Before you install Knative serving in your cluster on Google Cloud, you must first ensure that you meet the following requirements:
- Review and understand the access permissions of components in Knative serving. 
- You must ensure that you have adequate permissions in your Google Cloud project to meet the installation requirements for your cluster, fleet, and Cloud Service Mesh: - If you have the Owner role for the Google Cloud project, then you have more than the necessary permissions to create clusters, install, and then configure Knative serving.
- Note that the Cloud Service Mesh permissions requirements also meet all the permission requirements for installing and configuring Knative serving. 
- Using other roles and the minimum requirements: - Depending on your organization, you can also meet the permission requirements through a combination of the following predefined roles: - Google Cloud project permissions: Basic Editor role 
- Fleet permissions: GKE Hub Admin or a role that includes the following permissions: - gkehub.features.create
- gkehub.features.update
 
- Cluster permissions: A Kubernetes Engine Admin Role: - Kubernetes Engine Admin
- Kubernetes Engine Cluster Admin
 
 
 
- A cluster with the following configuration is required: - A supported Google Kubernetes Engine cluster. Note that GKE clusters that have Windows Server node pools are unsupported. 
- Registered to a fleet: - To learn how to register your cluster and enable Workload Identity Federation for GKE in your fleet, see Registering a cluster. Supported cluster types outside Google Cloud are registered by default. 
- In-cluster Cloud Service Mesh version 1.18 or later is installed. Additionally, note the following prerequisites: - The Google-managed Cloud Service Mesh control plane is currently not fully supported by Knative serving. Use the in-cluster control plane instead.
- Cloud Service Mesh requires that your cluster use a machine type with at
least 4 vCPUs, such as e2-standard-4. See the Cloud Service Mesh installation guide for details about requirements. If you need to change your existing cluster's machine type, see Migrating workloads to different machine types.
- In order to benefit from the automated provisioning of test domains -
Cloud Service Mesh uses an ingress gateway and a service named istio-ingressin namespaceistio-system. To enable creation of the gateway during the feature installation use--option legacy-default-ingressgatewayofasmcliinstallation script.
 
 
- The following APIs must be enabled in your Google Cloud project: - Google Kubernetes Engine API: Build and manage container-based applications.
- Cloud Build API: Create and manage builds.
- Container Registry API: Push and pull images in Container Registry.