops-ops/knative-stack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Fknative-stack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31305850,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T09:48:21.550Z","status":"ssl_error","status_checked_at":"2026-04-02T09:48:19.196Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crossplane","crossplane-configuration","knative","knative-eventing","knative-serving","nats"],"created_at":"2026-04-02T11:52:26.061Z","updated_at":"2026-04-02T11:52:28.167Z","avatar_url":"https://github.com/hops-ops.png","language":"KCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# knative-stack\n\nA Crossplane Configuration package that deploys Knative Serving, Knative Eventing, and optional NATS JetStream on any Kubernetes cluster with Istio.\n\n## Overview\n\n`knative-stack` installs and configures a complete serverless platform:\n\n- **Knative Operator** — manages the lifecycle of Knative components via Helm\n- **Knative Serving** — autoscaling serverless workloads with Istio ingress, scale-to-zero, and revision management\n- **Knative Eventing** — event-driven architecture with pluggable channels and brokers\n- **NATS JetStream** (optional, enabled by default) — high-performance messaging backend for Knative Eventing channels\n\nThe stack assumes Istio is already installed (e.g. via [istio-stack](https://github.com/hops-ops/istio-stack)) and configures Knative to use Istio for ingress, mTLS, and network policies.\n\nDeletion protection (Usages) ensures correct teardown order: Serving/Eventing CRs are deleted before the Knative Operator that provides their CRDs.\n\n## Prerequisites\n\n- Crossplane installed in the cluster\n- **Istio** installed (provides `security.istio.io` CRDs and ingress)\n- Crossplane providers:\n - `provider-helm` (\u003e=v1)\n - `provider-kubernetes` (\u003e=v1)\n- Crossplane function:\n - `function-auto-ready` (\u003e=v0.6.0)\n\n## Quick Start\n\n```yaml\napiVersion: pkg.crossplane.io/v1\nkind: Configuration\nmetadata:\n name: knative-stack\nspec:\n package: ghcr.io/hops-ops/knative-stack:latest\n```\n\n```yaml\napiVersion: hops.ops.com.ai/v1alpha1\nkind: KnativeStack\nmetadata:\n name: knative\n namespace: default\nspec:\n clusterName: default\n```\n\nThis minimal spec installs the Knative Operator, Knative Serving (with Istio ingress), Knative Eventing (with NATS channels), and a 3-node NATS JetStream cluster.\n\n## The Journey\n\n### Stage 1: Getting Started\n\nMinimal configuration — everything uses sensible defaults. Serving and Eventing are both enabled, NATS provides the default channel backend, and Istio handles ingress.\n\n```yaml\napiVersion: hops.ops.com.ai/v1alpha1\nkind: KnativeStack\nmetadata:\n name: knative\n namespace: default\nspec:\n clusterName: default\n```\n\n**What you get:**\n- Knative Serving with Istio ingress, pod affinity/tolerations/topology spread enabled\n- Knative Eventing with NATS JetStream as the default channel\n- Revision garbage collection (max 10 non-active, retain 48h since creation)\n- Istio mTLS permissive mode on the knative-serving namespace\n\n### Stage 2: Production with TLS and Custom Domain\n\nAdd a hosted zone and cert-manager for automatic TLS on Knative services.\n\n```yaml\napiVersion: hops.ops.com.ai/v1alpha1\nkind: KnativeStack\nmetadata:\n name: knative\n namespace: default\nspec:\n clusterName: production-cluster\n hostedZone: example.com\n certManager:\n enabled: true\n labels:\n team: platform\n```\n\n**What this adds:**\n- All Knative services get `*.example.com` domain routing\n- cert-manager automatically provisions TLS certificates via Let's Encrypt\n- External domain TLS enabled on the Serving network config\n\n### Stage 3: Customized Components\n\nOverride Helm values and Knative specs for specific requirements.\n\n```yaml\napiVersion: hops.ops.com.ai/v1alpha1\nkind: KnativeStack\nmetadata:\n name: knative\n namespace: default\nspec:\n clusterName: production-cluster\n hostedZone: example.com\n certManager:\n enabled: true\n knativeServing:\n spec:\n config:\n gc:\n max-non-active-revisions: \"20\"\n retain-since-last-active-time: \"48h\"\n knativeEventing:\n spec:\n config:\n features:\n new-apiserversource-filters: enabled\n nats:\n values:\n config:\n jetstream:\n fileStore:\n pvc:\n size: 50Gi\n```\n\n### Serving or Eventing Only\n\nDisable components you don't need:\n\n```yaml\nspec:\n clusterName: my-cluster\n knativeEventing:\n enabled: false\n nats:\n enabled: false\n```\n\n## Composed Resources\n\n| Resource | Kind | Purpose |\n|----------|------|---------|\n| `knative-operator` | Helm Release | Installs the Knative Operator (manages Serving/Eventing CRDs) |\n| `namespace-knative-serving` | Object (Namespace) | Creates the knative-serving namespace with `istio-injection: enabled` |\n| `namespace-knative-eventing` | Object (Namespace) | Creates the knative-eventing namespace with `istio-injection: enabled` |\n| `knative-serving` | Object (KnativeServing) | Deploys Knative Serving via the operator |\n| `knative-serving-peer-auth` | Object (PeerAuthentication) | Sets Istio mTLS to permissive in knative-serving namespace |\n| `knative-eventing` | Object (KnativeEventing) | Deploys Knative Eventing via the operator |\n| `nats` | Helm Release | Installs NATS JetStream cluster (3 replicas, 10Gi storage) |\n| `usage-knative-serving` | Usage | Prevents operator deletion before KnativeServing cleanup |\n| `usage-knative-eventing` | Usage | Prevents operator deletion before KnativeEventing cleanup |\n\n## Spec Reference\n\n| Field | Type | Default | Description |\n|-------|------|---------|-------------|\n| `clusterName` | string | **required** | Target cluster name, used for provider config defaults |\n| `hostedZone` | string | | DNS zone for Knative service domains (e.g. `example.com`) |\n| `certManager.enabled` | bool | `false` | Enable cert-manager TLS integration |\n| `certManager.issuerRef` | string | `letsencrypt-production` | ClusterIssuer reference |\n| `labels` | map | `{}` | Labels merged with defaults on all resources |\n| `managementPolicies` | string[] | `[\"*\"]` | Crossplane management policies |\n| `helmProviderConfigRef.name` | string | `\u003cclusterName\u003e` | Helm ProviderConfig name |\n| `helmProviderConfigRef.kind` | string | `ProviderConfig` | ProviderConfig or ClusterProviderConfig |\n| `kubernetesProviderConfigRef.name` | string | `\u003cclusterName\u003e` | Kubernetes ProviderConfig name |\n| `kubernetesProviderConfigRef.kind` | string | `ProviderConfig` | ProviderConfig or ClusterProviderConfig |\n| `knativeOperator.name` | string | `knative-operator` | Helm release name |\n| `knativeOperator.namespace` | string | `knative-operator` | Namespace |\n| `knativeOperator.values` | object | `{}` | Helm values merged with defaults |\n| `knativeOperator.overrideAllValues` | object | | Replaces all defaults |\n| `knativeServing.enabled` | bool | `true` | Install Knative Serving |\n| `knativeServing.name` | string | `knative-serving` | KnativeServing resource name |\n| `knativeServing.namespace` | string | `knative-serving` | Namespace |\n| `knativeServing.spec` | object | *(see defaults)* | Spec merged with defaults |\n| `knativeServing.overrideAllSpec` | object | | Replaces all spec defaults |\n| `knativeEventing.enabled` | bool | `true` | Install Knative Eventing |\n| `knativeEventing.name` | string | `knative-eventing` | KnativeEventing resource name |\n| `knativeEventing.namespace` | string | `knative-eventing` | Namespace |\n| `knativeEventing.spec` | object | *(see defaults)* | Spec merged with defaults |\n| `knativeEventing.overrideAllSpec` | object | | Replaces all spec defaults |\n| `nats.enabled` | bool | `true` | Install NATS JetStream |\n| `nats.name` | string | `nats` | Helm release name |\n| `nats.namespace` | string | `nats` | Namespace |\n| `nats.values` | object | `{}` | Helm values merged with defaults |\n| `nats.overrideAllValues` | object | | Replaces all defaults |\n\n## Serving Defaults\n\nWhen not overridden, Knative Serving is configured with:\n\n- **Ingress:** Istio (`istio.ingress.networking.knative.dev`)\n- **Pod features:** affinity, securityContext, nodeSelector, tolerations, topologySpreadConstraints\n- **GC:** max 10 non-active revisions, retain 48h since creation, 15h since last active\n- **TLS:** enabled when `certManager.enabled: true`\n- **Domain:** configured when `hostedZone` is set\n\n## Eventing Defaults\n\nWhen not overridden, Knative Eventing is configured with:\n\n- **Istio integration:** enabled\n- **Default channel:** NATS JetStream (when `nats.enabled: true`)\n\n## Status\n\n| Field | Type | Description |\n|-------|------|-------------|\n| `status.ready` | bool | Overall readiness (all components healthy) |\n\n## Development\n\n```bash\nmake render # Render all examples\nmake validate # Validate against XRD schema\nmake test # Run unit tests\nmake e2e # Run E2E tests\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhops-ops%2Fknative-stack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhops-ops%2Fknative-stack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhops-ops%2Fknative-stack/lists"}