Add activator restart and fix CM label

knative · Mar 19, 2024 · 8fd3dc1 · 8fd3dc1
1 parent 828400f
commit 8fd3dc1
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/docs/serving/encryption/install-and-configure-net-certmanager.md b/docs/serving/encryption/install-and-configure-net-certmanager.md
@@ -168,7 +168,7 @@ in the namespace where the component runs, e.g:
 * kourier-system (when using net-kourier)
 * Each namespace where a Knative Service runs
 
-Knative looks for a `ConfigMap` with the label `knative-ca-trust-bundle="true"` and will read all `data` keys (regardless of the name). 
+Knative looks for a `ConfigMap` with the label `networking.knative.dev/trust-bundle: "true"` and will read all `data` keys (regardless of the name). 
 One key can contain one or multiple CAs/Intermediates. If they are valid, they will be added to the trust store of the Knative components.
 
 Here is an example of how `ConfigMap` could look like:
@@ -199,7 +199,7 @@ data:
 kind: ConfigMap
 metadata:
   labels:
-    knative-ca-trust-bundle: "true"
+    networking.knative.dev/trust-bundle: "true"
   name: knative-bundle
   namespace: knative-serving
 ```

diff --git a/docs/serving/encryption/system-internal-tls.md b/docs/serving/encryption/system-internal-tls.md
@@ -38,6 +38,15 @@ Then, update the [`config-network` ConfigMap](https://github.com/knative/serving
        ...
     ```
 
+1.  Restart the Activator component
+
+    !!! warning
+        When the `system-internal-tls` feature is activated, the Activator component needs to be restarted to reconfigure its internal web server, as this is not possible during runtime.
+
+    ```bash
+      kubectl rollout restart deploy/activator -n knative-serving
+    ```
+
 Congratulations! Knative will now use TLS between its internal system components (Ingress-Controller, Activator and Queue-Proxy).