From e5c09b4f82dd0fe2fd319384e86f2883142ababc Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:40:24 +0300 Subject: [PATCH 01/10] knative: Update README for v1.4.0 Signed-off-by: Kimonas Sotirchos --- common/knative/README.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/common/knative/README.md b/common/knative/README.md index df54ef742e..c4e056626a 100644 --- a/common/knative/README.md +++ b/common/knative/README.md @@ -4,8 +4,8 @@ The manifests for Knative Serving are based off the following: - - [Knative serving (v0.22.1)](https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml) - - [Knative ingress controller for Istio (v0.22.1)](https://github.com/knative-sandbox/net-istio/releases/download/v0.22.1/net-istio.yaml) + - [Knative serving (v1.4.0)](https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml) + - [Knative ingress controller for Istio (v1.4.0)](https://github.com/knative-sandbox/net-istio/releases/download/v0.22.1/net-istio.yaml) 1. Download the knative-serving manifests with the following commands: @@ -13,9 +13,9 @@ The manifests for Knative Serving are based off the following: ```sh # No need to install serving-crds. # See: https://github.com/knative/serving/issues/9945 - wget -O knative-serving/base/upstream/serving-core.yaml 'https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml' - wget -O knative-serving/base/upstream/net-istio.yaml 'https://github.com/knative-sandbox/net-istio/releases/download/v0.22.1/net-istio.yaml' - wget -O knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml https://github.com/knative/serving/releases/download/v0.22.1/serving-post-install-jobs.yaml + wget -O knative-serving/base/upstream/serving-core.yaml 'https://github.com/knative/serving/releases/download/knative-v1.4.0/serving-core.yaml' + wget -O knative-serving/base/upstream/net-istio.yaml 'https://github.com/knative-sandbox/net-istio/releases/download/knative-v1.4.0/net-istio.yaml' + wget -O knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml https://github.com/knative/serving/releases/download/knative-v1.4.0/serving-post-install-jobs.yaml ``` 1. Remove all comments, since `yq` does not handle them correctly. See: @@ -67,20 +67,20 @@ The manifests for Knative Serving are based off the following: ## Knative-Eventing -The manifests for Knative Eventing are based off the the [v0.22.1 release](https://github.com/knative/eventing/releases/tag/v0.22.1). +The manifests for Knative Eventing are based off the the [v1.4.0 release](https://github.com/knative/eventing/releases/tag/v0.22.1). - - [Eventing Core](https://github.com/knative/eventing/releases/download/v0.22.1/eventing-core.yaml) - - [In-Memory Channel](https://github.com/knative/eventing/releases/download/v0.22.1/in-memory-channel.yaml) - - [MT Channel Broker](https://github.com/knative/eventing/releases/download/v0.22.1/mt-channel-broker.yaml) + - [Eventing Core](https://github.com/knative/eventing/releases/download/v1.4.0/eventing-core.yaml) + - [In-Memory Channel](https://github.com/knative/eventing/releases/download/v1.4.0/in-memory-channel.yaml) + - [MT Channel Broker](https://github.com/knative/eventing/releases/download/v1.4.0/mt-channel-broker.yaml) -1. Download the knative-serving manifests with the following commands: +1. Download the knative-eventing manifests with the following commands: ```sh - wget -O knative-eventing/base/upstream/eventing-core.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/eventing-core.yaml' - wget -O knative-eventing/base/upstream/in-memory-channel.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/in-memory-channel.yaml' - wget -O knative-eventing/base/upstream/mt-channel-broker.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/mt-channel-broker.yaml' - wget -O knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml https://github.com/knative/eventing/releases/download/v0.22.1/eventing-post-install-jobs.yaml + wget -O knative-eventing/base/upstream/eventing-core.yaml 'https://github.com/knative/eventing/releases/download/knative-v1.4.0/eventing-core.yaml' + wget -O knative-eventing/base/upstream/in-memory-channel.yaml 'https://github.com/knative/eventing/releases/download/knative-v1.4.0/in-memory-channel.yaml' + wget -O knative-eventing/base/upstream/mt-channel-broker.yaml 'https://github.com/knative/eventing/releases/download/knative-v1.4.0/mt-channel-broker.yaml' + wget -O knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml https://github.com/knative/eventing/releases/download/knative-v1.4.0/eventing-post-install-jobs.yaml ``` 1. Remove all comments, since `yq` does not handle them correctly. See: From f77342819d3303b17bee7316ef9047f829c4ab0e Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:47:32 +0300 Subject: [PATCH 02/10] knative: wget latest manifests Signed-off-by: Kimonas Sotirchos --- .../base/serving-post-install-jobs.yaml | 46 +- .../base/upstream/net-istio.yaml | 491 +- .../base/upstream/serving-core.yaml | 4456 +++++++++++++++-- 3 files changed, 4544 insertions(+), 449 deletions(-) diff --git a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml index f1732a157f..a19613d1ea 100644 --- a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml +++ b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml @@ -1,12 +1,30 @@ + +--- +# /tmp/tmp.6gY9AuLX8o/serving-storage-version-migration.yaml +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: batch/v1 kind: Job metadata: generateName: storage-version-migration-serving- namespace: knative-serving labels: - app: "storage-version-migration-serving" - serving.knative.dev/release: "v0.22.1" - name: storage-version-migration-serving + app: storage-version-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.4.0" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -15,15 +33,33 @@ spec: annotations: sidecar.istio.io/inject: "false" labels: - app: "storage-version-migration-serving" + app: storage-version-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.4.0" spec: serviceAccountName: controller restartPolicy: OnFailure containers: - name: migrate - image: gcr.io/knative-releases/knative.dev/serving/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:dce9002c02d7abda2f7d4b656c28029ec172d085bb116f22936cb1e096c3d1c7 + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:a53b272ad6937f2fa785e9e42b059aaa9f93dd100d1fabae8e63c7acb7a4f711 args: - "services.serving.knative.dev" - "configurations.serving.knative.dev" - "revisions.serving.knative.dev" - "routes.serving.knative.dev" + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + +--- diff --git a/common/knative/knative-serving/base/upstream/net-istio.yaml b/common/knative/knative-serving/base/upstream/net-istio.yaml index 7672c4fbba..a97c48885f 100644 --- a/common/knative/knative-serving/base/upstream/net-istio.yaml +++ b/common/knative/knative-serving/base/upstream/net-istio.yaml @@ -1,23 +1,99 @@ +# Generated when HEAD was 169bfb2b9f364e8c5be69906167b4f85b3b43c86 +# +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: + # These are the permissions needed by the Istio Ingress implementation. name: knative-serving-istio labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" serving.knative.dev/controller: "true" networking.knative.dev/ingress-provider: istio rules: - apiGroups: ["networking.istio.io"] resources: ["virtualservices", "gateways", "destinationrules"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This is the shared Gateway for all Knative routes to use. +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: knative-ingress-gateway + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# A cluster local gateway to allow pods outside of the mesh to access +# Services and Routes not exposing through an ingress. If the users +# do have a service mesh setup, this isn't required. apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: knative-local-gateway namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -36,8 +112,11 @@ metadata: name: knative-local-gateway namespace: istio-system labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" networking.knative.dev/ingress-provider: istio + experimental.istio.io/disable-gateway-port-translation: "true" spec: type: ClusterIP selector: @@ -46,116 +125,34 @@ spec: - name: http2 port: 80 targetPort: 8081 + --- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "domainmapping-webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: domainmapping-webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "istio-webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: istio-webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.istio.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: istio-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - objectSelector: - matchExpressions: - - {key: "serving.knative.dev/configuration", operator: Exists} - name: webhook.istio.networking.internal.knative.dev ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.istio.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: istio-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.istio.networking.internal.knative.dev - namespaceSelector: - matchExpressions: - - key: serving.knative.dev/release - operator: Exists ---- -apiVersion: v1 -kind: Secret -metadata: - name: istio-webhook-certs - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio ---- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-istio namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" networking.knative.dev/ingress-provider: istio data: + # TODO(nghia): Extract the .svc.cluster.local suffix into its own config. _example: | ################################ # # @@ -172,12 +169,10 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # Default Knative Gateway after v0.3. It points to the Istio - # standard istio-ingressgateway, instead of a custom one that we - # used pre-0.3. The configuration format should be `gateway. - # {{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}. - # {{ingress_namespace}}.svc.cluster.local"`. The {{gateway_namespace}} - # is optional; when it is omitted, the system will search for + # A gateway and Istio service to serve external traffic. + # The configuration format should be + # `gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local"`. + # The {{gateway_namespace}} is optional; when it is omitted, the system will search for # the gateway in the serving system namespace `knative-serving` gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" @@ -197,39 +192,124 @@ data: # `knative-serving` local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local" + # DEPRECATED: local-gateway.mesh is deprecated. + # See: https://github.com/knative/serving/issues/11523 + # # To use only Istio service mesh and no knative-local-gateway, replace # all local-gateway.* entries by the following entry. local-gateway.mesh: "mesh" # If true, knative will use the Istio VirtualService's status to determine # endpoint readiness. Otherwise, probe as usual. + # NOTE: This feature is currently experimental and should not be used in production. enable-virtualservice-status: "false" + --- +# Allows the Webhooks to be reached by kube-api with or without +# sidecar injection and with mTLS PERMISSIVE and STRICT. +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: webhook + portLevelMtls: + "8443": + mode: PERMISSIVE +--- +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "domainmapping-webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: domainmapping-webhook + portLevelMtls: + "8443": + mode: PERMISSIVE +--- +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "net-istio-webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: net-istio-webhook + portLevelMtls: + "8443": + mode: PERMISSIVE + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: - name: networking-istio + name: net-istio-controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" networking.knative.dev/ingress-provider: istio spec: selector: matchLabels: - app: networking-istio + app: net-istio-controller template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + # This must be outside of the mesh to probe the gateways. + # NOTE: this is allowed here and not elsewhere because + # this is the Istio controller, and so it may be Istio-aware. sidecar.istio.io/inject: "false" labels: - app: networking-istio - serving.knative.dev/release: "v0.22.1" + app: net-istio-controller + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: serviceAccountName: controller containers: - - name: networking-istio - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:ff8680da52ef47b8573ebc3393cbfa2f0f14b05c1e02232807f22699adbef57a + - name: controller + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:3b3e93366ec18b0af7d1ea071f0917e5d853e49b48b687e9893336844917aec8 resources: requests: cpu: 30m @@ -246,6 +326,7 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/net-istio securityContext: @@ -260,33 +341,57 @@ spec: containerPort: 9090 - name: profiling containerPort: 8008 + +# Unlike other controllers, this doesn't need a Service defined for metrics and +# profiling because it opts out of the mesh (see annotation above). + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: - name: istio-webhook + name: net-istio-webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" networking.knative.dev/ingress-provider: istio spec: selector: matchLabels: - app: istio-webhook - role: istio-webhook + app: net-istio-webhook + role: net-istio-webhook template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: - app: istio-webhook - role: istio-webhook - serving.knative.dev/release: "v0.22.1" + app: net-istio-webhook + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: serviceAccountName: controller containers: - name: webhook - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:1e371db6b1a9f9265fc7a55d15d98c935c0c28925ffde351fb3b93f331c5a08e + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:d80d32bc8f27ef05cc834ea54383f74cad6c6d83fe96f4e685bfb86562787e53 resources: requests: cpu: 20m @@ -303,10 +408,11 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/net-istio - name: WEBHOOK_NAME - value: istio-webhook + value: net-istio-webhook securityContext: allowPrivilegeEscalation: false ports: @@ -316,18 +422,62 @@ spec: containerPort: 8008 - name: https-webhook containerPort: 8443 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: net-istio-webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + networking.knative.dev/ingress-provider: istio + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: Service metadata: - name: istio-webhook + name: net-istio-webhook namespace: knative-serving labels: - role: istio-webhook - serving.knative.dev/release: "v0.22.1" + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" networking.knative.dev/ingress-provider: istio spec: ports: + # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -338,4 +488,85 @@ spec: port: 443 targetPort: 8443 selector: - app: istio-webhook + app: net-istio-webhook + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + networking.knative.dev/ingress-provider: istio +webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + objectSelector: + matchExpressions: + - {key: "serving.knative.dev/configuration", operator: Exists} + name: webhook.istio.networking.internal.knative.dev + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + networking.knative.dev/ingress-provider: istio +webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.istio.networking.internal.knative.dev + objectSelector: + matchLabels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: net-istio + +--- diff --git a/common/knative/knative-serving/base/upstream/serving-core.yaml b/common/knative/knative-serving/base/upstream/serving-core.yaml index b2cab4681d..53f1a1b3f1 100644 --- a/common/knative/knative-serving/base/upstream/serving-core.yaml +++ b/common/knative/knative-serving/base/upstream/serving-core.yaml @@ -1,17 +1,65 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: Namespace metadata: name: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "Addressables" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + # Named like this to avoid clashing with eventing's existing `addressable-resolver` role + # (which should be identical, but isn't guaranteed to be installed alongside serving). + name: knative-serving-aggregated-addressable-resolver + labels: + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/addressable: "true" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving + # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - serving.knative.dev @@ -24,14 +72,30 @@ rules: - get - list - watch + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -46,7 +110,8 @@ metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -61,28 +126,48 @@ metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] verbs: ["get", "list", "watch"] + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-core labels: - serving.knative.dev/release: "v0.22.1" serving.knative.dev/controller: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: [""] - resources: ["endpoints/restricted"] + resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission verbs: ["create"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook + verbs: ["update"] - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] + resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] @@ -102,14 +187,32 @@ rules: - apiGroups: ["caching.internal.knative.dev"] resources: ["images"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving + # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" +# Do not use this role directly. These rules will be added to the "podspecable-binder" role. rules: - apiGroups: - serving.knative.dev @@ -120,33 +223,52 @@ rules: - list - watch - patch + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ServiceAccount metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-admin labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" aggregationRule: clusterRoleSelectors: - matchLabels: serving.knative.dev/controller: "true" -rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-serving-controller-admin labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" subjects: - kind: ServiceAccount name: controller @@ -156,11 +278,45 @@ roleRef: name: knative-serving-admin apiGroup: rbac.authorization.k8s.io --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-addressable-resolver + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-aggregated-addressable-resolver + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: images.caching.internal.knative.dev labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: caching.internal.knative.dev @@ -171,8 +327,6 @@ spec: categories: - knative-internal - caching - shortNames: - - img scope: Namespaced versions: - name: v1alpha1 @@ -183,18 +337,39 @@ spec: schema: openAPIV3Schema: type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Image type: string jsonPath: .spec.image + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: certificates.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -207,6 +382,10 @@ spec: schema: openAPIV3Schema: type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready @@ -225,27 +404,53 @@ spec: shortNames: - kcert scope: Namespaced + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: configurations.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: LatestCreated type: string @@ -259,25 +464,996 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true names: - kind: Configuration - plural: configurations - singular: configuration + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + required: + - ref + properties: + ref: + description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + type: object + required: + - kind + - name + properties: + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + required: + - ref + properties: + ref: + description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + type: object + required: + - kind + - name + properties: + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping categories: - all - knative - serving shortNames: - - config - - cfg + - dm scope: Namespaced + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ingresses.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -290,6 +1466,10 @@ spec: schema: openAPIV3Schema: type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready @@ -309,26 +1489,48 @@ spec: - kingress - king scope: Namespaced + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: metrics.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced versions: - name: v1alpha1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready type: string @@ -336,34 +1538,125 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced versions: - name: v1alpha1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: DesiredScale type: integer @@ -377,37 +1670,153 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced + schema: + openAPIV3Schema: + description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/10KWynvAJYuOEWy69VBa6bHJVCqIsz1TNdEKosNvcpPY/edit' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + serviceName: + description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. + type: string + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: revisions.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Config Name type: string @@ -416,7 +1825,7 @@ spec: type: string jsonPath: ".status.serviceName" - name: Generation - type: string + type: string # int in string form :( jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - name: Ready type: string @@ -424,38 +1833,702 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: routes.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: URL type: string @@ -466,24 +2539,150 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced + schema: + openAPIV3Schema: + description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + traffic: + description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: serverlessservices.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -496,6 +2695,10 @@ spec: schema: openAPIV3Schema: type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Mode @@ -526,142 +2729,832 @@ spec: shortNames: - sks scope: Namespaced + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: services.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" schema: openAPIV3Schema: + description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" type: object - x-kubernetes-preserve-unknown-fields: true properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object spec: + description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. type: object - x-kubernetes-preserve-unknown-fields: true properties: template: + description: Template holds the latest specification for the Revision to be stamped out. type: object - x-kubernetes-preserve-unknown-fields: true - description: | - A template for the current desired application state. - Changes to `template` will cause a new Revision to be created as - defined in the lifecycle section. The contents of the Service's - RevisionTemplateSpec is used to create a corresponding Configuration. + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true traffic: - x-kubernetes-preserve-unknown-fields: true + description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. type: array - description: | - Traffic specifies how to distribute traffic over a - collection of Revisions belonging to the Service. If traffic is - empty or not provided, defaults to 100% traffic to the latest - `Ready` Revision. The contents of the Service's TrafficTarget is - used to create a corresponding Route. items: + description: TrafficTarget holds a single entry of the routing table for a Route. type: object - x-kubernetes-preserve-unknown-fields: true properties: - revisionName: - type: string - description: | - A specific revision to which to send this portion - of traffic. - This is mutually exclusive with configurationName. configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. type: string - description: | - ConfigurationName of a configuration to whose latest revision we will send - this portion of traffic. When the "status.latestReadyRevisionName" of the - referenced configuration changes, we will automatically migrate traffic - from the prior "latest ready" revision to the new one. This field is never - set in Route's status, only its spec. - This is mutually exclusive with RevisionName. latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. type: boolean - description: | - `latestRevision` may be optionally provided to indicate - that the latest ready Revision of the Configuration should be used - for this traffic target. When provided latestRevision MUST be true - if revisionName is empty, and it MUST be false when revisionName is non-empty. - tag: - type: string - description: | - Tag is optionally used to expose a dedicated URL for - referencing this target exclusively. The dedicated URL MUST include - in it the string provided by tag. percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' type: integer - description: | - The percentage of requests which should be allocated - from the main Route domain name to the specified `revisionName` or - `configurationName`. - All `percent` values in `traffic` MUST sum to 100. - minimum: 0 - maximum: 100 + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string status: + description: ServiceStatus represents the Status stanza of the Service resource. type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + traffic: + description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: caching.internal.knative.dev/v1alpha1 kind: Image metadata: name: queue-proxy namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: queue-proxy + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:0b8e031170354950f3395876961452af1c62f7ab5161c9e71867392c11881962 + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:a40f6e84de1a0d145d27084a94cc7fa221159e75cafde7d332ac8f4f0aed58fb + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "604cb513" + knative.dev/example-checksum: "47c2487f" data: _example: | ################################ @@ -736,7 +3629,7 @@ data: # -1 denotes unlimited target-burst-capacity and activator will always # be in the request path. # Other negative values are invalid. - target-burst-capacity: "200" + target-burst-capacity: "211" # When operating in a stable mode, the autoscaler operates on the # average concurrency over the stable window. @@ -803,8 +3696,8 @@ data: scale-to-zero-pod-retention-period: "0s" # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, the Knative - # Horizontal Pod Autoscaler (KPA) is used by default. + # that should be used if none is specified. If omitted, + # the Knative Pod Autoscaler (KPA) is used by default. pod-autoscaler-class: "kpa.autoscaling.knative.dev" # The capacity of a single activator task. @@ -825,6 +3718,10 @@ data: # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. allow-zero-initial-scale: "false" + # min-scale is the cluster-wide default value for the min scale of a revision, + # unless overridden by the "autoscaling.knative.dev/minScale" annotation. + min-scale: "0" + # max-scale is the cluster-wide default value for the max scale of a revision, # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. # If set to 0, the revision has no maximum scale. @@ -842,16 +3739,33 @@ data: # (including a maxScale of "0" = unlimited) is disallowed. # A value of zero (the default) allows any limit, including unlimited. max-scale-limit: "0" + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-defaults namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "cdabec96" + knative.dev/example-checksum: "a0feb4c6" data: _example: | ################################ @@ -928,6 +3842,13 @@ data: # {{.Name}} are also valid. container-name-template: "user-container" + # init-container-name-template contains a template for the default + # init container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + init-container-name-template: "init-container" + # container-concurrency specifies the maximum number # of requests the Container can handle at once, and requests # above this threshold are queued. Setting a value of zero @@ -961,19 +3882,39 @@ data: # to set this value to `false`. # See https://github.com/knative/serving/issues/8498. enable-service-links: "false" + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-deployment namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "fa67b403" + knative.dev/example-checksum: "dd7ee769" data: - queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:0b8e031170354950f3395876961452af1c62f7ab5161c9e71867392c11881962 - _example: | + # This is the Go import path for the binary that is containerized + # and substituted here. + # TODO: switch to 'queue-sidecar-image' after 0.27 + queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:a40f6e84de1a0d145d27084a94cc7fa221159e75cafde7d332ac8f4f0aed58fb + _example: |- ################################ # # # EXAMPLE CONFIGURATION # @@ -990,51 +3931,87 @@ data: # to actually change the configuration. # List of repositories for which tag to digest resolving should be skipped - registriesSkippingTagResolving: "kind.local,ko.local,dev.local" + registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" - # digestResolutionTimeout is the maximum time allowed for an image's - # digests to be resolved. - digestResolutionTimeout: "10s" + # Maximum time allowed for an image's digests to be resolved. + digest-resolution-timeout: "10s" - # ProgressDeadline is the duration we wait for the deployment to - # be ready before considering it failed. - progressDeadline: "600s" + # Duration we wait for the deployment to be ready before considering it failed. + progress-deadline: "600s" - # queueSidecarCPURequest is the requests.cpu to set for the queue proxy sidecar container. + # Sets the queue proxy's CPU request. # If omitted, a default value (currently "25m"), is used. - queueSidecarCPURequest: "25m" + queue-sidecar-cpu-request: "25m" - # queueSidecarCPULimit is the limits.cpu to set for the queue proxy sidecar container. + # Sets the queue proxy's CPU limit. # If omitted, no value is specified and the system default is used. - queueSidecarCPULimit: "1000m" + queue-sidecar-cpu-limit: "1000m" - # queueSidecarMemoryRequest is the requests.memory to set for the queue proxy container. + # Sets the queue proxy's memory request. # If omitted, no value is specified and the system default is used. - queueSidecarMemoryRequest: "400Mi" + queue-sidecar-memory-request: "400Mi" - # queueSidecarMemoryLimit is the limits.memory to set for the queue proxy container. + # Sets the queue proxy's memory limit. # If omitted, no value is specified and the system default is used. - queueSidecarMemoryLimit: "800Mi" + queue-sidecar-memory-limit: "800Mi" - # queueSidecarEphemeralStorageRequest is the requests.ephemeral-storage to - # set for the queue proxy sidecar container. + # Sets the queue proxy's ephemeral storage request. # If omitted, no value is specified and the system default is used. - queueSidecarEphemeralStorageRequest: "512Mi" + queue-sidecar-ephemeral-storage-request: "512Mi" - # queueSidecarEphemeralStorageLimit is the limits.ephemeral-storage to set - # for the queue proxy sidecar container. + # Sets the queue proxy's ephemeral storage limit. # If omitted, no value is specified and the system default is used. - queueSidecarEphemeralStorageLimit: "1024Mi" + queue-sidecar-ephemeral-storage-limit: "1024Mi" + + # The freezer service endpoint that queue-proxy calls when its traffic drops to zero or + # scales up from zero. + # + # Freezer service is available at: https://github.com/knative-sandbox/container-freezer + # or users may write their own service. + # + # The value will need to include both the host and the port that will be accessed. + # For the host, $HOST_IP can be passed, and the appropriate host IP value will be swapped + # in at runtime, which will enable the freezer daemonset to be reachable via the node IP. + # + # As an example: + # concurrency-state-endpoint: "http://$HOST_IP:9696" + # + # If not set, queue proxy takes no action (this is the default behavior). + # + # When enabled, a serviceAccountToken will be mounted to queue-proxy using + # a projected volume. This requires the Service Account Token Volume Projection feature + # to be enabled. For details, see this link: + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection + # + # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE + concurrency-state-endpoint: "" + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-domain namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "74c3fc6a" + knative.dev/example-checksum: "81552d0b" data: _example: | ################################ @@ -1067,22 +4044,39 @@ data: # will not be exposed through Ingress. You can define your own label # selector to assign that domain suffix to your Route here, or you can set # the label - # "serving.knative.dev/visibility=cluster-local" + # "networking.knative.dev/visibility=cluster-local" # to achieve the same effect. This shows how to make routes having # the label app=secret only exposed to the local cluster. svc.cluster.local: | selector: app: secret + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-features namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "2cf73688" + knative.dev/example-checksum: "e1c6e542" data: _example: |- ################################ @@ -1112,6 +4106,12 @@ data: # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity kubernetes.podspec-affinity: "disabled" + # Indicates whether Kubernetes topologySpreadConstraints support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-topology-spread-constraints + kubernetes.podspec-topologyspreadconstraints: "disabled" + # Indicates whether Kubernetes hostAliases support is enabled # # WARNING: Cannot safely be disabled once enabled. @@ -1143,7 +4143,6 @@ data: kubernetes.podspec-runtimeclassname: "disabled" # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # in addition to expanding the allowable fields within a Container's SecurityContext. # # When set to "enabled" or "allowed" it allows the following # PodSecurityContext properties: @@ -1153,12 +4152,6 @@ data: # - SupplementalGroups # - RunAsUser # - # When set to "enabled" or "allowed" it allows the following - # Container SecurityContext properties: - # - RunAsNonRoot - # - RunAsGroup - # - RunAsUser (already allowed without this flag) - # # This feature flag should be used with caution as the PodSecurityContext # properties may have a side-effect on non-user sidecar containers that come # from Knative or your service mesh @@ -1167,6 +4160,24 @@ data: # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context kubernetes.podspec-securitycontext: "disabled" + # Indicates whether Kubernetes PriorityClassName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name + kubernetes.podspec-priorityclassname: "disabled" + + # Indicates whether Kubernetes SchedulerName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name + kubernetes.podspec-schedulername: "disabled" + + # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. + # + # When set to "enabled" or "allowed" it allows capabilities to be added to the container. + # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html + kubernetes.containerspec-addcapabilities: "disabled" + # This feature validates PodSpecs from the validating webhook # against the K8s API Server. # @@ -1177,13 +4188,6 @@ data: # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run kubernetes.podspec-dryrun: "allowed" - # Indicates whether new responsive garbage collection is enabled. This - # feature labels revisions in real-time as they become referenced and - # dereferenced by Routes. This allows us to reap revisions shortly after - # they are no longer active. - # See: https://knative.dev/docs/serving/feature-flags/#responsive-revision-garbage-collector - responsive-revision-gc: "enabled" - # Controls whether tag header based routing feature are enabled or not. # 1. Enabled: enabling tag header based routing # 2. Disabled: disabling tag header based routing @@ -1194,16 +4198,53 @@ data: # 1. Enabled: http2 connection will be attempted via upgrade. # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". autodetect-http2: "disabled" + + # Controls whether volume support for EmptyDir is enabled or not. + # 1. Enabled: enabling EmptyDir volume support + # 2. Disabled: disabling EmptyDir volume support + kubernetes.podspec-volumes-emptydir: "disabled" + + # Controls whether init containers support is enabled or not. + # 1. Enabled: enabling init containers support + # 2. Disabled: disabling init containers support + kubernetes.podspec-init-containers: "disabled" + + # Controls whether persistent volume claim support is enabled or not. + # 1. Enabled: enabling persistent volume claim support + # 2. Disabled: disabling persistent volume claim support + kubernetes.podspec-persistent-volume-claim: "disabled" + + # Controls whether write access for persistent volumes is enabled or not. + # 1. Enabled: enabling write access for persistent volumes + # 2. Disabled: disabling write access for persistent volumes + kubernetes.podspec-persistent-volume-write: "disabled" + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-gc namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "e6149382" + knative.dev/example-checksum: "45463e45" data: _example: | ################################ @@ -1229,7 +4270,7 @@ data: # Active # * Revisions which are referenced by a Route are considered active. # * Individual revisions may be marked with the annotation - # "knative.dev/no-gc":"true" to be permanently considered active. + # "serving.knative.dev/no-gc":"true" to be permanently considered active. # * Active revisions are not considered for GC. # Retention # * Revisions are retained if they are any of the following: @@ -1244,6 +4285,7 @@ data: # # Example config to immediately collect any inactive revision: # min-non-active-revisions: "0" + # max-non-active-revisions: "0" # retain-since-create-time: "disabled" # retain-since-last-active-time: "disabled" # @@ -1277,16 +4319,33 @@ data: # Maximum number of non-active revisions to retain # or "disabled" to disable any maximum limit. max-non-active-revisions: "1000" + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-leader-election namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "96896b00" + knative.dev/example-checksum: "f4b71f57" data: _example: | ################################ @@ -1304,17 +4363,17 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # leaseDuration is how long non-leaders will wait to try to acquire the + # lease-duration is how long non-leaders will wait to try to acquire the # lock; 15 seconds is the value used by core kubernetes controllers. - leaseDuration: "15s" + lease-duration: "60s" - # renewDeadline is how long a leader will try to renew the lease before + # renew-deadline is how long a leader will try to renew the lease before # giving up; 10 seconds is the value used by core kubernetes controllers. - renewDeadline: "10s" + renew-deadline: "40s" - # retryPeriod is how long the leader election client waits between tries of + # retry-period is how long the leader election client waits between tries of # actions; 2 seconds is the value used by core kubernetes controllers. - retryPeriod: "2s" + retry-period: "10s" # buckets is the number of buckets used to partition key space of each # Reconciler. If this number is M and the replica number of the controller @@ -1322,16 +4381,33 @@ data: # bucket will take care of the reconciling for the keys partitioned into # that bucket. buckets: "1" + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-logging namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/component: logging + app.kubernetes.io/name: knative-serving annotations: - knative.dev/example-checksum: "d9570453" + knative.dev/example-checksum: "b0f3c6f2" data: _example: | ################################ @@ -1382,19 +4458,36 @@ data: loglevel.webhook: "info" loglevel.activator: "info" loglevel.hpaautoscaler: "info" - loglevel.certcontroller: "info" - loglevel.istiocontroller: "info" - loglevel.nscontroller: "info" + loglevel.net-certmanager-controller: "info" + loglevel.net-istio-controller: "info" + loglevel.net-contour-controller: "info" + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-network namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: networking + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "15954d34" + knative.dev/example-checksum: "d0b91f80" data: _example: | ################################ @@ -1412,7 +4505,7 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # ingress.class specifies the default ingress class + # ingress-class specifies the default ingress class # to use when not dictated by Route annotation. # # If not specified, will use the Istio ingress. @@ -1421,9 +4514,9 @@ data: # will result in undefined behavior. Therefore it is best to only # update this value during the setup of Knative, to avoid getting # undefined behavior. - ingress.class: "istio.ingress.networking.knative.dev" + ingress-class: "istio.ingress.networking.knative.dev" - # certificate.class specifies the default Certificate class + # certificate-class specifies the default Certificate class # to use when not dictated by Route annotation. # # If not specified, will use the Cert-Manager Certificate. @@ -1432,9 +4525,30 @@ data: # will result in undefined behavior. Therefore it is best to only # update this value during the setup of Knative, to avoid getting # undefined behavior. - certificate.class: "cert-manager.certificate.networking.knative.dev" + certificate-class: "cert-manager.certificate.networking.knative.dev" + + # namespace-wildcard-cert-selector specifies a LabelSelector which + # determines which namespaces should have a wildcard certificate + # provisioned. + # + # Use an empty value to disable the feature (this is the default): + # namespace-wildcard-cert-selector: "" + # + # Use an empty object to enable for all namespaces + # namespace-wildcard-cert-selector: {} + # + # Useful labels include the "kubernetes.io/metadata.name" label to + # avoid provisioning a certifcate for the "kube-system" namespaces. + # Use the following selector to match pre-1.0 behavior of using + # "networking.knative.dev/disableWildcardCert" to exclude namespaces: + # + # matchExpressions: + # - key: "networking.knative.dev/disableWildcardCert" + # operator: "NotIn" + # values: ["true"] + namespace-wildcard-cert-selector: "" - # domainTemplate specifies the golang text template string to use + # domain-template specifies the golang text template string to use # when constructing the Knative service's DNS name. The default # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". # @@ -1457,42 +4571,46 @@ data: # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' # and you have an annotation {"sub":"foo"}, then the generated template # would be {Name}-{Namespace}.foo.{Domain} - domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" # tagTemplate specifies the golang text template string to use # when constructing the DNS name for "tags" within the traffic blocks # of Routes and Configuration. This is used in conjunction with the # domainTemplate above to determine the full URL for the tag. - tagTemplate: "{{.Tag}}-{{.Name}}" + tag-template: "{{.Tag}}-{{.Name}}" # Controls whether TLS certificates are automatically provisioned and # installed in the Knative ingress to terminate external TLS connection. # 1. Enabled: enabling auto-TLS feature. # 2. Disabled: disabling auto-TLS feature. - autoTLS: "Disabled" + auto-tls: "Disabled" # Controls the behavior of the HTTP endpoint for the Knative ingress. # It requires autoTLS to be enabled. # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Disabled: The Knative ingress will reject HTTP traffic. - # 3. Redirected: The Knative ingress will send a 302 redirect for all + # 2. Redirected: The Knative ingress will send a 301 redirect for all # http connections, asking the clients to use HTTPS. - httpProtocol: "Enabled" + # + # "Disabled" option is deprecated. + http-protocol: "Enabled" - # rolloutDuration contains the minimal duration in seconds over which the + # rollout-duration contains the minimal duration in seconds over which the # Configuration traffic targets are rolled out to the newest revision. - rolloutDuration: "0" + rollout-duration: "0" - # autocreateClusterDomainClaims controls whether ClusterDomainClaims should + # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should # be automatically created (and deleted) as needed when DomainMappings are # reconciled. # - # If this is "false", the cluster administrator is responsible for creating - # ClusterDomainClaims and delegating them to namespaces via their - # spec.Namespace field. This is useful for multitenant environments - # which need to control which namespace can use a particular domain name in - # a domain mapping. - autocreateClusterDomainClaims: "true" + # If this is "false" (the default), the cluster administrator is + # responsible for creating ClusterDomainClaims and delegating them to + # namespaces via their spec.Namespace field. This setting should be used in + # multitenant environments which need to control which namespace can use a + # particular domain name in a domain mapping. + # + # If this is "true", users are able to associate arbitrary names with their + # services via the DomainMapping feature. + autocreate-cluster-domain-claims: "false" # If true, networking plugins can add additional information to deployed # applications to make their pods directly accessible via their IPs even if mesh is @@ -1503,16 +4621,97 @@ data: # NOTE: This flag is in an alpha state and is mostly here to enable internal testing # for now. Use with caution. enable-mesh-pod-addressability: "false" + + # mesh-compatibility-mode indicates whether consumers of network plugins + # should directly contact Pod IPs (most efficient), or should use the + # Cluster IP (less efficient, needed when mesh is enabled unless + # `enable-mesh-pod-addressability`, above, is set). + # Permitted values are: + # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. + # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. + # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. + mesh-compatibility-mode: "auto" + + # Defines the scheme used for external URLs if autoTLS is not enabled. + # This can be used for making Knative report all URLs as "HTTPS" for example, if you're + # fronting Knative with an external loadbalancer that deals with TLS termination and + # Knative doesn't know about that otherwise. + default-external-scheme: "http" + + # The CA public certificate used to sign the activator TLS certificate. + # It is specified by the secret name, which has the "ca.crt" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-ca: "" + + # The SAN (Subject Alt Name) used to validate the activator TLS certificate. + # It must be set when "activator-ca" is specified. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-san: "" + + # The server certificates to serve the TLS traffic from ingress to activator. + # It is specified by the secret name, which has the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + activator-cert-secret: "" + + # The CA public certificate used to sign the queue-proxy TLS certificate. + # It is specified by the secret name, which has the "ca.crt" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-ca: "" + + # The SAN (Subject Alt Name) used to validate the activator TLS certificate. + # It must be set when "queue-proxy-ca" is specified. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-san: "" + + # The server certificates to serve the TLS traffic from activator to queue-proxy. + # It is specified by the secret name, which has the "tls.crt" and "tls.key" data field. + # Use an empty value to disable the feature (default). + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + queue-proxy-cert-secret: "" + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-observability namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: observability + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "97c1d10b" + knative.dev/example-checksum: "fed4756e" data: _example: | ################################ @@ -1582,42 +4781,46 @@ data: logging.enable-probe-request-log: "false" # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges + # It supports either prometheus (the default) or opencensus. metrics.backend-destination: prometheus # metrics.request-metrics-backend-destination specifies the request metrics # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), stackdriver. + # Currently supported values: prometheus (the default), opencensus. metrics.request-metrics-backend-destination: prometheus - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_revision" resource type. Setting this - # flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from # the pods via an HTTP server in the format expected by the pprof visualization tool. When # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. # The HTTP context root for profiling is then /debug/pprof/. profiling.enable: "false" + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-tracing namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: tracing + app.kubernetes.io/version: "1.4.0" annotations: - knative.dev/example-checksum: "4002b4c2" + knative.dev/example-checksum: "26614636" data: _example: | ################################ @@ -1635,32 +4838,44 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. # - # This may be "zipkin" or "stackdriver", the default is "none" + # This may be "zipkin" or "none" (default) backend: "none" # URL to zipkin collector where traces are sent. # This must be specified when backend is "zipkin" zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - # The GCP project into which stackdriver metrics will be written - # when backend is "stackdriver". If unspecified, the project-id - # is read from GCP metadata when running on GCP. - stackdriver-project-id: "my-project" - # Enable zipkin debug mode. This allows all spans to be sent to the server # bypassing sampling. debug: "false" # Percentage (0-1) of requests to trace sample-rate: "0.1" + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: minReplicas: 1 maxReplicas: 20 @@ -1674,28 +4889,51 @@ spec: name: cpu target: type: Utilization + # Percentage of the requested CPU averageUtilization: 100 --- -apiVersion: policy/v1beta1 +# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. +# Given the subsetting and that the activators are partially stateful systems, we want +# a slow rollout of the new versions and slow migration during node upgrades. +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: activator-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: minAvailable: 80% selector: matchLabels: app: activator + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving spec: selector: matchLabels: @@ -1708,12 +4946,18 @@ spec: labels: app: activator role: activator - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: serviceAccountName: controller containers: - name: activator - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:fed92af8b9779c97482906db8857f27b5d4826708b75d0298aa30fad8900671f + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:7d664e052ec0e78961dbb7b5acb62c70ba106ba1fdd46f2177ab56e1d0d360fb + # The numbers are based on performance test results from + # https://github.com/knative/serving/issues/1625#issuecomment-511930023 resources: requests: cpu: 300m @@ -1722,6 +4966,7 @@ spec: cpu: 1000m memory: 600Mi env: + # Run Activator with GC collection when newly generated memory is 500%. - name: GOGC value: "500" - name: POD_NAME @@ -1740,6 +4985,7 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/internal/serving securityContext: @@ -1764,15 +5010,24 @@ spec: httpHeaders: - name: k-kubelet-probe value: "activator" - failureThreshold: 12 + periodSeconds: 5 + failureThreshold: 5 livenessProbe: httpGet: port: 8012 httpHeaders: - name: k-kubelet-probe value: "activator" + periodSeconds: 10 failureThreshold: 12 initialDelaySeconds: 15 + # The activator (often) sits on the dataplane, and may proxy long (e.g. + # streaming, websockets) requests. We give a long grace period for the + # activator to "lame duck" and drain outstanding requests before we + # forcibly terminate the pod (and outstanding connections). This value + # should be at least as large as the upper bound on the Revision's + # timeoutSeconds property to avoid servicing events disrupting + # connections. terminationGracePeriodSeconds: 600 --- apiVersion: v1 @@ -1782,11 +5037,14 @@ metadata: namespace: knative-serving labels: app: activator - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving spec: selector: app: activator ports: + # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -1799,28 +5057,55 @@ spec: - name: http2 port: 81 targetPort: 8013 + - name: https + port: 443 + targetPort: 8112 type: ClusterIP + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: replicas: 1 selector: matchLabels: app: autoscaler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app: autoscaler - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -1833,7 +5118,9 @@ spec: serviceAccountName: controller containers: - name: autoscaler - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:bc5ae3090ab0322ed0e4f9efddb60fa85f6ff3a29156411d24d0e4764b18eba7 + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:02f187b21cc00bc91c45db85571299f338fcbd58aa5c9193f0833782a7710dea resources: requests: cpu: 100m @@ -1858,6 +5145,7 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/serving securityContext: @@ -1893,11 +5181,14 @@ kind: Service metadata: labels: app: autoscaler - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" name: autoscaler namespace: knative-serving spec: ports: + # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -1909,14 +5200,31 @@ spec: targetPort: 8080 selector: app: autoscaler + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: selector: matchLabels: @@ -1927,8 +5235,11 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: controller - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -1941,7 +5252,9 @@ spec: serviceAccountName: controller containers: - name: controller - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:bd7c6350e5d5c4edaa197a86fb96cff78bdd3e61f33fcb77aa60930de0ec0827 + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:8d84706d53adcf89c49687b4fade06261769b9f99257cb64d1758398f085b062 resources: requests: cpu: 100m @@ -1962,6 +5275,7 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/internal/serving securityContext: @@ -1982,11 +5296,14 @@ kind: Service metadata: labels: app: controller - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" name: controller namespace: knative-serving spec: ports: + # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -1995,14 +5312,259 @@ spec: targetPort: 8008 selector: app: controller + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domain-mapping + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" +spec: + selector: + matchLabels: + app: domain-mapping + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: domain-mapping + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domain-mapping + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: domain-mapping + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:43d9ef8ef868aa8fd72a1f1f69ba07da99cfa0a73014636ff7ece9bc614b1f8f + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domainmapping-webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" +spec: + selector: + matchLabels: + app: domainmapping-webhook + role: domainmapping-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: domainmapping-webhook + role: domainmapping-webhook + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domainmapping-webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: domainmapping-webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:b0039cd8d749608e4ab04544d36026556be04fe6ac39041223372b1c9031d8d6 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_PORT + value: "8443" + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + failureThreshold: 6 + initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: domainmapping-webhook + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" + name: domainmapping-webhook + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: domainmapping-webhook + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: minReplicas: 1 maxReplicas: 5 @@ -2016,28 +5578,49 @@ spec: name: cpu target: type: Utilization + # Percentage of the requested CPU averageUtilization: 100 --- -apiVersion: policy/v1beta1 +# Webhook PDB. +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: webhook-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" spec: minAvailable: 80% selector: matchLabels: app: webhook + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving spec: selector: matchLabels: @@ -2050,8 +5633,10 @@ spec: labels: app: webhook role: webhook - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -2064,7 +5649,9 @@ spec: serviceAccountName: controller containers: - name: webhook - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:6f41d379f1aacdfbb8f6d4f539e1769040e4f01bff3ad9c249b427e54dc56ea8 + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bf58bf8d3790440aa7fb700b45e52ae9678e1ea6dc1135b10ff4b9b1087ee016 resources: requests: cpu: 100m @@ -2089,6 +5676,7 @@ spec: value: webhook - name: WEBHOOK_PORT value: "8443" + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/internal/serving securityContext: @@ -2123,6 +5711,8 @@ spec: value: "webhook" failureThreshold: 6 initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. terminationGracePeriodSeconds: 300 --- apiVersion: v1 @@ -2130,11 +5720,14 @@ kind: Service metadata: labels: role: webhook - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-serving name: webhook namespace: knative-serving spec: ports: + # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -2146,13 +5739,30 @@ spec: targetPort: 8443 selector: role: webhook + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: config.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2162,18 +5772,39 @@ webhooks: failurePolicy: Fail sideEffects: None name: config.webhook.serving.knative.dev - namespaceSelector: + objectSelector: matchExpressions: - - key: serving.knative.dev/release - operator: Exists + - key: app.kubernetes.io/name + operator: In + values: ["knative-serving"] + - key: app.kubernetes.io/component + operator: In + values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] timeoutSeconds: 10 + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2184,13 +5815,170 @@ webhooks: sideEffects: None name: webhook.serving.knative.dev timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.domainmapping.serving.knative.dev + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + - v1beta1 + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - domainmappings + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: domainmapping-webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" +# The data is populated at install time. + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.domainmapping.serving.knative.dev + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - domainmappings + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2201,13 +5989,53 @@ webhooks: sideEffects: None name: validation.webhook.serving.knative.dev timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: Secret metadata: name: webhook-certs namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" ---- + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.4.0" +# The data is populated at install time. +--- From 485d1bee9a9c049076ea6c7741098235213f332f Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:48:30 +0300 Subject: [PATCH 03/10] knative: Remove all comments Signed-off-by: Kimonas Sotirchos --- .../base/serving-post-install-jobs.yaml | 21 +- .../base/upstream/net-istio.yaml | 76 +---- .../base/upstream/serving-core.yaml | 294 +++--------------- 3 files changed, 60 insertions(+), 331 deletions(-) diff --git a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml index a19613d1ea..36711189b6 100644 --- a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml +++ b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml @@ -1,20 +1,3 @@ - ---- -# /tmp/tmp.6gY9AuLX8o/serving-storage-version-migration.yaml -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - apiVersion: batch/v1 kind: Job metadata: @@ -42,8 +25,6 @@ spec: restartPolicy: OnFailure containers: - name: migrate - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:a53b272ad6937f2fa785e9e42b059aaa9f93dd100d1fabae8e63c7acb7a4f711 args: - "services.serving.knative.dev" @@ -61,5 +42,5 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true - --- + diff --git a/common/knative/knative-serving/base/upstream/net-istio.yaml b/common/knative/knative-serving/base/upstream/net-istio.yaml index a97c48885f..f38c3b37f0 100644 --- a/common/knative/knative-serving/base/upstream/net-istio.yaml +++ b/common/knative/knative-serving/base/upstream/net-istio.yaml @@ -1,23 +1,6 @@ -# Generated when HEAD was 169bfb2b9f364e8c5be69906167b4f85b3b43c86 -# -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - # These are the permissions needed by the Istio Ingress implementation. name: knative-serving-istio labels: app.kubernetes.io/component: net-istio @@ -29,8 +12,6 @@ rules: - apiGroups: ["networking.istio.io"] resources: ["virtualservices", "gateways", "destinationrules"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -44,8 +25,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# This is the shared Gateway for all Knative routes to use. +--- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: @@ -66,8 +46,6 @@ spec: protocol: HTTP hosts: - "*" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -81,10 +59,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# A cluster local gateway to allow pods outside of the mesh to access -# Services and Routes not exposing through an ingress. If the users -# do have a service mesh setup, this isn't required. +--- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: @@ -125,8 +100,6 @@ spec: - name: http2 port: 80 targetPort: 8081 - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -140,7 +113,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -152,7 +125,6 @@ metadata: app.kubernetes.io/version: "1.4.0" networking.knative.dev/ingress-provider: istio data: - # TODO(nghia): Extract the .svc.cluster.local suffix into its own config. _example: | ################################ # # @@ -203,10 +175,7 @@ data: # endpoint readiness. Otherwise, probe as usual. # NOTE: This feature is currently experimental and should not be used in production. enable-virtualservice-status: "false" - --- -# Allows the Webhooks to be reached by kube-api with or without -# sidecar injection and with mTLS PERMISSIVE and STRICT. apiVersion: "security.istio.io/v1beta1" kind: "PeerAuthentication" metadata: @@ -260,8 +229,6 @@ spec: portLevelMtls: "8443": mode: PERMISSIVE - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -275,7 +242,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -294,9 +261,6 @@ spec: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - # This must be outside of the mesh to probe the gateways. - # NOTE: this is allowed here and not elsewhere because - # this is the Istio controller, and so it may be Istio-aware. sidecar.istio.io/inject: "false" labels: app: net-istio-controller @@ -307,8 +271,6 @@ spec: serviceAccountName: controller containers: - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:3b3e93366ec18b0af7d1ea071f0917e5d853e49b48b687e9893336844917aec8 resources: requests: @@ -326,7 +288,6 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/net-istio securityContext: @@ -341,11 +302,6 @@ spec: containerPort: 9090 - name: profiling containerPort: 8008 - -# Unlike other controllers, this doesn't need a Service defined for metrics and -# profiling because it opts out of the mesh (see annotation above). - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -359,7 +315,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -389,8 +345,6 @@ spec: serviceAccountName: controller containers: - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:d80d32bc8f27ef05cc834ea54383f74cad6c6d83fe96f4e685bfb86562787e53 resources: requests: @@ -408,7 +362,6 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/net-istio - name: WEBHOOK_NAME @@ -422,8 +375,6 @@ spec: containerPort: 8008 - name: https-webhook containerPort: 8443 - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -437,7 +388,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: Secret metadata: @@ -448,8 +399,6 @@ metadata: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" networking.knative.dev/ingress-provider: istio - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -463,7 +412,7 @@ metadata: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: Service metadata: @@ -477,7 +426,6 @@ metadata: networking.knative.dev/ingress-provider: istio spec: ports: - # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -489,8 +437,6 @@ spec: targetPort: 8443 selector: app: net-istio-webhook - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -504,7 +450,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -528,8 +474,6 @@ webhooks: matchExpressions: - {key: "serving.knative.dev/configuration", operator: Exists} name: webhook.istio.networking.internal.knative.dev - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -543,7 +487,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -568,5 +512,5 @@ webhooks: matchLabels: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: net-istio - --- + diff --git a/common/knative/knative-serving/base/upstream/serving-core.yaml b/common/knative/knative-serving/base/upstream/serving-core.yaml index 53f1a1b3f1..5f59438dac 100644 --- a/common/knative/knative-serving/base/upstream/serving-core.yaml +++ b/common/knative/knative-serving/base/upstream/serving-core.yaml @@ -1,17 +1,3 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - apiVersion: v1 kind: Namespace metadata: @@ -19,8 +5,6 @@ metadata: labels: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,13 +18,10 @@ metadata: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - # Named like this to avoid clashing with eventing's existing `addressable-resolver` role - # (which should be identical, but isn't guaranteed to be installed alongside serving). name: knative-serving-aggregated-addressable-resolver labels: app.kubernetes.io/version: "1.4.0" @@ -57,9 +38,7 @@ metadata: labels: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - serving.knative.dev @@ -72,8 +51,6 @@ rules: - get - list - watch - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -87,7 +64,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -132,8 +109,6 @@ rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] verbs: ["get", "list", "watch"] - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -147,7 +122,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -161,13 +136,13 @@ rules: resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: [""] - resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission + resources: ["endpoints/restricted"] verbs: ["create"] - apiGroups: [""] - resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook + resources: ["namespaces/finalizers"] verbs: ["update"] - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook + resources: ["deployments", "deployments/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] @@ -187,8 +162,6 @@ rules: - apiGroups: ["caching.internal.knative.dev"] resources: ["images"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -202,7 +175,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -210,9 +183,7 @@ metadata: labels: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving - # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" -# Do not use this role directly. These rules will be added to the "podspecable-binder" role. rules: - apiGroups: - serving.knative.dev @@ -223,8 +194,6 @@ rules: - list - watch - patch - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -238,7 +207,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -294,8 +263,6 @@ roleRef: kind: ClusterRole name: knative-serving-aggregated-addressable-resolver apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -309,7 +276,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -337,17 +304,11 @@ spec: schema: openAPIV3Schema: type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Image type: string jsonPath: .spec.image - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -361,7 +322,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -382,10 +343,6 @@ spec: schema: openAPIV3Schema: type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready @@ -404,8 +361,6 @@ spec: shortNames: - kcert scope: Namespaced - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -419,9 +374,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1109,8 +1062,6 @@ spec: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1124,7 +1075,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1145,10 +1096,6 @@ spec: schema: openAPIV3Schema: type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true names: kind: ClusterDomainClaim @@ -1160,8 +1107,6 @@ spec: shortNames: - cdc scope: Cluster - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1175,7 +1120,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1430,8 +1375,6 @@ spec: shortNames: - dm scope: Namespaced - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1445,7 +1388,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1466,10 +1409,6 @@ spec: schema: openAPIV3Schema: type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready @@ -1489,8 +1428,6 @@ spec: - kingress - king scope: Namespaced - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1504,9 +1441,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1612,8 +1547,6 @@ spec: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1627,9 +1560,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1772,8 +1703,6 @@ spec: serviceName: description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. type: string - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1787,9 +1716,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1825,7 +1752,7 @@ spec: type: string jsonPath: ".status.serviceName" - name: Generation - type: string # int in string form :( + type: string jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - name: Ready type: string @@ -2483,8 +2410,6 @@ spec: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -2498,9 +2423,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2659,8 +2582,6 @@ spec: url: description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} type: string - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -2674,7 +2595,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2695,10 +2616,6 @@ spec: schema: openAPIV3Schema: type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Mode @@ -2729,8 +2646,6 @@ spec: shortNames: - sks scope: Namespaced - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -2744,9 +2659,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3499,8 +3412,6 @@ spec: url: description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} type: string - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3514,7 +3425,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: caching.internal.knative.dev/v1alpha1 kind: Image metadata: @@ -3525,11 +3436,7 @@ metadata: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" spec: - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:a40f6e84de1a0d145d27084a94cc7fa221159e75cafde7d332ac8f4f0aed58fb - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3543,7 +3450,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -3739,8 +3646,6 @@ data: # (including a maxScale of "0" = unlimited) is disallowed. # A value of zero (the default) allows any limit, including unlimited. max-scale-limit: "0" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3754,7 +3659,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -3882,8 +3787,6 @@ data: # to set this value to `false`. # See https://github.com/knative/serving/issues/8498. enable-service-links: "false" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3897,7 +3800,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -3910,9 +3813,6 @@ metadata: annotations: knative.dev/example-checksum: "dd7ee769" data: - # This is the Go import path for the binary that is containerized - # and substituted here. - # TODO: switch to 'queue-sidecar-image' after 0.27 queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:a40f6e84de1a0d145d27084a94cc7fa221159e75cafde7d332ac8f4f0aed58fb _example: |- ################################ @@ -3985,8 +3885,6 @@ data: # # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE concurrency-state-endpoint: "" - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4000,7 +3898,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -4050,8 +3948,6 @@ data: svc.cluster.local: | selector: app: secret - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4065,7 +3961,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -4218,8 +4114,6 @@ data: # 1. Enabled: enabling write access for persistent volumes # 2. Disabled: disabling write access for persistent volumes kubernetes.podspec-persistent-volume-write: "disabled" - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4233,7 +4127,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -4319,8 +4213,6 @@ data: # Maximum number of non-active revisions to retain # or "disabled" to disable any maximum limit. max-non-active-revisions: "1000" - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4334,7 +4226,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -4381,8 +4273,6 @@ data: # bucket will take care of the reconciling for the keys partitioned into # that bucket. buckets: "1" - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4396,7 +4286,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -4461,8 +4351,6 @@ data: loglevel.net-certmanager-controller: "info" loglevel.net-istio-controller: "info" loglevel.net-contour-controller: "info" - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4476,7 +4364,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -4685,8 +4573,6 @@ data: # NOTE: This flag is in an alpha state and is mostly here to enable internal testing # for now. Use with caution. queue-proxy-cert-secret: "" - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4700,7 +4586,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -4794,8 +4680,6 @@ data: # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. # The HTTP context root for profiling is then /debug/pprof/. profiling.enable: "false" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4809,7 +4693,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -4851,8 +4735,6 @@ data: # Percentage (0-1) of requests to trace sample-rate: "0.1" - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4866,7 +4748,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: @@ -4889,12 +4771,8 @@ spec: name: cpu target: type: Utilization - # Percentage of the requested CPU averageUtilization: 100 --- -# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. -# Given the subsetting and that the activators are partially stateful systems, we want -# a slow rollout of the new versions and slow migration during node upgrades. apiVersion: policy/v1 kind: PodDisruptionBudget metadata: @@ -4909,8 +4787,6 @@ spec: selector: matchLabels: app: activator - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4924,7 +4800,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -4953,11 +4829,7 @@ spec: serviceAccountName: controller containers: - name: activator - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:7d664e052ec0e78961dbb7b5acb62c70ba106ba1fdd46f2177ab56e1d0d360fb - # The numbers are based on performance test results from - # https://github.com/knative/serving/issues/1625#issuecomment-511930023 resources: requests: cpu: 300m @@ -4966,7 +4838,6 @@ spec: cpu: 1000m memory: 600Mi env: - # Run Activator with GC collection when newly generated memory is 500%. - name: GOGC value: "500" - name: POD_NAME @@ -4985,7 +4856,6 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/internal/serving securityContext: @@ -5021,13 +4891,6 @@ spec: periodSeconds: 10 failureThreshold: 12 initialDelaySeconds: 15 - # The activator (often) sits on the dataplane, and may proxy long (e.g. - # streaming, websockets) requests. We give a long grace period for the - # activator to "lame duck" and drain outstanding requests before we - # forcibly terminate the pod (and outstanding connections). This value - # should be at least as large as the upper bound on the Revision's - # timeoutSeconds property to avoid servicing events disrupting - # connections. terminationGracePeriodSeconds: 600 --- apiVersion: v1 @@ -5044,7 +4907,6 @@ spec: selector: app: activator ports: - # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -5061,8 +4923,6 @@ spec: port: 443 targetPort: 8112 type: ClusterIP - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5076,7 +4936,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -5105,7 +4965,6 @@ spec: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -5118,8 +4977,6 @@ spec: serviceAccountName: controller containers: - name: autoscaler - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:02f187b21cc00bc91c45db85571299f338fcbd58aa5c9193f0833782a7710dea resources: requests: @@ -5145,7 +5002,6 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/serving securityContext: @@ -5188,7 +5044,6 @@ metadata: namespace: knative-serving spec: ports: - # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -5200,8 +5055,6 @@ spec: targetPort: 8080 selector: app: autoscaler - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5215,7 +5068,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -5239,7 +5092,6 @@ spec: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -5252,8 +5104,6 @@ spec: serviceAccountName: controller containers: - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:8d84706d53adcf89c49687b4fade06261769b9f99257cb64d1758398f085b062 resources: requests: @@ -5275,7 +5125,6 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/internal/serving securityContext: @@ -5303,7 +5152,6 @@ metadata: namespace: knative-serving spec: ports: - # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -5312,8 +5160,6 @@ spec: targetPort: 8008 selector: app: controller - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5327,7 +5173,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -5351,7 +5197,6 @@ spec: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -5364,8 +5209,6 @@ spec: serviceAccountName: controller containers: - name: domain-mapping - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:43d9ef8ef868aa8fd72a1f1f69ba07da99cfa0a73014636ff7ece9bc614b1f8f resources: requests: @@ -5383,7 +5226,6 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/serving securityContext: @@ -5398,8 +5240,6 @@ spec: containerPort: 9090 - name: profiling containerPort: 8008 - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5413,7 +5253,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -5439,7 +5279,6 @@ spec: app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -5452,8 +5291,6 @@ spec: serviceAccountName: controller containers: - name: domainmapping-webhook - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:b0039cd8d749608e4ab04544d36026556be04fe6ac39041223372b1c9031d8d6 resources: requests: @@ -5477,7 +5314,6 @@ spec: value: config-observability - name: WEBHOOK_PORT value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/serving securityContext: @@ -5512,8 +5348,6 @@ spec: value: "webhook" failureThreshold: 6 initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. terminationGracePeriodSeconds: 300 --- apiVersion: v1 @@ -5528,7 +5362,6 @@ metadata: namespace: knative-serving spec: ports: - # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -5540,8 +5373,6 @@ spec: targetPort: 8443 selector: role: domainmapping-webhook - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5555,7 +5386,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: @@ -5578,10 +5409,8 @@ spec: name: cpu target: type: Utilization - # Percentage of the requested CPU averageUtilization: 100 --- -# Webhook PDB. apiVersion: policy/v1 kind: PodDisruptionBudget metadata: @@ -5596,8 +5425,6 @@ spec: selector: matchLabels: app: webhook - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5611,7 +5438,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -5636,7 +5463,6 @@ spec: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-serving spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -5649,8 +5475,6 @@ spec: serviceAccountName: controller containers: - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bf58bf8d3790440aa7fb700b45e52ae9678e1ea6dc1135b10ff4b9b1087ee016 resources: requests: @@ -5676,7 +5500,6 @@ spec: value: webhook - name: WEBHOOK_PORT value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - name: METRICS_DOMAIN value: knative.dev/internal/serving securityContext: @@ -5711,8 +5534,6 @@ spec: value: "webhook" failureThreshold: 6 initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. terminationGracePeriodSeconds: 300 --- apiVersion: v1 @@ -5727,7 +5548,6 @@ metadata: namespace: knative-serving spec: ports: - # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 targetPort: 9090 @@ -5739,8 +5559,6 @@ spec: targetPort: 8443 selector: role: webhook - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5754,7 +5572,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -5781,8 +5599,6 @@ webhooks: operator: In values: ["autoscaler", "controller", "logging", "networking", "observability", "tracing"] timeoutSeconds: 10 - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5796,7 +5612,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -5836,8 +5652,6 @@ webhooks: - revisions - routes - services - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5851,7 +5665,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -5882,8 +5696,6 @@ webhooks: scope: "*" resources: - domainmappings - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5897,7 +5709,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: Secret metadata: @@ -5907,9 +5719,6 @@ metadata: app.kubernetes.io/component: domain-mapping app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" -# The data is populated at install time. - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5923,7 +5732,7 @@ metadata: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -5955,8 +5764,6 @@ webhooks: scope: "*" resources: - domainmappings - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -5970,7 +5777,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -6011,8 +5818,6 @@ webhooks: - revisions - routes - services - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -6026,7 +5831,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: Secret metadata: @@ -6036,6 +5841,5 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/name: knative-serving app.kubernetes.io/version: "1.4.0" -# The data is populated at install time. - --- + From 7b2bb65f18a6cf4b8db04dc39bec78629f05993b Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:50:22 +0300 Subject: [PATCH 04/10] knative: Remove knative-ingress-gateway Had to manually remove a `{}` object at the end, introduced by the yq command. Signed-off-by: Kimonas Sotirchos --- .../base/upstream/net-istio.yaml | 35 ------------------- 1 file changed, 35 deletions(-) diff --git a/common/knative/knative-serving/base/upstream/net-istio.yaml b/common/knative/knative-serving/base/upstream/net-istio.yaml index f38c3b37f0..0bf92a7e1b 100644 --- a/common/knative/knative-serving/base/upstream/net-istio.yaml +++ b/common/knative/knative-serving/base/upstream/net-istio.yaml @@ -28,40 +28,6 @@ rules: --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway -metadata: - name: knative-ingress-gateway - namespace: knative-serving - labels: - app.kubernetes.io/component: net-istio - app.kubernetes.io/name: knative-serving - app.kubernetes.io/version: "1.4.0" - networking.knative.dev/ingress-provider: istio -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway metadata: name: knative-local-gateway namespace: knative-serving @@ -513,4 +479,3 @@ webhooks: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: net-istio --- - From 42578c0c68da007292ba60d8dd8e35ec954f5812 Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:54:00 +0300 Subject: [PATCH 05/10] knative: Update README for removing {} Signed-off-by: Kimonas Sotirchos --- common/knative/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/common/knative/README.md b/common/knative/README.md index c4e056626a..7b052a124a 100644 --- a/common/knative/README.md +++ b/common/knative/README.md @@ -46,6 +46,8 @@ The manifests for Knative Serving are based off the following: yq eval -i 'select((.kind == "Gateway" and .metadata.name == "knative-ingress-gateway") | not)' knative-serving/base/upstream/net-istio.yaml ``` + NOTE: You'll need to remove a redundant `{}` at the end of the `knative-serving/base/upstream/net-istio.yaml` file. + 1. Set `metadata.name` in the serving post-install job, to be deploy-able with `kustomize` and `kubectl apply`: From 91705a89e9815654e22c65b42c730944a5047db2 Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:55:14 +0300 Subject: [PATCH 06/10] knative: Set metadata.name in post-install-job Signed-off-by: Kimonas Sotirchos --- .../base/serving-post-install-jobs.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml index 36711189b6..7aa70fe032 100644 --- a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml +++ b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/name: knative-serving app.kubernetes.io/component: storage-version-migration-job app.kubernetes.io/version: "1.4.0" + name: storage-version-migration-serving spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -42,5 +43,3 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true ---- - From 03453342b5f968ab76a5e3c6f54f10ba10824a9a Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:57:12 +0300 Subject: [PATCH 07/10] knative-eventing: Update with v1.4.0 manifests Signed-off-by: Kimonas Sotirchos --- .../base/eventing-post-install-jobs.yaml | 114 - .../base/upstream/eventing-core.yaml | 6744 ++++++----------- .../base/upstream/in-memory-channel.yaml | 1525 ++-- .../base/upstream/mt-channel-broker.yaml | 305 +- 4 files changed, 3532 insertions(+), 5156 deletions(-) diff --git a/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml b/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml index fbc7fe5585..e69de29bb2 100644 --- a/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml +++ b/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml @@ -1,114 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: knative-eventing-post-install-job-role - labels: - eventing.knative.dev/release: "v0.22.1" -rules: - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - - "customresourcedefinitions/status" - verbs: - - "get" - - "list" - - "update" - - "patch" - - "watch" - - apiGroups: - - "sources.knative.dev" - resources: - - "pingsources" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" - - apiGroups: - - "" - resources: - - "namespaces" - verbs: - - "get" - - "list" ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: v0.22.0-pingsource-cleanup - namespace: knative-eventing - labels: - eventing.knative.dev/release: "v0.22.1" -spec: - ttlSecondsAfterFinished: 600 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-eventing-post-install-job - restartPolicy: Never - containers: - - name: pingsource - image: gcr.io/knative-releases/knative.dev/eventing/cmd/v0.22/pingsource-cleanup@sha256:837b8d5cfe38afa297d25e7aed30ec8df80f721a084d4fdcc614d65afde4c528 - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: knative-eventing-post-install-job - namespace: knative-eventing - labels: - eventing.knative.dev/release: "v0.22.1" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-eventing-post-install-job-role-binding - labels: - eventing.knative.dev/release: "v0.22.1" -subjects: - - kind: ServiceAccount - name: knative-eventing-post-install-job - namespace: knative-eventing -roleRef: - kind: ClusterRole - name: knative-eventing-post-install-job-role - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: v0.21-storage-version-migration - namespace: knative-eventing - labels: - app: "storage-version-migration" - eventing.knative.dev/release: "v0.22.1" -spec: - ttlSecondsAfterFinished: 600 - backoffLimit: 10 - template: - metadata: - labels: - app: "storage-version-migration" - eventing.knative.dev/release: "v0.22.1" - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-eventing-post-install-job - restartPolicy: OnFailure - containers: - - name: migrate - image: gcr.io/knative-releases/knative.dev/eventing/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:ef150a99d5b18781746d3934f181a766b27a975cb7593d9283fbd040e9ebfe5b - args: - - "pingsources.sources.knative.dev" ---- - diff --git a/common/knative/knative-eventing/base/upstream/eventing-core.yaml b/common/knative/knative-eventing/base/upstream/eventing-core.yaml index e692914457..06b410cf4a 100644 --- a/common/knative/knative-eventing/base/upstream/eventing-core.yaml +++ b/common/knative/knative-eventing/base/upstream/eventing-core.yaml @@ -1,24 +1,58 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: v1 kind: Namespace metadata: name: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ServiceAccount metadata: name: eventing-controller namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: eventing-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -33,7 +67,9 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -48,7 +84,9 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-source-observer labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -63,7 +101,9 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-sources-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -78,7 +118,9 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-manipulator labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -87,21 +129,40 @@ roleRef: kind: ClusterRole name: channelable-manipulator apiGroup: rbac.authorization.k8s.io + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ServiceAccount metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-eventing-pingsource-mt-adapter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: pingsource-mt-adapter @@ -110,21 +171,40 @@ roleRef: kind: ClusterRole name: knative-eventing-pingsource-mt-adapter apiGroup: rbac.authorization.k8s.io + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ServiceAccount metadata: name: eventing-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: eventing-webhook labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-webhook @@ -140,7 +220,9 @@ metadata: namespace: knative-eventing name: eventing-webhook labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-webhook @@ -155,7 +237,9 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-webhook @@ -170,7 +254,9 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-podspecable-binding labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-webhook @@ -179,27 +265,62 @@ roleRef: kind: ClusterRole name: podspecable-binding apiGroup: rbac.authorization.k8s.io + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-br-default-channel namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing data: - channelTemplateSpec: | + channel-template-spec: | apiVersion: messaging.knative.dev/v1 kind: InMemoryChannel + --- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-br-defaults namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing data: + # Configures the default for any Broker that does not specify a spec.config or Broker class. default-br-config: | clusterDefault: brokerClass: MTChannelBasedBroker @@ -207,15 +328,37 @@ data: kind: ConfigMap name: config-br-default-channel namespace: knative-eventing + delivery: + retry: 10 + backoffPolicy: exponential + backoffDelay: PT0.2S + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: default-ch-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing data: + # Configuration for defaulting channels that do not specify CRD implementations. default-ch-config: | clusterDefault: apiVersion: messaging.knative.dev/v1 @@ -224,16 +367,33 @@ data: some-namespace: apiVersion: messaging.knative.dev/v1 kind: InMemoryChannel + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-ping-defaults namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" annotations: - knative.dev/example-checksum: "f8e5a744" + knative.dev/example-checksum: "9185c153" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing data: _example: | ################################ @@ -253,17 +413,130 @@ data: # Max number of bytes allowed to be sent for message excluding any # base64 decoding. Default is no limit set for data - dataMaxSize: -1 + data-max-size: -1 + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-features + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +data: + # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. + # For more details: https://github.com/knative/eventing/issues/5086 + kreference-group: "disabled" + # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. + # For more details: https://github.com/knative/eventing/issues/5811 + delivery-retryafter: "disabled" + # ALPHA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. + # For more details: https://github.com/knative/eventing/issues/5148 + delivery-timeout: "disabled" + # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI + # For more details: https://github.com/knative/eventing/issues/5593 + kreference-mapping: "disabled" + # ALPHA feature: The subscriber-strict flag force subscriptions to define a subscriber + # For more details: https://github.com/knative/eventing/issues/5756 + strict-subscriber: "disabled" + # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field + # in Trigger objects with its rich filtering capabilities. + # For more details: https://github.com/knative/eventing/issues/5204 + new-trigger-filters: "disabled" + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kreference-mapping + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/config-propagation: original + knative.dev/config-category: eventing + annotations: + knative.dev/example-checksum: "7375dbe1" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + + # this is an example of mapping from pod to addressable-pod service + # the data key must be of the form "kind.version.group" + # the data value must be a valid URL. Valid template data are: + # - Name: reference name + # - Namespace: reference namespace + # - SystemNamespace: knative namespace + # - UID: reference UID + # + # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-leader-election namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing annotations: - knative.dev/example-checksum: "96896b00" + knative.dev/example-checksum: "f7948630" data: _example: | ################################ @@ -281,17 +554,17 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # leaseDuration is how long non-leaders will wait to try to acquire the + # lease-duration is how long non-leaders will wait to try to acquire the # lock; 15 seconds is the value used by core kubernetes controllers. - leaseDuration: "15s" + lease-duration: "15s" - # renewDeadline is how long a leader will try to renew the lease before + # renew-deadline is how long a leader will try to renew the lease before # giving up; 10 seconds is the value used by core kubernetes controllers. - renewDeadline: "10s" + renew-deadline: "10s" - # retryPeriod is how long the leader election client waits between tries of + # retry-period is how long the leader election client waits between tries of # actions; 2 seconds is the value used by core kubernetes controllers. - retryPeriod: "2s" + retry-period: "2s" # buckets is the number of buckets used to partition key space of each # Reconciler. If this number is M and the replica number of the controller @@ -299,17 +572,35 @@ data: # bucket will take care of the reconciling for the keys partitioned into # that bucket. buckets: "1" + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-logging namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" knative.dev/config-propagation: original knative.dev/config-category: eventing + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing data: + # Common configuration for all Knative codebase zap-logger-config: | { "level": "info", @@ -331,18 +622,37 @@ data: "callerEncoder": "" } } + # Log level overrides + # For all components changes are be picked up immediately. loglevel.controller: "info" loglevel.webhook: "info" + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-observability namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" knative.dev/config-propagation: original knative.dev/config-category: eventing + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f46cf09d" data: @@ -393,18 +703,93 @@ data: # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating # a failure to send a cloud event to the sink. sink-event-error-reporting.enable: "false" + +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-sugar + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "b05e6e70" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # namespace-selector specifies a LabelSelector which + # determines which namespaces the Sugar Controller should operate upon + # Use an empty value to disable the feature (this is the default): + namespace-selector: "" + + # Use an empty object to enable for all namespaces + namespace-selector: {} + + # trigger-selector specifies a LabelSelector which + # determines which triggers the Sugar Controller should operate upon + # Use an empty value to disable the feature (this is the default): + trigger-selector: "" + + # Use an empty object to enable for all triggers + trigger-selector: {} + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ConfigMap metadata: name: config-tracing namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" knative.dev/config-propagation: original knative.dev/config-category: eventing + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing annotations: - knative.dev/example-checksum: "4002b4c2" + knative.dev/example-checksum: "0492ceb0" data: _example: | ################################ @@ -421,33 +806,46 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. # - # This may be "zipkin" or "stackdriver", the default is "none" + # This may be "zipkin" or "none". the default is "none" backend: "none" # URL to zipkin collector where traces are sent. # This must be specified when backend is "zipkin" zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - # The GCP project into which stackdriver metrics will be written - # when backend is "stackdriver". If unspecified, the project-id - # is read from GCP metadata when running on GCP. - stackdriver-project-id: "my-project" - # Enable zipkin debug mode. This allows all spans to be sent to the server # bypassing sampling. debug: "false" # Percentage (0-1) of requests to trace sample-rate: "0.1" + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: eventing-controller namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" knative.dev/high-availability: "true" + app.kubernetes.io/component: eventing-controller + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -456,8 +854,12 @@ spec: metadata: labels: app: eventing-controller - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: eventing-controller + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -472,7 +874,7 @@ spec: containers: - name: eventing-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:6ddffbc286a84048cfd090193d00b4ecda25a3a7bf2de1a8e873f8b3755cc913 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:ed8e55c792c8e1203b14c8b886d38c8aabe6e565b6ab5d17fdf56234a8a174ca resources: requests: cpu: 100m @@ -488,44 +890,89 @@ spec: value: config-observability - name: METRICS_DOMAIN value: knative.dev/eventing + # APIServerSource - name: APISERVER_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:a05b1db9acdfe901417307ddf403ec3702f219e5aeb25d692bc9542fc6421330 + value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:908675367940cb9a46ca7d30d92ce85540d9143b8253ba443eb8a32e86d33bec - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name + ## Adapter settings + # - name: K_LOGGING_CONFIG + # value: '' + # - name: K_LEADER_ELECTION_CONFIG + # value: '' + # - name: K_NO_SHUTDOWN_AFTER + # value: '' + ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout + # - name: K_SINK_TIMEOUT + # value: '' securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 - name: profiling containerPort: 8008 + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: pingsource-mt-adapter + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: + # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. replicas: 0 selector: - matchLabels: + matchLabels: &labels eventing.knative.dev/source: ping-source-controller sources.knative.dev/role: adapter template: metadata: labels: - eventing.knative.dev/source: ping-source-controller - sources.knative.dev/role: adapter - eventing.knative.dev/release: "v0.22.1" + !!merge <<: *labels + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: pingsource-mt-adapter + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: *labels + topologyKey: kubernetes.io/hostname + weight: 100 enableServiceLinks: false containers: - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:edf462d03591e53e536640591a53538e6bea837fea15ed081eccfb42bc35a5c0 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:f561f45c932a9dc4c5a4aacb4326388262c95929a68be596f7a99e3a9e2c5a7f env: - name: SYSTEM_NAMESPACE value: '' @@ -533,6 +980,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + # DO NOT MODIFY: The values below are being filled by the ping source controller + # See 500-controller.yaml - name: K_METRICS_CONFIG value: '' - name: K_LOGGING_CONFIG @@ -558,15 +1007,40 @@ spec: limits: cpu: 1000m memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all serviceAccountName: pingsource-mt-adapter + --- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: eventing-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: apiVersion: apps/v1 @@ -582,37 +1056,63 @@ spec: type: Utilization averageUtilization: 100 --- +# Webhook PDB. apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: eventing-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: minAvailable: 80% selector: matchLabels: app: eventing-webhook + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: eventing-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: selector: - matchLabels: + matchLabels: &labels app: eventing-webhook role: eventing-webhook template: metadata: labels: - app: eventing-webhook - role: eventing-webhook + !!merge <<: *labels + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -627,12 +1127,16 @@ spec: containers: - name: eventing-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:9f70a2a8bb78781472fba0327c5d6ff91f13a29736d4502bf8ad3d60d3f16ccd + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:cbc6ee9181614a76bedd67b8f10250566a4e448e07f25da888dde3ed4f7670fb resources: requests: + # taken from serving. cpu: 100m memory: 50Mi limits: + # taken from serving. cpu: 200m memory: 200Mi env: @@ -648,6 +1152,13 @@ spec: value: eventing-webhook - name: WEBHOOK_PORT value: "8443" + # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector + # for the sinkbinding webhook. + # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` + # will be considered by the sinkbinding webhook; + # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` + # will NOT be considered by the sinkbinding webhook. + # The default is `exclusion`. - name: SINK_BINDING_SELECTION_MODE value: "exclusion" - name: POD_NAME @@ -656,6 +1167,11 @@ spec: fieldPath: metadata.name securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: https-webhook containerPort: 8443 @@ -663,7 +1179,7 @@ spec: containerPort: 9090 - name: profiling containerPort: 8008 - readinessProbe: + readinessProbe: &probe periodSeconds: 1 httpGet: scheme: HTTPS @@ -672,22 +1188,21 @@ spec: - name: k-kubelet-probe value: "webhook" livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" + !!merge <<: *probe initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. terminationGracePeriodSeconds: 300 --- apiVersion: v1 kind: Service metadata: labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" role: eventing-webhook + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing name: eventing-webhook namespace: knative-eventing spec: @@ -697,17 +1212,35 @@ spec: targetPort: 8443 selector: role: eventing-webhook + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing annotations: + # TODO add schemas and descriptions registry.knative.dev/eventTypes: | [ { "type": "dev.knative.apiserver.resource.add" }, @@ -721,128 +1254,92 @@ metadata: spec: group: sources.knative.dev versions: - - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: openAPIV3Schema: - type: object description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' + type: object properties: spec: type: object - description: 'ApiServerSourceSpec defines the desired state of ApiServerSource (from the client).' + required: + - resources properties: ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. type: object properties: extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. type: object - additionalProperties: - type: string + x-kubernetes-preserve-unknown-fields: true mode: - description: 'Mode is the mode the receive adapter controller runs under: Ref or Resource. `Ref` sends only the reference to the resource. `Resource` send the full resource.' + description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` type: string owner: - description: 'ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter.' + description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. type: object properties: apiVersion: - description: 'APIVersion - the API version of the resource to watch.' + description: APIVersion - the API version of the resource to watch. type: string kind: description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string resources: - description: 'Resources is the list of resources to watch' + description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. type: array items: type: object properties: apiVersion: - description: 'API version of the resource to watch.' + description: APIVersion - the API version of the resource to watch. type: string - controller: - description: 'If true, send an event referencing the object controlling the resource Deprecated: Per-resource controller flag will no longer be supported in v1alpha2, please use Spec.Owner as a GKV.' - type: boolean - controllerSelector: - description: 'ControllerSelector restricts this source to objects with a controlling owner reference of the specified kind. Only apiVersion and kind are used. Both are optional. Deprecated: Per-resource owner refs will no longer be supported in v1alpha2, please use Spec.Owner as a GKV.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - blockOwnerDeletion: - description: 'If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.' - type: boolean - controller: - description: 'If true, this reference points to the managing controller.' - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string kind: description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - labelSelector: - description: 'LabelSelector restricts this source to objects with the selected labels More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + selector: + description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' type: object properties: matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: type: object properties: key: - description: 'key is the label key that the selector applies to.' + description: key is the label key that the selector applies to. type: string operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. type: array items: type: string matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this source.' + description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. type: string sink: - description: 'Sink is a reference to an object that will resolve to a domain name to use as the sink.' + description: Sink is a reference to an object that will resolve to a uri to use as the sink. type: object properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - namespace: - type: string ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -851,39 +1348,32 @@ spec: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string status: type: object - description: 'ApiServerSourceStatus defines the observed state of ApiServerSource (from the controller).' properties: annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array items: type: object properties: source: - description: 'Source is the CloudEvents source attribute.' + description: Source is the CloudEvents source attribute. type: string type: - description: Type refers to the CloudEvent type attribute.' + description: Type refers to the CloudEvent type attribute. type: string conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object @@ -892,29 +1382,29 @@ spec: - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' + description: SinkURI is the current active sink URI that has been configured for the Source. type: string additionalPrinterColumns: - name: Sink @@ -929,142 +1419,128 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1alpha2 + names: + categories: + - all + - knative + - sources + kind: ApiServerSource + plural: apiserversources + singular: apiserversource + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: brokers.eventing.knative.dev + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 served: true - storage: false + storage: true + subresources: + status: {} schema: openAPIV3Schema: + description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' type: object - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' properties: spec: + description: Spec defines the desired state of the Broker. type: object - description: 'ApiServerSourceSpec defines the desired state of ApiServerSource (from the client).' - required: - - resources properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - mode: - description: 'EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference`' - type: string - owner: - description: 'ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter.' + config: + description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. type: object properties: apiVersion: - description: 'APIVersion - the API version of the resource to watch.' + description: API version of the referent. type: string kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - resources: - description: 'Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter.' - type: array - items: - type: object - properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' - type: array - items: - type: object - properties: - key: - description: 'key is the label key that the selector applies to.' - type: string - operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' - type: string - values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' - type: array - items: - type: string - matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. type: object properties: - ref: - description: 'Ref points to an Addressable.' + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. type: object properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout status: + description: Status represents the current state of the Broker. This data may be out of date. type: object - description: 'ApiServerSourceStatus defines the observed state of ApiServerSource (from the controller).' properties: + address: + description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. + type: object + properties: + url: + type: string annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object @@ -1090,19 +1566,17 @@ spec: type: description: 'Type of condition.' type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - - subresources: - status: {} additionalPrinterColumns: - - name: Sink + - name: URL type: string - jsonPath: ".status.sinkUri" + jsonPath: .status.address.url - name: Age type: date jsonPath: .metadata.creationTimestamp @@ -1112,127 +1586,212 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1beta1 + names: + kind: Broker + plural: brokers + singular: broker + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: channels.messaging.knative.dev + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 served: true - storage: false + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" schema: openAPIV3Schema: + description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' type: object - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' properties: spec: + description: Spec defines the desired state of the Channel. type: object - description: 'ApiServerSourceSpec defines the desired state of ApiServerSource (from the client).' - required: - - resources properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. type: object properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. type: object - additionalProperties: - type: string - mode: - description: 'EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference`' - type: string - owner: - description: 'ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter.' + x-kubernetes-preserve-unknown-fields: true + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. type: object properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). type: string - resources: - description: 'Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter.' + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + subscribers: + description: This is the list of subscriptions for this subscribable. type: array items: type: object properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + delivery: + description: DeliverySpec contains options controlling the event delivery type: object properties: - matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' - type: array - items: - type: object - properties: - key: - description: 'key is the label key that the selector applies to.' - type: string - operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' - type: string - values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' - type: array - items: - type: string - matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string status: + description: Status represents the current state of the Channel. This data may be out of date. type: object - description: 'ApiServerSourceStatus defines the observed state of ApiServerSource (from the controller).' properties: + address: + type: object + properties: + url: + type: string annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string + channel: + description: Channel is an KReference to the Channel CRD backing this Channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object @@ -1241,131 +1800,138 @@ spec: - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + names: + kind: Channel + plural: channels + singular: channel + categories: + - all + - knative + - messaging + - channel + shortNames: + - ch + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/release: "v1.4.0" + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + name: containersources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 served: true storage: true + subresources: + status: {} schema: openAPIV3Schema: + description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' type: object - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' properties: spec: type: object - description: 'ApiServerSourceSpec defines the desired state of ApiServerSource (from the client).' - required: - - resources properties: ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. type: object properties: extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. type: object - additionalProperties: - type: string - mode: - description: 'EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference`' - type: string - owner: - description: 'ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter.' - type: object - properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: 'Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter.' - type: array - items: - type: object - properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' - type: array - items: - type: object - properties: - key: - description: 'key is the label key that the selector applies to.' - type: string - operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' - type: string - values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' - type: array - items: - type: string - matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set.' - type: string + x-kubernetes-preserve-unknown-fields: true sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + description: Sink is a reference to an object that will resolve to a uri to use as the sink. type: object properties: ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -1377,30 +1943,34 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' status: type: object - description: 'ApiServerSourceStatus defines the observed state of ApiServerSource (from the controller).' properties: annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array items: type: object properties: source: - description: 'Source is the CloudEvents source attribute.' + description: Source is the CloudEvents source attribute. type: string type: - description: 'Type refers to the CloudEvent type attribute.' + description: Type refers to the CloudEvent type attribute. type: string conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object @@ -1409,142 +1979,120 @@ spec: - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' + description: SinkURI is the current active sink URI that has been configured for the Source. type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: categories: - all - knative - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource + kind: ContainerSource + plural: containersources + singular: containersource scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: brokers.eventing.knative.dev + name: eventtypes.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev versions: - name: v1beta1 served: true - storage: false + storage: true subresources: status: {} schema: openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' type: object + description: 'EventType represents a type of event that can be consumed from a Broker.' properties: spec: - description: Spec defines the desired state of the Broker. + description: 'Spec defines the desired state of the EventType.' type: object properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 + broker: + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string status: - description: Status represents the current state of the Broker. This data may be out of date. + description: 'Status represents the current state of the EventType. This data may be out of date.' type: object properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' type: object x-kubernetes-preserve-unknown-fields: true conditions: - description: Conditions the latest available observations of a resource's current state. + description: 'Conditions the latest available observations of a resource''s current state.' type: array items: type: object @@ -1571,108 +2119,167 @@ spec: description: 'Type of condition.' type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' type: integer format: int64 additionalPrinterColumns: - - name: URL + - name: Type type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready + jsonPath: ".spec.type" + - name: Source type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason + jsonPath: ".spec.source" + - name: Schema type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: URL + jsonPath: ".spec.schema" + - name: Broker type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + jsonPath: ".spec.broker" + - name: Description + type: string + jsonPath: ".spec.description" + # TODO remove Status https://github.com/knative/eventing/issues/2750 - name: Ready type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 + names: + kind: EventType + plural: eventtypes + singular: eventtype + categories: + - all + - knative + - eventing + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: parallels.flows.knative.dev + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 served: true storage: true + subresources: + status: {} schema: openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' + description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' type: object properties: spec: - description: Spec defines the desired state of the Broker. + description: Spec defines the desired state of the Parallel. type: object properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. + branches: + description: Branches is the list of Filter/Subscribers pairs. + type: array + items: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + delivery: + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: &addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + filter: + description: Filter is the expression guarding the branch + type: object + properties: + !!merge <<: *addressableProperties + reply: + description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply + type: object + properties: + !!merge <<: *addressableProperties + subscriber: + description: Subscriber receiving the event when the filter passes + type: object + properties: + !!merge <<: *addressableProperties + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). type: object properties: apiVersion: - description: API version of the referent. + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + reply: + description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply type: object properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 + !!merge <<: *addressableProperties status: - description: Status represents the current state of the Broker. This data may be out of date. + description: Status represents the current state of the Parallel. This data may be out of date. type: object properties: address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. type: object properties: url: @@ -1681,318 +2288,362 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + branchStatuses: + description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. + type: array + items: + type: object + properties: + filterChannelStatus: + description: FilterChannelStatus corresponds to the filter channel status. + type: object + properties: &channelProperties + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: &referentProperties + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: &readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + filterSubscriptionStatus: + description: FilterSubscriptionStatus corresponds to the filter subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + !!merge <<: *readyConditionProperties + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + !!merge <<: *referentProperties + subscriberSubscriptionStatus: + description: SubscriptionStatus corresponds to the subscriber subscription status. + type: object + properties: + ready: + description: ReadyCondition indicates whether the Subscription is ready or not. + type: object + properties: + !!merge <<: *readyConditionProperties + subscription: + description: Subscription is the reference to the underlying Subscription. + type: object + properties: + !!merge <<: *referentProperties conditions: description: Conditions the latest available observations of a resource's current state. type: array items: type: object - required: - - type - - status properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string + !!merge <<: *readyConditionProperties + ingressChannelStatus: + description: IngressChannelStatus corresponds to the ingress channel status. + type: object + properties: + !!merge <<: *channelProperties observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" names: - kind: Broker - plural: brokers - singular: broker + kind: Parallel + plural: parallels + singular: parallel categories: - all - knative - - eventing + - flows scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: channels.messaging.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + annotations: + # TODO add schemas and descriptions + registry.knative.dev/eventTypes: | + [ + { "type": "dev.knative.sources.ping" } + ] + name: pingsources.sources.knative.dev spec: - group: messaging.knative.dev + group: sources.knative.dev versions: - - name: v1beta1 + - &version + name: v1beta2 served: true storage: false subresources: status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" schema: openAPIV3Schema: type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' properties: spec: - description: Spec defines the desired state of the Channel. type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' type: object properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' type: object + additionalProperties: + type: string x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains options controlling the event delivery + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' type: object properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + ref: + description: 'Ref points to an Addressable.' type: object properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + apiVersion: + description: 'API version of the referent.' type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string status: - description: Status represents the current state of the Channel. This data may be out of date. type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' properties: - address: - type: object - properties: - url: - type: string annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' type: object x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string conditions: - description: Conditions the latest available observations of a resource's current state. + description: 'Conditions the latest available observations of a resource''s current state.' type: array items: type: object - x-kubernetes-preserve-unknown-fields: true + required: + - type + - status properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string message: - description: A human readable message indicating details about the transition. + description: 'A human readable message indicating details about the transition.' type: string reason: - description: The reason for the condition's last transition. + description: 'The reason for the condition''s last transition.' type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' type: string status: - description: Status of the condition, one of True, False, Unknown. + description: 'Status of the condition, one of True, False, Unknown.' type: string type: - description: Type of condition. + description: 'Type of condition.' type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' type: integer format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - - subresources: - status: {} + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string additionalPrinterColumns: - - name: URL + - name: Sink type: string - jsonPath: .status.address.url + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule - name: Age type: date jsonPath: .metadata.creationTimestamp - name: Ready type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - !!merge <<: *version name: v1 served: true storage: true + # v1 schema is identical to the v1beta2 schema + names: + categories: + - all + - knative + - sources + kind: PingSource + plural: pingsources + singular: pingsource + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sequences.flows.knative.dev + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} schema: openAPIV3Schema: + description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' type: object properties: spec: - description: Spec defines the desired state of the Channel. + description: Spec defines the desired state of the Sequence. type: object properties: channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). type: object properties: apiVersion: @@ -2005,51 +2656,37 @@ spec: description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. type: object x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains options controlling the event delivery + reply: + description: Reply is a Reference to where the result of the last Subscriber gets sent to. type: object properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + ref: + description: Ref points to an Addressable. type: object properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - subscribers: - description: This is the list of subscriptions for this subscribable. + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + steps: + description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options type: array items: type: object properties: delivery: - description: DeliverySpec contains options controlling the event delivery + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. type: object properties: backoffDelay: @@ -2085,21 +2722,28 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string status: - description: Status represents the current state of the Channel. This data may be out of date. + description: Status represents the current state of the Sequence. This data may be out of date. type: object properties: address: @@ -2111,29 +2755,74 @@ spec: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string + channelStatuses: + description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. + type: array + items: + type: object + properties: + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array items: type: object - x-kubernetes-preserve-unknown-fields: true + required: + - type + - status properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string message: description: A human readable message indicating details about the transition. type: string @@ -2149,3232 +2838,70 @@ spec: type: description: Type of condition. type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. + subscriptionStatuses: + description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. type: array items: type: object properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/release: "v0.22.1" - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1alpha2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - properties: - spec: - type: object - description: 'ContainerSourceSpec defines the desired state of ContainerSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - template: - description: 'Template describes the pods that will be created' - type: object - properties: - annotations: - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - x-kubernetes-preserve-unknown-fields: true - clusterName: - description: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' - type: string - creationTimestamp: - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - deletionGracePeriodSeconds: - description: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' - type: integer - format: int64 - deletionTimestamp: - description: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - finalizers: - description: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' - type: array - items: - type: string - generateName: - description: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' - type: string - generation: - description: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' - type: integer - format: int64 - labels: - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - x-kubernetes-preserve-unknown-fields: true - managedFields: - description: 'ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn''t need to set or understand this field. A workflow can be the user''s name, a controller''s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. ' - type: array - items: + description: ReadyCondition indicates whether the Subscription is ready or not. type: object + required: + - type + - status properties: - apiVersion: - description: 'APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.' - type: string - fieldsType: - description: 'FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"' + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string - fieldsV1: - description: 'FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.' + message: + description: A human readable message indicating details about the transition. type: string - manager: - description: 'Manager is an identifier of the workflow managing these fields.' - type: string - operation: - description: 'Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are "Apply" and "Update".' - type: string - time: - description: 'Time is timestamp of when these fields were set. It should always be empty if Operation is "Apply"' - type: string - name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: 'Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' - type: string - ownerReferences: - description: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' - type: array - items: - type: object - properties: - apiVersion: - description: 'API version of the referent.' + reason: + description: The reason for the condition's last transition. type: string - blockOwnerDeletion: - description: 'If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.' - type: boolean - controller: - description: 'If true, this reference points to the managing controller.' - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + status: + description: Status of the condition, one of True, False, Unknown. type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: + description: Type of condition. type: string - resourceVersion: - description: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: 'SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' - type: string - spec: - description: 'Specification of the desired behavior of the pod. More info: Type ''kubectl explain pod.spec''. Also, https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - x-kubernetes-preserve-unknown-fields: true - uid: - description: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - status: - type: object - description: 'ContainerSourceStatus defines the observed state of ContainerSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1beta1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - properties: - spec: - type: object - description: 'ContainerSourceSpec defines the desired state of ContainerSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - template: - description: 'Template describes the pods that will be created' - type: object - properties: - annotations: - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - x-kubernetes-preserve-unknown-fields: true - clusterName: - description: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' - type: string - creationTimestamp: - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - deletionGracePeriodSeconds: - description: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' - type: integer - format: int64 - deletionTimestamp: - description: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - finalizers: - description: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' - type: array - items: - type: string - generateName: - description: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' - type: string - generation: - description: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' - type: integer - format: int64 - labels: - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - x-kubernetes-preserve-unknown-fields: true - managedFields: - description: 'ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn''t need to set or understand this field. A workflow can be the user''s name, a controller''s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. ' - type: array - items: + subscription: + description: Subscription is the reference to the underlying Subscription. type: object properties: apiVersion: - description: 'APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.' - type: string - fieldsType: - description: 'FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"' - type: string - fieldsV1: - description: 'FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.' - type: string - manager: - description: 'Manager is an identifier of the workflow managing these fields.' - type: string - operation: - description: 'Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are "Apply" and "Update".' - type: string - time: - description: 'Time is timestamp of when these fields were set. It should always be empty if Operation is "Apply"' + description: API version of the referent. type: string - name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: 'Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' - type: string - ownerReferences: - description: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' - type: array - items: - type: object - properties: - apiVersion: - description: 'API version of the referent.' + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' type: string - blockOwnerDeletion: - description: 'If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.' - type: boolean - controller: - description: 'If true, this reference points to the managing controller.' - type: boolean kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string - resourceVersion: - description: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: 'SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' - type: string - spec: - description: 'Specification of the desired behavior of the pod. More info: Type ''kubectl explain pod.spec''. Also, https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - x-kubernetes-preserve-unknown-fields: true - uid: - description: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - status: - type: object - description: 'ContainerSourceStatus defines the observed state of ContainerSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - properties: - spec: - type: object - description: 'ContainerSourceSpec defines the desired state of ContainerSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - template: - description: 'Template describes the pods that will be created' - type: object - properties: - annotations: - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - x-kubernetes-preserve-unknown-fields: true - clusterName: - description: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' - type: string - creationTimestamp: - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - deletionGracePeriodSeconds: - description: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' - type: integer - format: int64 - deletionTimestamp: - description: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - finalizers: - description: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' - type: array - items: - type: string - generateName: - description: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' - type: string - generation: - description: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' - type: integer - format: int64 - labels: - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - x-kubernetes-preserve-unknown-fields: true - managedFields: - description: 'ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn''t need to set or understand this field. A workflow can be the user''s name, a controller''s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. ' - type: array - items: - type: object - properties: - apiVersion: - description: 'APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.' - type: string - fieldsType: - description: 'FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"' - type: string - fieldsV1: - description: 'FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.' - type: string - manager: - description: 'Manager is an identifier of the workflow managing these fields.' - type: string - operation: - description: 'Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are "Apply" and "Update".' - type: string - time: - description: 'Time is timestamp of when these fields were set. It should always be empty if Operation is "Apply"' - type: string - name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: 'Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' - type: string - ownerReferences: - description: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' - type: array - items: - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - blockOwnerDeletion: - description: 'If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.' - type: boolean - controller: - description: 'If true, this reference points to the managing controller.' - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - resourceVersion: - description: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: 'SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' - type: string - spec: - description: 'Specification of the desired behavior of the pod. More info: Type ''kubectl explain pod.spec''. Also, https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - x-kubernetes-preserve-unknown-fields: true - uid: - description: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - status: - type: object - description: 'ContainerSourceStatus defines the observed state of ContainerSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" -spec: - group: eventing.knative.dev - versions: - - name: v1alpha1 - served: false - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: flows.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: Filter is the expression guarding the branch - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: Filter is the expression guarding the branch - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/release: "v0.22.1" - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - annotations: - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1alpha2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - jsonData: - description: 'JsonData is json encoded data used as the body of the event posted to the sink. Default is empty. If set, datacontenttype will also be set to "application/json".' - type: string - schedule: - description: 'Schedule is the cronjob schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1beta1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - jsonData: - description: 'JsonData is json encoded data used as the body of the event posted to the sink. Default is empty. If set, datacontenttype will also be set to "application/json".' - type: string - schedule: - description: 'Schedule is the cronjob schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1beta2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - contentType: - description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' - type: string - data: - description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' - type: string - dataBase64: - description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." - type: string - schedule: - description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: flows.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Sequence. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - status: - description: Status represents the current state of the Sequence. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/release: "v0.22.1" - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1alpha1 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1alpha2 - served: true - storage: false - - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1beta1 - served: true - storage: false - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' - properties: - spec: - type: object - description: 'SinkBindingSpec holds the desired state of the SinkBinding (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - subject: - description: 'Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent.' - type: string - name: - description: 'Name of the referent. Mutually exclusive with Selector.' - type: string - namespace: - description: 'Namespace of the referent.' - type: string - selector: - description: 'Selector of the referents. Mutually exclusive with Name.' - type: object - properties: - matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' - type: array - items: - type: object - properties: - key: - description: 'key is the label key that the selector applies to.' - type: string - operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' - type: string - values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' - type: array - items: - type: string - matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - description: 'SinkBindingStatus communicates the observed state of the SinkBinding (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - names: - categories: - - all - - knative - - sources - - bindings - kind: SinkBinding - plural: sinkbindings - singular: sinkbinding - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" -spec: - group: messaging.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - properties: - spec: - type: object - description: 'Specifies the Channel for incoming events, a Subscriber target for processing those events and where to put the result of the processing. Only From (where the events are coming from) is always required. You can optionally only Process the events (results in no output events) by leaving out the Result. You can also perform an identity transformation on the incoming events by leaving out the Subscriber and only specifying Result. - - The following are all valid specifications: channel --[subscriber]--> reply Sink, no outgoing events: channel -- subscriber no-op function (identity transformation): channel --> reply' - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription You can specify only the following fields of the ObjectReference: - Kind - APIVersion - Name The resource pointed by this ObjectReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - delivery: - description: 'Delivery configuration' - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: 'BackoffPolicy is the retry backoff policy (linear, exponential).' - type: string - deadLetterSink: - description: 'DeadLetterSink is the sink receiving event that could not be sent to a destination.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - retry: - description: 'Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.' - type: integer - format: int32 - reply: - description: 'Reply specifies (optionally) how to handle events returned from the Subscriber target.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - subscriber: - description: 'Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - status: - type: object - description: Status (computed) for a subscription - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - physicalSubscription: - description: 'PhysicalSubscription is the fully resolved values that this Subscription represents.' - type: object - properties: - deadLetterSinkUri: - description: 'ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink.' - type: string - replyUri: - description: 'ReplyURI is the fully resolved URI for the spec.reply.' - type: string - subscriberUri: - description: 'SubscriberURI is the fully resolved URI for spec.subscriber.' - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url - name: Age type: date jsonPath: .metadata.creationTimestamp @@ -5384,92 +2911,77 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 + names: + kind: Sequence + plural: sequences + singular: sequence + categories: + - all + - knative + - flows + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/release: "v1.4.0" + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + duck.knative.dev/binding: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + name: sinkbindings.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 served: true storage: true + subresources: + status: {} schema: openAPIV3Schema: + description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' type: object - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' properties: spec: type: object - description: 'Specifies the Channel for incoming events, a Subscriber target for processing those events and where to put the result of the processing. Only From (where the events are coming from) is always required. You can optionally only Process the events (results in no output events) by leaving out the Result. You can also perform an identity transformation on the incoming events by leaving out the Subscriber and only specifying Result. - - The following are all valid specifications: channel --[subscriber]--> reply Sink, no outgoing events: channel -- subscriber no-op function (identity transformation): channel --> reply' properties: - channel: - description: 'Reference to a channel that will be used to create the subscription You can specify only the following fields of the ObjectReference: - Kind - APIVersion - Name The resource pointed by this ObjectReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - delivery: - description: 'Delivery configuration' + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. type: object properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: 'BackoffPolicy is the retry backoff policy (linear, exponential).' - type: string - deadLetterSink: - description: 'DeadLetterSink is the sink receiving event that could not be sent to a destination.' + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - retry: - description: 'Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.' - type: integer - format: int32 - reply: - description: 'Reply specifies (optionally) how to handle events returned from the Subscriber target.' + x-kubernetes-preserve-unknown-fields: true + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. type: object properties: ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -5481,144 +2993,181 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string - subscriber: - description: 'Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply.' + subject: + description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. type: object properties: - ref: - description: 'Ref points to an Addressable.' + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. Mutually exclusive with Selector. + type: string + namespace: + description: Namespace of the referent. + type: string + selector: + description: Selector of the referents. Mutually exclusive with Name. type: object properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + type: object + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + x-kubernetes-preserve-unknown-fields: true status: type: object - description: Status (computed) for a subscription properties: annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object + required: + - type + - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - physicalSubscription: - description: 'PhysicalSubscription is the fully resolved values that this Subscription represents.' - type: object - properties: - deadLetterSinkUri: - description: 'ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink.' - type: string - replyUri: - description: 'ReplyURI is the fully resolved URI for the spec.reply.' - type: string - subscriberUri: - description: 'SubscriberURI is the fully resolved URI for spec.subscriber.' - type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: - kind: Subscription - plural: subscriptions - singular: subscription categories: - all - knative - - messaging - shortNames: - - sub + - sources + - bindings + kind: SinkBinding + plural: sinkbindings + singular: sinkbinding scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: triggers.eventing.knative.dev + name: subscriptions.messaging.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: - group: eventing.knative.dev + group: messaging.knative.dev versions: - - name: v1beta1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" schema: openAPIV3Schema: + description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' type: object properties: spec: - description: Spec defines the desired state of the Trigger. type: object properties: - broker: - description: Broker is the broker that this trigger receives events from. If not specified, will default to ''default''.' - type: string + channel: + description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery: - description: Delivery contains the delivery spec for this specific trigger. + description: Delivery configuration type: object properties: backoffDelay: @@ -5654,16 +3203,32 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + reply: + description: Reply specifies (optionally) how to handle events returned from the Subscriber target. type: object properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' + ref: + description: Ref points to an Addressable. type: object - x-kubernetes-preserve-unknown-fields: true + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. + description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. type: object properties: ref: @@ -5682,11 +3247,11 @@ spec: namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string status: - description: Status represents the current state of the Trigger. This data may be out of date. type: object properties: annotations: @@ -5703,31 +3268,93 @@ spec: - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - - subresources: + physicalSubscription: + description: PhysicalSubscription is the fully resolved values that this Subscription represents. + type: object + properties: + deadLetterSinkUri: + description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. + type: string + replyUri: + description: ReplyURI is the fully resolved URI for the spec.reply. + type: string + subscriberUri: + description: SubscriberURI is the fully resolved URI for spec.subscriber. + type: string + additionalPrinterColumns: + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Subscription + plural: subscriptions + singular: subscription + categories: + - all + - knative + - messaging + shortNames: + - sub + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: triggers.eventing.knative.dev + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: status: {} additionalPrinterColumns: - name: Broker @@ -5745,9 +3372,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 - served: true - storage: true schema: openAPIV3Schema: description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' @@ -5756,6 +3380,7 @@ spec: spec: description: Spec defines the desired state of the Trigger. type: object + x-kubernetes-preserve-unknown-fields: true properties: broker: description: Broker is the broker that this trigger receives events from. @@ -5763,6 +3388,7 @@ spec: delivery: description: Delivery contains the delivery spec for this specific trigger. type: object + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout properties: backoffDelay: description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' @@ -5863,6 +3489,9 @@ spec: type: description: 'Type of condition.' type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -5879,34 +3508,47 @@ spec: - knative - eventing scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "Addressables" apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: - matchLabels: duck.knative.dev/addressable: "true" -rules: [] +rules: [] # Rules are automatically filled in by the controller manager. --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: service-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - "" @@ -5922,8 +3564,11 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: serving-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - serving.knative.dev @@ -5942,8 +3587,11 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: channel-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - messaging.knative.dev @@ -5966,8 +3614,11 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: broker-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - eventing.knative.dev @@ -5981,31 +3632,14 @@ rules: --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: messaging-addressable-resolver - labels: - eventing.knative.dev/release: "v0.22.1" - duck.knative.dev/addressable: "true" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - sequences - - sequences/status - - parallels - - parallels/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flows-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - flows.knative.dev @@ -6018,13 +3652,30 @@ rules: - get - list - watch + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: eventing-broker-filter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6049,7 +3700,9 @@ kind: ClusterRole metadata: name: eventing-broker-ingress labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6065,7 +3718,9 @@ kind: ClusterRole metadata: name: eventing-config-reader labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6075,26 +3730,47 @@ rules: - "get" - "list" - "watch" + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: channelable-manipulator labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: - matchLabels: duck.knative.dev/channelable: "true" -rules: [] +rules: [] # Rules are automatically filled in by the controller manager. --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: meta-channelable-manipulator labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" duck.knative.dev/channelable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: - apiGroups: - messaging.knative.dev @@ -6108,14 +3784,32 @@ rules: - watch - update - patch + - delete + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-eventing-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev"] resources: ["*"] @@ -6126,8 +3820,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-messaging-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["messaging.knative.dev"] resources: ["*"] @@ -6138,8 +3834,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-flows-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["flows.knative.dev"] resources: ["*"] @@ -6150,8 +3848,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-sources-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["sources.knative.dev"] resources: ["*"] @@ -6162,8 +3862,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-bindings-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["bindings.knative.dev"] resources: ["*"] @@ -6175,7 +3877,9 @@ metadata: name: knative-eventing-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] resources: ["*"] @@ -6187,18 +3891,37 @@ metadata: name: knative-eventing-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] resources: ["*"] verbs: ["get", "list", "watch"] + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: knative-eventing-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6211,7 +3934,7 @@ rules: - "events" - "serviceaccounts" - "pods" - verbs: + verbs: &everything - "get" - "list" - "create" @@ -6219,36 +3942,26 @@ rules: - "delete" - "patch" - "watch" + # Brokers and the namespace annotation controllers manipulate Deployments. - apiGroups: - "apps" resources: - "deployments" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # PingSource controller manipulates Deployment owner reference - apiGroups: - "apps" resources: - "deployments/finalizers" verbs: - "update" + # The namespace annotation controller needs to manipulate RoleBindings. - apiGroups: - "rbac.authorization.k8s.io" resources: - "rolebindings" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Our own resources and statuses we care about. - apiGroups: - "eventing.knative.dev" resources: @@ -6258,14 +3971,8 @@ rules: - "triggers/status" - "eventtypes" - "eventtypes/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Eventing resources and finalizers we care about. - apiGroups: - "eventing.knative.dev" resources: @@ -6273,6 +3980,7 @@ rules: - "triggers/finalizers" verbs: - "update" + # Our own resources and statuses we care about. - apiGroups: - "messaging.knative.dev" resources: @@ -6284,14 +3992,8 @@ rules: - "parallels/status" - "subscriptions" - "subscriptions/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Flow resources and statuses we care about. - apiGroups: - "flows.knative.dev" resources: @@ -6299,14 +4001,8 @@ rules: - "sequences/status" - "parallels" - "parallels/status" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Messaging resources and finalizers we care about. - apiGroups: - "messaging.knative.dev" resources: @@ -6315,6 +4011,7 @@ rules: - "channels/finalizers" verbs: - "update" + # Flows resources and finalizers we care about. - apiGroups: - "flows.knative.dev" resources: @@ -6322,6 +4019,7 @@ rules: - "parallels/finalizers" verbs: - "update" + # The subscription controller needs to retrieve and watch CustomResourceDefinitions. - apiGroups: - "apiextensions.k8s.io" resources: @@ -6330,25 +4028,36 @@ rules: - "get" - "list" - "watch" + # For leader election - apiGroups: - "coordination.k8s.io" resources: - "leases" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: knative-eventing-pingsource-mt-adapter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6392,27 +4101,49 @@ rules: - create - update - patch + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: podspecable-binding labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: - matchLabels: duck.knative.dev/podspecable: "true" -rules: [] +rules: [] # Rules are automatically filled in by the controller manager. --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: builtin-podspecable-binding labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" duck.knative.dev/podspecable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "podspecable-binding role. rules: + # To patch the subjects of our bindings - apiGroups: - "apps" resources: @@ -6432,26 +4163,47 @@ rules: - "list" - "watch" - "patch" + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Use this aggregated ClusterRole when you need to read "Sources". apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: source-observer labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: - matchLabels: duck.knative.dev/source: "true" -rules: [] +rules: [] # Rules are automatically filled in by the controller manager. --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-sources-source-observer labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" duck.knative.dev/source: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "source-observer" role. rules: - apiGroups: - sources.knative.dev @@ -6464,13 +4216,30 @@ rules: - get - list - watch + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: knative-eventing-sources-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6478,7 +4247,7 @@ rules: - "secrets" - "configmaps" - "services" - verbs: + verbs: &everything - "get" - "list" - "create" @@ -6486,18 +4255,13 @@ rules: - "delete" - "patch" - "watch" + # Deployments admin - apiGroups: - "apps" resources: - "deployments" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Source resources and statuses we care about. - apiGroups: - "sources.knative.dev" resources: @@ -6513,64 +4277,58 @@ rules: - "containersources" - "containersources/status" - "containersources/finalizers" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Knative Services admin - apiGroups: - serving.knative.dev resources: - services - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # EventTypes admin - apiGroups: - eventing.knative.dev resources: - eventtypes - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Events admin - apiGroups: - "" resources: - events - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Authorization checker - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create + --- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: knative-eventing-webhook labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: + # For watching logging configuration and getting certs. - apiGroups: - "" resources: @@ -6579,6 +4337,7 @@ rules: - "get" - "list" - "watch" + # For manipulating certs into secrets. - apiGroups: - "" resources: @@ -6590,6 +4349,14 @@ rules: - "list" - "watch" - "patch" + # finalizers are needed for the owner reference of the webhook + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + # For getting our Deployment so we can decorate with ownerref. - apiGroups: - "apps" resources: @@ -6602,12 +4369,13 @@ rules: - "deployments/finalizers" verbs: - update + # For actually registering our webhook. - apiGroups: - "admissionregistration.k8s.io" resources: - "mutatingwebhookconfigurations" - "validatingwebhookconfigurations" - verbs: + verbs: &everything - "get" - "list" - "create" @@ -6615,44 +4383,52 @@ rules: - "delete" - "patch" - "watch" + # For running the SinkBinding reconciler. - apiGroups: - "sources.knative.dev" resources: - "sinkbindings" - "sinkbindings/status" - "sinkbindings/finalizers" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # For leader election - apiGroups: - "coordination.k8s.io" resources: - "leases" - verbs: - - "get" - - "list" - - "create" - - "update" - - "delete" - - "patch" - - "watch" + verbs: *everything + # Necessary for conversion webhook. These are copied from the serving + # TODO: Do we really need all these permissions? - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: knative-eventing name: knative-eventing-webhook labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: + # For manipulating certs into secrets. - apiGroups: - "" resources: @@ -6664,13 +4440,30 @@ rules: - "list" - "watch" - "patch" + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: config.webhook.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6685,13 +4478,30 @@ webhooks: - key: eventing.knative.dev/release operator: Exists timeoutSeconds: 10 + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: webhook.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6702,13 +4512,30 @@ webhooks: failurePolicy: Fail name: webhook.eventing.knative.dev timeoutSeconds: 10 + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6719,21 +4546,56 @@ webhooks: failurePolicy: Fail name: validation.webhook.eventing.knative.dev timeoutSeconds: 10 + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: Secret metadata: name: eventing-webhook-certs namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# The data is populated at install time. + --- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6744,5 +4606,5 @@ webhooks: sideEffects: None name: sinkbindings.webhook.sources.knative.dev timeoutSeconds: 10 ---- +--- diff --git a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml index 08df3fb3ee..1bf22fd2a7 100644 --- a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml +++ b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml @@ -1,268 +1,136 @@ +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 -kind: ConfigMap -metadata: - name: config-imc-event-dispatcher - namespace: knative-eventing - labels: - eventing.knative.dev/release: "v0.22.1" -data: - MaxIdleConnections: "1000" - MaxIdleConnectionsPerHost: "100" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-addressable-resolver - labels: - eventing.knative.dev/release: "v0.22.1" - duck.knative.dev/addressable: "true" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-channelable-manipulator - labels: - eventing.knative.dev/release: "v0.22.1" - duck.knative.dev/channelable: "true" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - create - - get - - list - - watch - - update - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Namespace metadata: - name: imc-controller + name: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - verbs: - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - "" - resources: - - services - - serviceaccounts - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - rolebindings - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - apps - resources: - - deployments - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + --- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: ServiceAccount metadata: name: imc-controller namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-dispatcher - labels: - eventing.knative.dev/release: "v0.22.1" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch ---- -apiVersion: v1 -kind: Service +kind: ClusterRoleBinding metadata: - name: imc-dispatcher - namespace: knative-eventing + name: imc-controller labels: - eventing.knative.dev/release: "v0.22.1" - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher -spec: - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - ports: - - name: http-dispatcher - port: 80 - protocol: TCP - targetPort: 8080 + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: imc-controller + apiGroup: rbac.authorization.k8s.io --- -apiVersion: v1 -kind: ServiceAccount +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: imc-dispatcher namespace: knative-eventing + name: imc-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: Role + name: knative-inmemorychannel-webhook + apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: imc-controller + name: imc-controller-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: imc-controller namespace: knative-eventing roleRef: kind: ClusterRole - name: imc-controller + name: addressable-resolver apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: imc-dispatcher labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: imc-dispatcher @@ -271,26 +139,472 @@ roleRef: kind: ClusterRole name: imc-dispatcher apiGroup: rbac.authorization.k8s.io + --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap metadata: - name: inmemorychannels.messaging.knative.dev + name: config-imc-event-dispatcher + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +data: + MaxIdleConnections: "1000" + MaxIdleConnectionsPerHost: "100" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "f46cf09d" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.request-metrics-backend-destination specifies the request metrics + # destination. If non-empty, it enables queue proxy to send request metrics. + # Currently supported values: prometheus, stackdriver. + metrics.request-metrics-backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. + # Setting this flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + + # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from + # the pods via an HTTP server in the format expected by the pprof visualization tool. When + # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. + # The HTTP context root for profiling is then /debug/pprof/. + profiling.enable: "false" + + # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating + # a failure to send a cloud event to the sink. + sink-event-error-reporting.enable: "false" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "0492ceb0" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # This may be "zipkin" or "none". the default is "none" + backend: "none" + + # URL to zipkin collector where traces are sent. + # This must be specified when backend is "zipkin" + zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" + + # Enable zipkin debug mode. This allows all spans to be sent to the server + # bypassing sampling. + debug: "false" + + # Percentage (0-1) of requests to trace + sample-rate: "0.1" + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: imc-controller + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/high-availability: "true" + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: &labels + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + template: + metadata: + labels: + !!merge <<: *labels + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: *labels + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: imc-controller + enableServiceLinks: false + containers: + - name: controller + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:bcf585877a32db79b651d2560f9ae9378de26ee5ac3a6d3e63b3159b3fec32d2 + env: + - name: WEBHOOK_NAME + value: inmemorychannel-webhook + - name: WEBHOOK_PORT + value: "8443" + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/inmemorychannel-controller + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DISPATCHER_IMAGE + value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:1bfe4a8b168449a65d87191a45b68ccece87cc73d5f8c3728dc07ab83fe71240 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: &probe + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + !!merge <<: *probe + initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + eventing.knative.dev/release: "v1.4.0" + name: inmemorychannel-webhook + namespace: knative-eventing +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +spec: + selector: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + ports: + - name: http-dispatcher + port: 80 + protocol: TCP + targetPort: 8080 + - name: http-metrics + port: 9090 + targetPort: 9090 + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + knative.dev/high-availability: "true" + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: &labels + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + template: + metadata: + labels: + !!merge <<: *labels + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: *labels + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: imc-dispatcher + enableServiceLinks: false + containers: + - name: dispatcher + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:1bfe4a8b168449a65d87191a45b68ccece87cc73d5f8c3728dc07ab83fe71240 + readinessProbe: &probe + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + !!merge <<: *probe + initialDelaySeconds: 5 + env: + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/inmemorychannel-dispatcher + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CONTAINER_NAME + value: dispatcher + - name: MAX_IDLE_CONNS + value: "1000" + - name: MAX_IDLE_CONNS_PER_HOST + value: "1000" + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 9090 + name: metrics + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: inmemorychannels.messaging.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" knative.dev/crd-install: "true" messaging.knative.dev/subscribable: "true" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: group: messaging.knative.dev versions: - - name: v1beta1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: openAPIV3Schema: + description: 'InMemoryChannel is a resource representing an in memory channel' type: object properties: spec: @@ -334,6 +648,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout subscribers: description: This is the list of subscriptions for this subscribable. type: array @@ -377,6 +692,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature generation: description: Generation of the origin of the subscriber with uid:UID. type: integer @@ -408,6 +724,9 @@ spec: type: array items: type: object + required: + - type + - status properties: lastTransitionTime: description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). @@ -443,6 +762,9 @@ spec: namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -479,201 +801,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string names: kind: InMemoryChannel plural: inmemorychannels @@ -686,143 +813,423 @@ spec: shortNames: - imc scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing + --- -apiVersion: apps/v1 -kind: Deployment +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-addressable-resolver + labels: + eventing.knative.dev/release: "v1.4.0" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-channelable-manipulator + labels: + eventing.knative.dev/release: "v1.4.0" + duck.knative.dev/channelable: "true" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: imc-controller - namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/high-availability: "true" -spec: - selector: - matchLabels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - template: - metadata: - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - spec: - serviceAccountName: imc-controller - enableServiceLinks: false - containers: - - name: controller - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:904f42a768a9bc64999e7302d2bc7c1c48a08e74a82355cf57be513e6a124b82 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-controller - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DISPATCHER_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:a6983f71c04619928199cc21e07ee6f1e1c87586621bc03b10c9ba1abd92bfa8 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + - update + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + verbs: + - update + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + - inmemorychannels/status + - inmemorychannels + verbs: + - patch + - apiGroups: + - "" + resources: + - services + - serviceaccounts + verbs: &everything + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - rolebindings + verbs: *everything + - apiGroups: + - apps + resources: + - deployments + verbs: *everything + - apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: *everything + # For actually registering our webhook. + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: &everything + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + # finalizers are needed for the owner reference of the webhook + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + --- -apiVersion: apps/v1 -kind: Deployment +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: imc-dispatcher + labels: + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + - apiGroups: + - "" # Core API group. + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + # Updates the finalizer so we can remove our handlers when channel is deleted + # Patches the status.subscribers to reflect when the subscription dataplane has been + # configured. + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + - inmemorychannels/status + - inmemorychannels + verbs: + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: namespace: knative-eventing + name: knative-inmemorychannel-webhook labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/high-availability: "true" -spec: - selector: - matchLabels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - template: - metadata: - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-dispatcher - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:a6983f71c04619928199cc21e07ee6f1e1c87586621bc03b10c9ba1abd92bfa8 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - initialDelaySeconds: 5 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-dispatcher - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CONTAINER_NAME - value: dispatcher - - name: MAX_IDLE_CONNS - value: "1000" - - name: MAX_IDLE_CONNS_PER_HOST - value: "1000" - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9090 - name: metrics + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +rules: + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + --- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: inmemorychannel.eventing.knative.dev + labels: + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: inmemorychannel-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: inmemorychannel.eventing.knative.dev + timeoutSeconds: 10 +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.inmemorychannel.eventing.knative.dev + labels: + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: inmemorychannel-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: validation.inmemorychannel.eventing.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: inmemorychannel-webhook-certs + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing +# The data is populated at install time. + +--- diff --git a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml index 86d80f2a85..949757e5f4 100644 --- a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml +++ b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml @@ -1,10 +1,26 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: knative-eventing-mt-channel-broker-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: + # Configs resources and status we care about. - apiGroups: - "" resources: @@ -23,13 +39,29 @@ rules: - "delete" - "patch" - "watch" + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: knative-eventing-mt-broker-filter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - eventing.knative.dev @@ -48,21 +80,53 @@ rules: - get - list - watch + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: mt-broker-filter namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: knative-eventing-mt-broker-ingress labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - eventing.knative.dev @@ -80,21 +144,54 @@ rules: - get - list - watch + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: mt-broker-ingress namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: eventing-mt-channel-broker-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -103,13 +200,30 @@ roleRef: kind: ClusterRole name: knative-eventing-mt-channel-broker-controller apiGroup: rbac.authorization.k8s.io + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-eventing-mt-broker-filter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: mt-broker-filter @@ -118,13 +232,30 @@ roleRef: kind: ClusterRole name: knative-eventing-mt-broker-filter apiGroup: rbac.authorization.k8s.io + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-eventing-mt-broker-ingress labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: mt-broker-ingress @@ -133,14 +264,32 @@ roleRef: kind: ClusterRole name: knative-eventing-mt-broker-ingress apiGroup: rbac.authorization.k8s.io + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: mt-broker-filter namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -149,15 +298,18 @@ spec: metadata: labels: eventing.knative.dev/brokerRole: filter - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: serviceAccountName: mt-broker-filter enableServiceLinks: false containers: - name: filter terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:0e25aa1613a3a1779b3f7b7f863e651e5f37520a7f6808ccad2164cc2b6a9b12 - readinessProbe: + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:426797eae80ce0b759701ed5aa70571bf10a8fd1d459b6d1da3b6ea7bd320280 + readinessProbe: &probe failureThreshold: 3 httpGet: path: /healthz @@ -167,14 +319,7 @@ spec: successThreshold: 1 timeoutSeconds: 1 livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 + !!merge <<: *probe initialDelaySeconds: 5 resources: requests: @@ -215,13 +360,21 @@ spec: value: "8080" securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all --- apiVersion: v1 kind: Service metadata: labels: eventing.knative.dev/brokerRole: filter - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing name: broker-filter namespace: knative-eventing spec: @@ -236,14 +389,32 @@ spec: targetPort: 9092 selector: eventing.knative.dev/brokerRole: filter + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: mt-broker-ingress namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -252,15 +423,18 @@ spec: metadata: labels: eventing.knative.dev/brokerRole: ingress - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: serviceAccountName: mt-broker-ingress enableServiceLinks: false containers: - name: ingress terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:cf579f88aa2a37c240e25bb886c1ef5404e326e12c7caf571e49308612243eee - readinessProbe: + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:e53c0774a9f95506566c2cee91437df5c69effa314afcd699610a34e12bd9595 + readinessProbe: &probe failureThreshold: 3 httpGet: path: /healthz @@ -270,14 +444,7 @@ spec: successThreshold: 1 timeoutSeconds: 1 livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 + !!merge <<: *probe initialDelaySeconds: 5 resources: requests: @@ -318,13 +485,21 @@ spec: value: "8080" securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all --- apiVersion: v1 kind: Service metadata: labels: eventing.knative.dev/brokerRole: ingress - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing name: broker-ingress namespace: knative-eventing spec: @@ -339,14 +514,32 @@ spec: targetPort: 9092 selector: eventing.knative.dev/brokerRole: ingress + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: name: mt-broker-controller namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: mt-broker-controller + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -355,8 +548,12 @@ spec: metadata: labels: app: mt-broker-controller - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-controller + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -371,7 +568,7 @@ spec: containers: - name: mt-broker-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:a2678934d280ea19b0804cc7757d559a0312e2acea221b17a99bd830cd9eeaac + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:c0b3b21bdf2694d68e5eeaf20d2052a901173e929055a78815aa03c08f0c386f resources: requests: cpu: 100m @@ -387,27 +584,48 @@ spec: value: config-observability - name: METRICS_DOMAIN value: knative.dev/eventing - - name: BROKER_INJECTION_DEFAULT - value: "false" - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 - name: profiling containerPort: 8008 + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: broker-ingress-hpa namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: apiVersion: apps/v1 @@ -429,7 +647,10 @@ metadata: name: broker-filter-hpa namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.4.0" + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.4.0" + app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: apiVersion: apps/v1 @@ -444,5 +665,5 @@ spec: target: type: Utilization averageUtilization: 70 ---- +--- From 3be1887a4401845fedade963a183e89a50e82f35 Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:57:41 +0300 Subject: [PATCH 08/10] knative-eventing: Remove comments Signed-off-by: Kimonas Sotirchos --- .../base/upstream/eventing-core.yaml | 355 +++--------------- .../base/upstream/in-memory-channel.yaml | 132 +------ .../base/upstream/mt-channel-broker.yaml | 101 +---- 3 files changed, 81 insertions(+), 507 deletions(-) diff --git a/common/knative/knative-eventing/base/upstream/eventing-core.yaml b/common/knative/knative-eventing/base/upstream/eventing-core.yaml index 06b410cf4a..6330da95b7 100644 --- a/common/knative/knative-eventing/base/upstream/eventing-core.yaml +++ b/common/knative/knative-eventing/base/upstream/eventing-core.yaml @@ -1,16 +1,3 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: v1 kind: Namespace metadata: @@ -19,8 +6,6 @@ metadata: eventing.knative.dev/release: "v1.4.0" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,7 +19,7 @@ metadata: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -129,8 +114,6 @@ roleRef: kind: ClusterRole name: channelable-manipulator apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -144,7 +127,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -171,8 +154,6 @@ roleRef: kind: ClusterRole name: knative-eventing-pingsource-mt-adapter apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -186,7 +167,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -265,8 +246,6 @@ roleRef: kind: ClusterRole name: podspecable-binding apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -280,7 +259,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -294,8 +273,6 @@ data: channel-template-spec: | apiVersion: messaging.knative.dev/v1 kind: InMemoryChannel - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -309,7 +286,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -320,7 +297,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing data: - # Configures the default for any Broker that does not specify a spec.config or Broker class. default-br-config: | clusterDefault: brokerClass: MTChannelBasedBroker @@ -332,8 +308,6 @@ data: retry: 10 backoffPolicy: exponential backoffDelay: PT0.2S - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -347,7 +321,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -358,7 +332,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing data: - # Configuration for defaulting channels that do not specify CRD implementations. default-ch-config: | clusterDefault: apiVersion: messaging.knative.dev/v1 @@ -367,8 +340,6 @@ data: some-namespace: apiVersion: messaging.knative.dev/v1 kind: InMemoryChannel - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -382,7 +353,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -414,8 +385,6 @@ data: # Max number of bytes allowed to be sent for message excluding any # base64 decoding. Default is no limit set for data data-max-size: -1 - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -429,7 +398,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -442,27 +411,12 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing data: - # ALPHA feature: The kreference-group allows you to use the Group field in KReferences. - # For more details: https://github.com/knative/eventing/issues/5086 kreference-group: "disabled" - # ALPHA feature: The delivery-retryafter allows you to use the RetryAfter field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5811 delivery-retryafter: "disabled" - # ALPHA feature: The delivery-timeout allows you to use the Timeout field in DeliverySpec. - # For more details: https://github.com/knative/eventing/issues/5148 delivery-timeout: "disabled" - # ALPHA feature: The kreference-mapping allows you to map kreference onto templated URI - # For more details: https://github.com/knative/eventing/issues/5593 kreference-mapping: "disabled" - # ALPHA feature: The subscriber-strict flag force subscriptions to define a subscriber - # For more details: https://github.com/knative/eventing/issues/5756 strict-subscriber: "disabled" - # ALPHA feature: The new-trigger-filters flag allows you to use the new `filters` field - # in Trigger objects with its rich filtering capabilities. - # For more details: https://github.com/knative/eventing/issues/5204 new-trigger-filters: "disabled" - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -476,7 +430,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -510,8 +464,6 @@ data: # - UID: reference UID # # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -525,7 +477,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -572,8 +524,6 @@ data: # bucket will take care of the reconciling for the keys partitioned into # that bucket. buckets: "1" - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -587,7 +537,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -600,7 +550,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing data: - # Common configuration for all Knative codebase zap-logger-config: | { "level": "info", @@ -622,12 +571,8 @@ data: "callerEncoder": "" } } - # Log level overrides - # For all components changes are be picked up immediately. loglevel.controller: "info" loglevel.webhook: "info" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -641,7 +586,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -703,8 +648,6 @@ data: # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating # a failure to send a cloud event to the sink. sink-event-error-reporting.enable: "false" - ---- # Copyright 2022 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -718,7 +661,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -761,8 +704,6 @@ data: # Use an empty object to enable for all triggers trigger-selector: {} - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -776,7 +717,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -819,8 +760,6 @@ data: # Percentage (0-1) of requests to trace sample-rate: "0.1" - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -834,7 +773,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -859,7 +798,6 @@ spec: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -890,23 +828,12 @@ spec: value: config-observability - name: METRICS_DOMAIN value: knative.dev/eventing - # APIServerSource - name: APISERVER_RA_IMAGE value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:908675367940cb9a46ca7d30d92ce85540d9143b8253ba443eb8a32e86d33bec - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - ## Adapter settings - # - name: K_LOGGING_CONFIG - # value: '' - # - name: K_LEADER_ELECTION_CONFIG - # value: '' - # - name: K_NO_SHUTDOWN_AFTER - # value: '' - ## Time in seconds the adapter will wait for the sink to respond. Default is no timeout - # - name: K_SINK_TIMEOUT - # value: '' securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -919,8 +846,6 @@ spec: containerPort: 9090 - name: profiling containerPort: 8008 - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -934,7 +859,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -946,7 +871,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing spec: - # when set to 0 (and only 0) will be set to 1 when the first PingSource is created. replicas: 0 selector: matchLabels: &labels @@ -980,8 +904,6 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - # DO NOT MODIFY: The values below are being filled by the ping source controller - # See 500-controller.yaml - name: K_METRICS_CONFIG value: '' - name: K_LOGGING_CONFIG @@ -1015,8 +937,6 @@ spec: drop: - all serviceAccountName: pingsource-mt-adapter - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1030,7 +950,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: @@ -1056,7 +976,6 @@ spec: type: Utilization averageUtilization: 100 --- -# Webhook PDB. apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: @@ -1072,8 +991,6 @@ spec: selector: matchLabels: app: eventing-webhook - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1087,7 +1004,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1112,7 +1029,6 @@ spec: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -1127,16 +1043,12 @@ spec: containers: - name: eventing-webhook terminationMessagePolicy: FallbackToLogsOnError - # This is the Go import path for the binary that is containerized - # and substituted here. image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:cbc6ee9181614a76bedd67b8f10250566a4e448e07f25da888dde3ed4f7670fb resources: requests: - # taken from serving. cpu: 100m memory: 50Mi limits: - # taken from serving. cpu: 200m memory: 200Mi env: @@ -1152,13 +1064,6 @@ spec: value: eventing-webhook - name: WEBHOOK_PORT value: "8443" - # SINK_BINDING_SELECTION_MODE specifies the NamespaceSelector and ObjectSelector - # for the sinkbinding webhook. - # If `inclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/include:true` - # will be considered by the sinkbinding webhook; - # If `exclusion` is selected, namespaces/objects labelled as `bindings.knative.dev/exclude:true` - # will NOT be considered by the sinkbinding webhook. - # The default is `exclusion`. - name: SINK_BINDING_SELECTION_MODE value: "exclusion" - name: POD_NAME @@ -1190,8 +1095,6 @@ spec: livenessProbe: !!merge <<: *probe initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. terminationGracePeriodSeconds: 300 --- apiVersion: v1 @@ -1212,8 +1115,6 @@ spec: targetPort: 8443 selector: role: eventing-webhook - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1227,7 +1128,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1240,7 +1141,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions registry.knative.dev/eventTypes: | [ { "type": "dev.knative.apiserver.resource.add" }, @@ -1428,8 +1328,6 @@ spec: plural: apiserversources singular: apiserversource scope: Namespaced - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1443,7 +1341,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1524,7 +1422,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + x-kubernetes-preserve-unknown-fields: true status: description: Status represents the current state of the Broker. This data may be out of date. type: object @@ -1595,8 +1493,6 @@ spec: - knative - eventing scope: Namespaced - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1610,7 +1506,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1703,7 +1599,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + x-kubernetes-preserve-unknown-fields: true subscribers: description: This is the list of subscriptions for this subscribable. type: array @@ -1747,7 +1643,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + x-kubernetes-preserve-unknown-fields: true generation: description: Generation of the origin of the subscriber with uid:UID. type: integer @@ -1871,8 +1767,6 @@ spec: shortNames: - ch scope: Namespaced - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1886,7 +1780,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1945,7 +1839,6 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string - # WARNING: the schema tool can not parse PodTemplateSpec, stub here and redirect to Deployment documentation. template: type: object x-kubernetes-preserve-unknown-fields: true @@ -2025,21 +1918,7 @@ spec: plural: containersources singular: containersource scope: Namespaced - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2138,7 +2017,6 @@ spec: - name: Description type: string jsonPath: ".spec.description" - # TODO remove Status https://github.com/knative/eventing/issues/2750 - name: Ready type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" @@ -2154,21 +2032,7 @@ spec: - knative - eventing scope: Namespaced - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2240,7 +2104,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + x-kubernetes-preserve-unknown-fields: true filter: description: Filter is the expression guarding the branch type: object @@ -2409,8 +2273,6 @@ spec: - knative - flows scope: Namespaced - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -2424,7 +2286,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2436,7 +2298,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing annotations: - # TODO add schemas and descriptions registry.knative.dev/eventTypes: | [ { "type": "dev.knative.sources.ping" } @@ -2582,7 +2443,6 @@ spec: name: v1 served: true storage: true - # v1 schema is identical to the v1beta2 schema names: categories: - all @@ -2600,21 +2460,7 @@ spec: service: name: eventing-webhook namespace: knative-eventing - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2722,7 +2568,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + x-kubernetes-preserve-unknown-fields: true ref: description: Ref points to an Addressable. type: object @@ -2920,8 +2766,6 @@ spec: - knative - flows scope: Namespaced - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -2935,7 +2779,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3112,21 +2956,7 @@ spec: plural: sinkbindings singular: sinkbinding scope: Namespaced - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3165,7 +2995,7 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + x-kubernetes-preserve-unknown-fields: true delivery: description: Delivery configuration type: object @@ -3203,7 +3033,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + x-kubernetes-preserve-unknown-fields: true reply: description: Reply specifies (optionally) how to handle events returned from the Subscriber target. type: object @@ -3247,7 +3077,7 @@ spec: namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + x-kubernetes-preserve-unknown-fields: true uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string @@ -3323,8 +3153,6 @@ spec: shortNames: - sub scope: Namespaced - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3338,7 +3166,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3388,7 +3216,7 @@ spec: delivery: description: Delivery contains the delivery spec for this specific trigger. type: object - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + x-kubernetes-preserve-unknown-fields: true properties: backoffDelay: description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' @@ -3508,8 +3336,6 @@ spec: - knative - eventing scope: Namespaced - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3523,8 +3349,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "Addressables" +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -3537,7 +3362,7 @@ aggregationRule: clusterRoleSelectors: - matchLabels: duck.knative.dev/addressable: "true" -rules: [] # Rules are automatically filled in by the controller manager. +rules: [] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -3548,7 +3373,6 @@ metadata: duck.knative.dev/addressable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - "" @@ -3568,7 +3392,6 @@ metadata: duck.knative.dev/addressable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - serving.knative.dev @@ -3591,7 +3414,6 @@ metadata: duck.knative.dev/addressable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - messaging.knative.dev @@ -3618,7 +3440,6 @@ metadata: duck.knative.dev/addressable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - eventing.knative.dev @@ -3639,7 +3460,6 @@ metadata: duck.knative.dev/addressable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - flows.knative.dev @@ -3652,8 +3472,6 @@ rules: - get - list - watch - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3667,7 +3485,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -3730,8 +3548,6 @@ rules: - "get" - "list" - "watch" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3745,8 +3561,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Use this aggregated ClusterRole when you need read and update permissions on "Channelables". +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -3759,7 +3574,7 @@ aggregationRule: clusterRoleSelectors: - matchLabels: duck.knative.dev/channelable: "true" -rules: [] # Rules are automatically filled in by the controller manager. +rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -3770,7 +3585,6 @@ metadata: duck.knative.dev/channelable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: - apiGroups: - messaging.knative.dev @@ -3785,8 +3599,6 @@ rules: - update - patch - delete - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3800,7 +3612,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -3898,8 +3710,6 @@ rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] resources: ["*"] verbs: ["get", "list", "watch"] - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3913,7 +3723,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -3942,26 +3752,22 @@ rules: - "delete" - "patch" - "watch" - # Brokers and the namespace annotation controllers manipulate Deployments. - apiGroups: - "apps" resources: - "deployments" verbs: *everything - # PingSource controller manipulates Deployment owner reference - apiGroups: - "apps" resources: - "deployments/finalizers" verbs: - "update" - # The namespace annotation controller needs to manipulate RoleBindings. - apiGroups: - "rbac.authorization.k8s.io" resources: - "rolebindings" verbs: *everything - # Our own resources and statuses we care about. - apiGroups: - "eventing.knative.dev" resources: @@ -3972,7 +3778,6 @@ rules: - "eventtypes" - "eventtypes/status" verbs: *everything - # Eventing resources and finalizers we care about. - apiGroups: - "eventing.knative.dev" resources: @@ -3980,7 +3785,6 @@ rules: - "triggers/finalizers" verbs: - "update" - # Our own resources and statuses we care about. - apiGroups: - "messaging.knative.dev" resources: @@ -3993,7 +3797,6 @@ rules: - "subscriptions" - "subscriptions/status" verbs: *everything - # Flow resources and statuses we care about. - apiGroups: - "flows.knative.dev" resources: @@ -4002,7 +3805,6 @@ rules: - "parallels" - "parallels/status" verbs: *everything - # Messaging resources and finalizers we care about. - apiGroups: - "messaging.knative.dev" resources: @@ -4011,7 +3813,6 @@ rules: - "channels/finalizers" verbs: - "update" - # Flows resources and finalizers we care about. - apiGroups: - "flows.knative.dev" resources: @@ -4019,7 +3820,6 @@ rules: - "parallels/finalizers" verbs: - "update" - # The subscription controller needs to retrieve and watch CustomResourceDefinitions. - apiGroups: - "apiextensions.k8s.io" resources: @@ -4028,14 +3828,11 @@ rules: - "get" - "list" - "watch" - # For leader election - apiGroups: - "coordination.k8s.io" resources: - "leases" verbs: *everything - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4049,7 +3846,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -4101,8 +3898,6 @@ rules: - create - update - patch - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4116,8 +3911,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Use this aggregated ClusterRole when you need readonly access to "PodSpecables" +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -4130,7 +3924,7 @@ aggregationRule: clusterRoleSelectors: - matchLabels: duck.knative.dev/podspecable: "true" -rules: [] # Rules are automatically filled in by the controller manager. +rules: [] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -4141,9 +3935,7 @@ metadata: duck.knative.dev/podspecable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "podspecable-binding role. rules: - # To patch the subjects of our bindings - apiGroups: - "apps" resources: @@ -4163,8 +3955,6 @@ rules: - "list" - "watch" - "patch" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4178,8 +3968,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Use this aggregated ClusterRole when you need to read "Sources". +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -4192,7 +3981,7 @@ aggregationRule: clusterRoleSelectors: - matchLabels: duck.knative.dev/source: "true" -rules: [] # Rules are automatically filled in by the controller manager. +rules: [] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -4203,7 +3992,6 @@ metadata: duck.knative.dev/source: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "source-observer" role. rules: - apiGroups: - sources.knative.dev @@ -4216,8 +4004,6 @@ rules: - get - list - watch - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4231,7 +4017,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -4255,13 +4041,11 @@ rules: - "delete" - "patch" - "watch" - # Deployments admin - apiGroups: - "apps" resources: - "deployments" verbs: *everything - # Source resources and statuses we care about. - apiGroups: - "sources.knative.dev" resources: @@ -4278,33 +4062,27 @@ rules: - "containersources/status" - "containersources/finalizers" verbs: *everything - # Knative Services admin - apiGroups: - serving.knative.dev resources: - services verbs: *everything - # EventTypes admin - apiGroups: - eventing.knative.dev resources: - eventtypes verbs: *everything - # Events admin - apiGroups: - "" resources: - events verbs: *everything - # Authorization checker - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4318,7 +4096,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -4328,7 +4106,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing rules: - # For watching logging configuration and getting certs. - apiGroups: - "" resources: @@ -4337,7 +4114,6 @@ rules: - "get" - "list" - "watch" - # For manipulating certs into secrets. - apiGroups: - "" resources: @@ -4349,14 +4125,12 @@ rules: - "list" - "watch" - "patch" - # finalizers are needed for the owner reference of the webhook - apiGroups: - "" resources: - "namespaces/finalizers" verbs: - "update" - # For getting our Deployment so we can decorate with ownerref. - apiGroups: - "apps" resources: @@ -4369,7 +4143,6 @@ rules: - "deployments/finalizers" verbs: - update - # For actually registering our webhook. - apiGroups: - "admissionregistration.k8s.io" resources: @@ -4383,7 +4156,6 @@ rules: - "delete" - "patch" - "watch" - # For running the SinkBinding reconciler. - apiGroups: - "sources.knative.dev" resources: @@ -4391,19 +4163,14 @@ rules: - "sinkbindings/status" - "sinkbindings/finalizers" verbs: *everything - # For leader election - apiGroups: - "coordination.k8s.io" resources: - "leases" verbs: *everything - # Necessary for conversion webhook. These are copied from the serving - # TODO: Do we really need all these permissions? - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4417,7 +4184,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -4428,7 +4195,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing rules: - # For manipulating certs into secrets. - apiGroups: - "" resources: @@ -4440,8 +4206,6 @@ rules: - "list" - "watch" - "patch" - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4455,7 +4219,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -4478,8 +4242,6 @@ webhooks: - key: eventing.knative.dev/release operator: Exists timeoutSeconds: 10 - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4493,7 +4255,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -4512,8 +4274,6 @@ webhooks: failurePolicy: Fail name: webhook.eventing.knative.dev timeoutSeconds: 10 - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4527,7 +4287,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -4546,8 +4306,6 @@ webhooks: failurePolicy: Fail name: validation.webhook.eventing.knative.dev timeoutSeconds: 10 - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4561,7 +4319,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: Secret metadata: @@ -4571,9 +4329,6 @@ metadata: eventing.knative.dev/release: "v1.4.0" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - ---- # Copyright 2018 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4587,7 +4342,7 @@ metadata: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -4606,5 +4361,5 @@ webhooks: sideEffects: None name: sinkbindings.webhook.sources.knative.dev timeoutSeconds: 10 - --- + diff --git a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml index 1bf22fd2a7..4c13950b10 100644 --- a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml +++ b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml @@ -1,17 +1,3 @@ -# Copyright 2021 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - apiVersion: v1 kind: Namespace metadata: @@ -20,8 +6,6 @@ metadata: eventing.knative.dev/release: "v1.4.0" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,7 +19,7 @@ metadata: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -97,8 +81,6 @@ roleRef: kind: ClusterRole name: addressable-resolver apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -112,7 +94,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -139,8 +121,6 @@ roleRef: kind: ClusterRole name: imc-dispatcher apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -154,7 +134,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -168,8 +148,6 @@ metadata: data: MaxIdleConnections: "1000" MaxIdleConnectionsPerHost: "100" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -183,7 +161,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -245,8 +223,6 @@ data: # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating # a failure to send a cloud event to the sink. sink-event-error-reporting.enable: "false" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -260,7 +236,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: ConfigMap metadata: @@ -303,8 +279,6 @@ data: # Percentage (0-1) of requests to trace sample-rate: "0.1" - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -318,7 +292,7 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -402,8 +376,6 @@ spec: livenessProbe: !!merge <<: *probe initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. terminationGracePeriodSeconds: 300 --- apiVersion: v1 @@ -430,21 +402,7 @@ spec: selector: messaging.knative.dev/channel: in-memory-channel messaging.knative.dev/role: controller - --- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: v1 kind: Service metadata: @@ -469,8 +427,6 @@ spec: - name: http-metrics port: 9090 targetPort: 9090 - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -484,7 +440,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -568,21 +524,7 @@ spec: capabilities: drop: - all - --- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -648,7 +590,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature delivery-timeout + x-kubernetes-preserve-unknown-fields: true subscribers: description: This is the list of subscriptions for this subscribable. type: array @@ -692,7 +634,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - x-kubernetes-preserve-unknown-fields: true # This is necessary to enable the experimental feature + x-kubernetes-preserve-unknown-fields: true generation: description: Generation of the origin of the subscriber with uid:UID. type: integer @@ -813,8 +755,6 @@ spec: shortNames: - imc scope: Namespaced - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -828,7 +768,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -838,7 +778,6 @@ metadata: duck.knative.dev/addressable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. rules: - apiGroups: - messaging.knative.dev @@ -849,8 +788,6 @@ rules: - get - list - watch - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -864,7 +801,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -874,7 +811,6 @@ metadata: duck.knative.dev/channelable: "true" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. rules: - apiGroups: - messaging.knative.dev @@ -889,8 +825,6 @@ rules: - update - patch - delete - ---- # Copyright 2019 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -904,7 +838,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -996,7 +930,6 @@ rules: resources: - leases verbs: *everything - # For actually registering our webhook. - apiGroups: - "admissionregistration.k8s.io" resources: @@ -1010,7 +943,6 @@ rules: - "delete" - "patch" - "watch" - # For manipulating certs into secrets. - apiGroups: - "" resources: @@ -1022,28 +954,13 @@ rules: - "list" - "watch" - "patch" - # finalizers are needed for the owner reference of the webhook - apiGroups: - "" resources: - "namespaces/finalizers" verbs: - "update" - --- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1063,7 +980,7 @@ rules: - list - watch - apiGroups: - - "" # Core API group. + - "" resources: - configmaps verbs: @@ -1077,9 +994,6 @@ rules: verbs: - create - patch - # Updates the finalizer so we can remove our handlers when channel is deleted - # Patches the status.subscribers to reflect when the subscription dataplane has been - # configured. - apiGroups: - messaging.knative.dev resources: @@ -1099,8 +1013,6 @@ rules: - create - update - patch - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1114,7 +1026,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -1125,7 +1037,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing rules: - # For manipulating certs into secrets. - apiGroups: - "" resources: @@ -1137,8 +1048,6 @@ rules: - "list" - "watch" - "patch" - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1152,7 +1061,7 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -1171,8 +1080,6 @@ webhooks: failurePolicy: Fail name: inmemorychannel.eventing.knative.dev timeoutSeconds: 10 - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1186,7 +1093,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -1205,8 +1112,6 @@ webhooks: failurePolicy: Fail name: validation.inmemorychannel.eventing.knative.dev timeoutSeconds: 10 - ---- # Copyright 2021 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -1220,7 +1125,7 @@ webhooks: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v1 kind: Secret metadata: @@ -1230,6 +1135,5 @@ metadata: eventing.knative.dev/release: "v1.4.0" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing -# The data is populated at install time. - --- + diff --git a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml index 949757e5f4..fa9bb034fb 100644 --- a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml +++ b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml @@ -1,16 +1,3 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -20,7 +7,6 @@ metadata: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing rules: - # Configs resources and status we care about. - apiGroups: - "" resources: @@ -39,21 +25,7 @@ rules: - "delete" - "patch" - "watch" - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -80,21 +52,7 @@ rules: - get - list - watch - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: @@ -104,21 +62,7 @@ metadata: eventing.knative.dev/release: "v1.4.0" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,21 +88,7 @@ rules: - get - list - watch - --- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: @@ -168,8 +98,6 @@ metadata: eventing.knative.dev/release: "v1.4.0" app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -183,7 +111,7 @@ metadata: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -200,8 +128,6 @@ roleRef: kind: ClusterRole name: knative-eventing-mt-channel-broker-controller apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -215,7 +141,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -232,8 +158,6 @@ roleRef: kind: ClusterRole name: knative-eventing-mt-broker-filter apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -247,7 +171,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -264,8 +188,6 @@ roleRef: kind: ClusterRole name: knative-eventing-mt-broker-ingress apiGroup: rbac.authorization.k8s.io - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -279,7 +201,7 @@ roleRef: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -389,8 +311,6 @@ spec: targetPort: 9092 selector: eventing.knative.dev/brokerRole: filter - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -404,7 +324,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -514,8 +434,6 @@ spec: targetPort: 9092 selector: eventing.knative.dev/brokerRole: ingress - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -529,7 +447,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -553,7 +471,6 @@ spec: app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -600,8 +517,6 @@ spec: containerPort: 9090 - name: profiling containerPort: 8008 - ---- # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -615,7 +530,7 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: @@ -665,5 +580,5 @@ spec: target: type: Utilization averageUtilization: 70 - --- + From 1b83460f7c9b6de6c0c873d40a0961a5fb171853 Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 13:58:22 +0300 Subject: [PATCH 09/10] knative-eventing: Remove anchors Signed-off-by: Kimonas Sotirchos --- .../base/eventing-post-install-jobs.yaml | 1 + .../base/upstream/eventing-core.yaml | 506 ++++++++++++++++-- .../base/upstream/in-memory-channel.yaml | 67 ++- .../base/upstream/mt-channel-broker.yaml | 22 +- 4 files changed, 537 insertions(+), 59 deletions(-) diff --git a/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml b/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml index e69de29bb2..8b13789179 100644 --- a/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml +++ b/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml @@ -0,0 +1 @@ + diff --git a/common/knative/knative-eventing/base/upstream/eventing-core.yaml b/common/knative/knative-eventing/base/upstream/eventing-core.yaml index 6330da95b7..26a7004b24 100644 --- a/common/knative/knative-eventing/base/upstream/eventing-core.yaml +++ b/common/knative/knative-eventing/base/upstream/eventing-core.yaml @@ -873,13 +873,14 @@ metadata: spec: replicas: 0 selector: - matchLabels: &labels + matchLabels: eventing.knative.dev/source: ping-source-controller sources.knative.dev/role: adapter template: metadata: labels: - !!merge <<: *labels + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter eventing.knative.dev/release: "v1.4.0" app.kubernetes.io/component: pingsource-mt-adapter app.kubernetes.io/version: "1.4.0" @@ -890,7 +891,9 @@ spec: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: - matchLabels: *labels + matchLabels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter topologyKey: kubernetes.io/hostname weight: 100 enableServiceLinks: false @@ -1017,13 +1020,14 @@ metadata: app.kubernetes.io/name: knative-eventing spec: selector: - matchLabels: &labels + matchLabels: app: eventing-webhook role: eventing-webhook template: metadata: labels: - !!merge <<: *labels + app: eventing-webhook + role: eventing-webhook eventing.knative.dev/release: "v1.4.0" app.kubernetes.io/component: eventing-webhook app.kubernetes.io/version: "1.4.0" @@ -1084,7 +1088,7 @@ spec: containerPort: 9090 - name: profiling containerPort: 8008 - readinessProbe: &probe + readinessProbe: periodSeconds: 1 httpGet: scheme: HTTPS @@ -1093,7 +1097,13 @@ spec: - name: k-kubelet-probe value: "webhook" livenessProbe: - !!merge <<: *probe + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" initialDelaySeconds: 20 terminationGracePeriodSeconds: 300 --- @@ -2080,7 +2090,7 @@ spec: deadLetterSink: description: DeadLetterSink is the sink receiving event that could not be sent to a destination. type: object - properties: &addressableProperties + properties: ref: description: Ref points to an Addressable. type: object @@ -2109,17 +2119,71 @@ spec: description: Filter is the expression guarding the branch type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string reply: description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string subscriber: description: Subscriber receiving the event when the filter passes type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string channelTemplate: description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). type: object @@ -2138,7 +2202,25 @@ spec: description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply type: object properties: - !!merge <<: *addressableProperties + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string status: description: Status represents the current state of the Parallel. This data may be out of date. type: object @@ -2161,11 +2243,11 @@ spec: filterChannelStatus: description: FilterChannelStatus corresponds to the filter channel status. type: object - properties: &channelProperties + properties: channel: description: Channel is the reference to the underlying channel. type: object - properties: &referentProperties + properties: apiVersion: description: API version of the referent. type: string @@ -2191,7 +2273,7 @@ spec: description: ReadyCondition indicates whether the Channel is ready or not. type: object x-kubernetes-preserve-unknown-fields: true - properties: &readyConditionProperties + properties: message: description: A human readable message indicating details about the transition. type: string @@ -2215,12 +2297,46 @@ spec: description: ReadyCondition indicates whether the Subscription is ready or not. type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string subscription: description: Subscription is the reference to the underlying Subscription. type: object properties: - !!merge <<: *referentProperties + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string subscriberSubscriptionStatus: description: SubscriptionStatus corresponds to the subscriber subscription status. type: object @@ -2229,24 +2345,116 @@ spec: description: ReadyCondition indicates whether the Subscription is ready or not. type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string subscription: description: Subscription is the reference to the underlying Subscription. type: object properties: - !!merge <<: *referentProperties + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string conditions: description: Conditions the latest available observations of a resource's current state. type: array items: type: object properties: - !!merge <<: *readyConditionProperties + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string ingressChannelStatus: description: IngressChannelStatus corresponds to the ingress channel status. type: object properties: - !!merge <<: *channelProperties + channel: + description: Channel is the reference to the underlying channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -2306,8 +2514,7 @@ metadata: spec: group: sources.knative.dev versions: - - &version - name: v1beta2 + - name: v1beta2 served: true storage: false subresources: @@ -2439,7 +2646,135 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version + - subresources: + status: {} + schema: + openAPIV3Schema: + type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' + properties: + spec: + type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' + properties: + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + type: object + properties: + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + type: object + additionalProperties: + type: string + x-kubernetes-preserve-unknown-fields: true + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + type: object + properties: + ref: + description: 'Ref points to an Addressable.' + type: object + properties: + apiVersion: + description: 'API version of the referent.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + type: string + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string + status: + type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' + properties: + annotations: + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" name: v1 served: true storage: true @@ -3744,7 +4079,7 @@ rules: - "events" - "serviceaccounts" - "pods" - verbs: &everything + verbs: - "get" - "list" - "create" @@ -3756,7 +4091,14 @@ rules: - "apps" resources: - "deployments" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - "apps" resources: @@ -3767,7 +4109,14 @@ rules: - "rbac.authorization.k8s.io" resources: - "rolebindings" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - "eventing.knative.dev" resources: @@ -3777,7 +4126,14 @@ rules: - "triggers/status" - "eventtypes" - "eventtypes/status" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - "eventing.knative.dev" resources: @@ -3796,7 +4152,14 @@ rules: - "parallels/status" - "subscriptions" - "subscriptions/status" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - "flows.knative.dev" resources: @@ -3804,7 +4167,14 @@ rules: - "sequences/status" - "parallels" - "parallels/status" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - "messaging.knative.dev" resources: @@ -3832,7 +4202,14 @@ rules: - "coordination.k8s.io" resources: - "leases" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -4033,7 +4410,7 @@ rules: - "secrets" - "configmaps" - "services" - verbs: &everything + verbs: - "get" - "list" - "create" @@ -4045,7 +4422,14 @@ rules: - "apps" resources: - "deployments" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - "sources.knative.dev" resources: @@ -4061,22 +4445,50 @@ rules: - "containersources" - "containersources/status" - "containersources/finalizers" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - serving.knative.dev resources: - services - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - eventing.knative.dev resources: - eventtypes - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - "" resources: - events - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - authorization.k8s.io resources: @@ -4148,7 +4560,7 @@ rules: resources: - "mutatingwebhookconfigurations" - "validatingwebhookconfigurations" - verbs: &everything + verbs: - "get" - "list" - "create" @@ -4162,12 +4574,26 @@ rules: - "sinkbindings" - "sinkbindings/status" - "sinkbindings/finalizers" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: - "coordination.k8s.io" resources: - "leases" - verbs: *everything + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml index 4c13950b10..25352e7bb4 100644 --- a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml +++ b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml @@ -306,13 +306,14 @@ metadata: app.kubernetes.io/name: knative-eventing spec: selector: - matchLabels: &labels + matchLabels: messaging.knative.dev/channel: in-memory-channel messaging.knative.dev/role: controller template: metadata: labels: - !!merge <<: *labels + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller app.kubernetes.io/component: imc-controller app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing @@ -322,7 +323,9 @@ spec: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: - matchLabels: *labels + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller topologyKey: kubernetes.io/hostname weight: 100 serviceAccountName: imc-controller @@ -365,7 +368,7 @@ spec: containerPort: 8008 - name: https-webhook containerPort: 8443 - readinessProbe: &probe + readinessProbe: periodSeconds: 1 httpGet: scheme: HTTPS @@ -374,7 +377,13 @@ spec: - name: k-kubelet-probe value: "webhook" livenessProbe: - !!merge <<: *probe + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" initialDelaySeconds: 20 terminationGracePeriodSeconds: 300 --- @@ -454,13 +463,14 @@ metadata: app.kubernetes.io/name: knative-eventing spec: selector: - matchLabels: &labels + matchLabels: messaging.knative.dev/channel: in-memory-channel messaging.knative.dev/role: dispatcher template: metadata: labels: - !!merge <<: *labels + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher app.kubernetes.io/component: imc-dispatcher app.kubernetes.io/version: "1.4.0" app.kubernetes.io/name: knative-eventing @@ -470,7 +480,9 @@ spec: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: - matchLabels: *labels + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher topologyKey: kubernetes.io/hostname weight: 100 serviceAccountName: imc-dispatcher @@ -478,7 +490,7 @@ spec: containers: - name: dispatcher image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:1bfe4a8b168449a65d87191a45b68ccece87cc73d5f8c3728dc07ab83fe71240 - readinessProbe: &probe + readinessProbe: failureThreshold: 3 httpGet: path: /healthz @@ -488,7 +500,14 @@ spec: successThreshold: 1 timeoutSeconds: 1 livenessProbe: - !!merge <<: *probe + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 initialDelaySeconds: 5 env: - name: CONFIG_LOGGING_NAME @@ -877,7 +896,7 @@ rules: resources: - services - serviceaccounts - verbs: &everything + verbs: - get - list - watch @@ -896,12 +915,24 @@ rules: - "rbac.authorization.k8s.io" resources: - rolebindings - verbs: *everything + verbs: + - get + - list + - watch + - create + - update + - patch - apiGroups: - apps resources: - deployments - verbs: *everything + verbs: + - get + - list + - watch + - create + - update + - patch - apiGroups: - apps resources: @@ -929,13 +960,19 @@ rules: - coordination.k8s.io resources: - leases - verbs: *everything + verbs: + - get + - list + - watch + - create + - update + - patch - apiGroups: - "admissionregistration.k8s.io" resources: - "mutatingwebhookconfigurations" - "validatingwebhookconfigurations" - verbs: &everything + verbs: - "get" - "list" - "create" diff --git a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml index fa9bb034fb..25a52a4210 100644 --- a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml +++ b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml @@ -231,7 +231,7 @@ spec: - name: filter terminationMessagePolicy: FallbackToLogsOnError image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:426797eae80ce0b759701ed5aa70571bf10a8fd1d459b6d1da3b6ea7bd320280 - readinessProbe: &probe + readinessProbe: failureThreshold: 3 httpGet: path: /healthz @@ -241,7 +241,14 @@ spec: successThreshold: 1 timeoutSeconds: 1 livenessProbe: - !!merge <<: *probe + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 initialDelaySeconds: 5 resources: requests: @@ -354,7 +361,7 @@ spec: - name: ingress terminationMessagePolicy: FallbackToLogsOnError image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:e53c0774a9f95506566c2cee91437df5c69effa314afcd699610a34e12bd9595 - readinessProbe: &probe + readinessProbe: failureThreshold: 3 httpGet: path: /healthz @@ -364,7 +371,14 @@ spec: successThreshold: 1 timeoutSeconds: 1 livenessProbe: - !!merge <<: *probe + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 initialDelaySeconds: 5 resources: requests: From 26958fccc18151a29cf464ad3c38ed62f79a146d Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Thu, 30 Jun 2022 17:53:02 +0300 Subject: [PATCH 10/10] knative-eventing: Install only core Signed-off-by: Kimonas Sotirchos --- common/knative/knative-eventing/base/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/knative/knative-eventing/base/kustomization.yaml b/common/knative/knative-eventing/base/kustomization.yaml index 1e8cb25ffb..dbea46e57c 100644 --- a/common/knative/knative-eventing/base/kustomization.yaml +++ b/common/knative/knative-eventing/base/kustomization.yaml @@ -3,8 +3,8 @@ kind: Kustomization namespace: knative-eventing resources: - upstream/eventing-core.yaml -- upstream/in-memory-channel.yaml -- upstream/mt-channel-broker.yaml +#- upstream/in-memory-channel.yaml +#- upstream/mt-channel-broker.yaml patchesStrategicMerge: - patches/clusterrole-patch.yaml commonLabels: