4 files changed, 129 insertions, 13 deletions

diff --git a/g3doc/user_guide/debugging.md b/g3doc/user_guide/debugging.md
index 54fdce34f..2291b5fab 100644
--- a/g3doc/user_guide/debugging.md
+++ b/g3doc/user_guide/debugging.md
@@ -61,24 +61,39 @@ You can debug gVisor like any other Golang program. If you're running with
 Docker, you'll need to find the sandbox PID and attach the debugger as root.
 Here is an example:
 
+Install a runsc with debug symbols (you can also use the
+[nightly release](../install/#nightly)):
+
 ```bash
-# Get a runsc with debug symbols (download nightly or build with symbols).
-bazel build -c dbg //runsc:runsc
+make dev BAZEL_OPTIONS="-c dbg"
+```
 
-# Start the container you want to debug.
-docker run --runtime=runsc --rm --name=test -d alpine sleep 1000
+Start the container you want to debug using the runsc runtime with debug
+options:
 
-# Find the sandbox PID.
-docker inspect test | grep Pid | head -n 1
+```bash
+docker run --runtime=$(git branch --show-current)-d --rm --name=test -p 8080:80 -d nginx
+```
 
-# Attach your favorite debugger.
-sudo dlv attach <PID>
+Find the PID and attach your favorite debugger:
+
+```bash
+sudo dlv attach $(docker inspect test | grep Pid | head -n 1 | grep -oe "[0-9]*")
+```
 
-# Set a breakpoint and resume.
-break mm.MemoryManager.MMap
+Set a breakpoint for accept:
+
+```bash
+break gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*SocketOperations).Accept
 continue
 ```
 
+In a different window connect to nginx to trigger the breakpoint:
+
+```bash
+curl http://localhost:8080/
+```
+
 ## Profiling
 
 `runsc` integrates with Go profiling tools and gives you easy commands to
diff --git a/g3doc/user_guide/install.md b/g3doc/user_guide/install.md
index bcfba0179..321f13ce8 100644
--- a/g3doc/user_guide/install.md
+++ b/g3doc/user_guide/install.md
@@ -138,7 +138,9 @@ sudo add-apt-repository "deb [arch=amd64,arm64] https://storage.googleapis.com/g
 
 ### Specific release
 
-A given release release is available at the following URL:
+Specific releases are the latest [point release](#point-release) for a given
+date. Specific releases should be available for any date that has a point
+release. A given release is available at the following URL:
 
 `https://storage.googleapis.com/gvisor/releases/release/${yyyymmdd}/${ARCH}`
 
@@ -159,7 +161,9 @@ sudo add-apt-repository "deb [arch=amd64,arm64] https://storage.googleapis.com/g
 
 ### Point release
 
-A given point release is available at the following URL:
+Point releases correspond to
+[releases](https://github.com/google/gvisor/releases) tagged in the Github
+repository. A given point release is available at the following URL:
 
 `https://storage.googleapis.com/gvisor/releases/release/${yyyymmdd}.${rc}/${ARCH}`
 
diff --git a/g3doc/user_guide/tutorials/BUILD b/g3doc/user_guide/tutorials/BUILD
index f405349b3..a862c76f4 100644
--- a/g3doc/user_guide/tutorials/BUILD
+++ b/g3doc/user_guide/tutorials/BUILD
@@ -37,10 +37,19 @@ doc(
 )
 
 doc(
+    name = "knative",
+    src = "knative.md",
+    category = "User Guide",
+    permalink = "/docs/tutorials/knative/",
+    subcategory = "Tutorials",
+    weight = "40",
+)
+
+doc(
     name = "cni",
     src = "cni.md",
     category = "User Guide",
     permalink = "/docs/tutorials/cni/",
     subcategory = "Tutorials",
-    weight = "40",
+    weight = "50",
 )
diff --git a/g3doc/user_guide/tutorials/knative.md b/g3doc/user_guide/tutorials/knative.md
new file mode 100644
index 000000000..3f5207fcc
--- /dev/null
+++ b/g3doc/user_guide/tutorials/knative.md
@@ -0,0 +1,88 @@
+# Knative Services
+
+[Knative](https://knative.dev/) is a platform for running serverless workloads
+on Kubernetes. This guide will show you how to run basic Knative workloads in
+gVisor.
+
+## Prerequisites
+
+This guide assumes you have have a cluster that is capable of running gVisor
+workloads. This could be a
+[GKE Sandbox](https://cloud.google.com/kubernetes-engine/sandbox/) enabled
+cluster on Google Cloud Platform or one you have set up yourself using
+[containerd Quick Start](https://gvisor.dev/docs/user_guide/containerd/quick_start/).
+
+This guide will also assume you have Knative installed using
+[Istio](https://istio.io/) as the network layer. You can follow the
+[Knative installation guide](https://knative.dev/docs/install/install-serving-with-yaml/)
+to install Knative.
+
+## Enable the RuntimeClass feature flag
+
+Knative allows the use of various parameters on Pods via
+[feature flags](https://knative.dev/docs/serving/feature-flags/). We will enable
+the
+[runtimeClassName](https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class)
+feature flag to enable the use of the Kubernetes
+[Runtime Class](https://kubernetes.io/docs/concepts/containers/runtime-class/).
+
+Edit the feature flags ConfigMap.
+
+```bash
+kubectl edit configmap config-features -n knative-serving
+```
+
+Add the `kubernetes.podspec-runtimeclassname: enabled` to the `data` field. Once
+you are finished the ConfigMap will look something like this (minus all the
+system fields).
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-features
+  namespace: knative-serving
+  labels:
+    serving.knative.dev/release: v0.22.0
+data:
+  kubernetes.podspec-runtimeclassname: enabled
+```
+
+## Deploy the Service
+
+After you have set the Runtime Class feature flag you can now create Knative
+services that specify a `runtimeClassName` in the spec.
+
+```bash
+cat <<EOF | kubectl apply -f -
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: helloworld-go
+spec:
+  template:
+    spec:
+      runtimeClassName: gvisor
+      containers:
+        - image: gcr.io/knative-samples/helloworld-go
+          env:
+            - name: TARGET
+              value: "gVisor User"
+EOF
+```
+
+You can see the pods running and their Runtime Class.
+
+```bash
+kubectl get pods -o=custom-columns='NAME:.metadata.name,RUNTIME CLASS:.spec.runtimeClassName,STATUS:.status.phase'
+```
+
+Output should look something like the following. Note that your service might
+scale to zero. If you access it via it's URL you should get a new Pod.
+
+```
+NAME                                              RUNTIME CLASS   STATUS
+helloworld-go-00002-deployment-646c87b7f5-5v68s   gvisor          Running
+```
+
+Congrats! Your Knative service is now running in gVisor!