diff --git a/hack/generate/csv.sh b/hack/generate/csv.sh index 493b356243..8ef802329b 100755 --- a/hack/generate/csv.sh +++ b/hack/generate/csv.sh @@ -41,6 +41,8 @@ image "autoscaler" "${serving}-autoscaler" image "autoscaler-hpa" "${serving}-autoscaler-hpa" image "controller" "${serving}-controller" image "webhook" "${serving}-webhook" +image "domain-mapping" "${serving}-domain-mapping" +image "domainmapping-webhook" "${serving}-domain-mapping-webhook" image "storage-version-migration-serving-serving-$(metadata.get dependencies.serving)__migrate" "${serving}-storage-version-migration" image "3scale-kourier-gateway" "docker.io/maistra/proxyv2-ubi8:$(metadata.get dependencies.maistra)" diff --git a/knative-operator/deploy/resources/kourier/kourier-latest.yaml b/knative-operator/deploy/resources/kourier/kourier-latest.yaml index 8d82f7d3a8..cdbac6f133 100644 --- a/knative-operator/deploy/resources/kourier/kourier-latest.yaml +++ b/knative-operator/deploy/resources/kourier/kourier-latest.yaml @@ -1,31 +1,183 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 kind: Namespace metadata: name: kourier-system labels: networking.knative.dev/ingress-provider: kourier + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: 3scale-kourier + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: 3scale-kourier + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["pods", "endpoints", "services", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["networking.internal.knative.dev"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["networking.internal.knative.dev"] + resources: ["ingresses/status"] + verbs: ["update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: 3scale-kourier + labels: + networking.knative.dev/ingress-provider: kourier +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 3scale-kourier +subjects: + - kind: ServiceAccount + name: 3scale-kourier + namespace: knative-serving + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: 3scale-kourier-control + namespace: knative-serving + labels: + networking.knative.dev/ingress-provider: kourier +spec: + replicas: 1 + selector: + matchLabels: + app: 3scale-kourier-control + template: + metadata: + labels: + app: 3scale-kourier-control + spec: + containers: + - image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:072e2bb12eae88d5fde8b2fa77d20542ce0f4708d9e09a59c3b65c499462a8fc + name: kourier-control + env: + - name: CERTS_SECRET_NAMESPACE + value: "" + - name: CERTS_SECRET_NAME + value: "" + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: "knative.dev/samples" + - name: KOURIER_GATEWAY_NAMESPACE + value: "kourier-system" + ports: + - name: http2-xds + containerPort: 18000 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + restartPolicy: Always + serviceAccountName: 3scale-kourier --- apiVersion: v1 kind: Service metadata: - name: kourier - namespace: kourier-system + name: kourier-control + namespace: knative-serving labels: networking.knative.dev/ingress-provider: kourier spec: ports: - - name: http2 - port: 80 - protocol: TCP - targetPort: 8080 - - name: https - port: 443 + - name: grpc-xds + port: 18000 protocol: TCP - targetPort: 8443 + targetPort: 18000 selector: - app: 3scale-kourier-gateway - type: LoadBalancer + app: 3scale-kourier-control + type: ClusterIP + --- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: apps/v1 kind: Deployment metadata: @@ -49,8 +201,7 @@ spec: - --log-level info command: - /usr/local/bin/envoy - image: docker.io/maistra/proxyv2-ubi8:1.1.5 - imagePullPolicy: Always + image: docker.io/maistra/proxyv2-ubi8:2.0.0 name: kourier-gateway ports: - name: http2-external @@ -62,6 +213,13 @@ spec: - name: https-external containerPort: 8443 protocol: TCP + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsNonRoot: false + capabilities: + drop: + - all volumeMounts: - name: config-volume mountPath: /tmp/config @@ -85,102 +243,10 @@ spec: name: kourier-bootstrap restartPolicy: Always --- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: 3scale-kourier-control - namespace: knative-serving - labels: - networking.knative.dev/ingress-provider: kourier -spec: - replicas: 1 - selector: - matchLabels: - app: 3scale-kourier-control - template: - metadata: - labels: - app: 3scale-kourier-control - spec: - containers: - - image: gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier@sha256:24bd7446e1ce05a09c839deb4e40dbe9c41887d8021dff022ae646ac240e320b - imagePullPolicy: Always - name: kourier-control - env: - - name: CERTS_SECRET_NAMESPACE - value: "" - - name: CERTS_SECRET_NAME - value: "" - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KOURIER_GATEWAY_NAMESPACE - value: "kourier-system" - ports: - - name: http2-xds - containerPort: 18000 - protocol: TCP - restartPolicy: Always - serviceAccountName: 3scale-kourier ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: 3scale-kourier - namespace: knative-serving - labels: - networking.knative.dev/ingress-provider: kourier -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] - - apiGroups: [""] - resources: ["pods", "endpoints", "namespaces", "services", "secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch", "update", "create"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["networking.internal.knative.dev"] - resources: ["ingresses"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: ["networking.internal.knative.dev"] - resources: ["ingresses/status"] - verbs: ["update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: 3scale-kourier - namespace: knative-serving - labels: - networking.knative.dev/ingress-provider: kourier ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: 3scale-kourier - labels: - networking.knative.dev/ingress-provider: kourier -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 3scale-kourier -subjects: - - kind: ServiceAccount - name: 3scale-kourier - namespace: knative-serving ---- apiVersion: v1 kind: Service metadata: - name: kourier-internal + name: kourier namespace: kourier-system labels: networking.knative.dev/ingress-provider: kourier @@ -189,26 +255,30 @@ spec: - name: http2 port: 80 protocol: TCP - targetPort: 8081 + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 selector: app: 3scale-kourier-gateway - type: ClusterIP + type: LoadBalancer --- apiVersion: v1 kind: Service metadata: - name: kourier-control - namespace: knative-serving + name: kourier-internal + namespace: kourier-system labels: networking.knative.dev/ingress-provider: kourier spec: ports: - - name: grpc-xds - port: 18000 + - name: http2 + port: 80 protocol: TCP - targetPort: 18000 + targetPort: 8081 selector: - app: 3scale-kourier-control + app: 3scale-kourier-gateway type: ClusterIP --- apiVersion: v1 @@ -252,7 +322,9 @@ data: - "*" routes: - match: - regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?' + safe_regex: + google_re2: {} + regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?' headers: - name: ':method' exact_match: GET diff --git a/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml b/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml index d9d9901369..c0b863f1c7 100644 --- a/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml +++ b/olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml @@ -301,23 +301,27 @@ spec: - name: METRICS_DOMAIN value: knative.dev/serving-operator - name: "IMAGE_queue-proxy" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-queue" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-queue" - name: "IMAGE_activator" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-activator" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-activator" - name: "IMAGE_autoscaler" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-autoscaler" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-autoscaler-hpa" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-controller" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-controller" - name: "IMAGE_webhook" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-0.18.2__migrate" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-storage-version-migration" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-webhook" + - name: "IMAGE_domain-mapping" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-domain-mapping" + - name: "IMAGE_domainmapping-webhook" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-0.19.0__migrate" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-storage-version-migration" - name: "IMAGE_3scale-kourier-gateway" - value: "docker.io/maistra/proxyv2-ubi8:1.1.5" + value: "docker.io/maistra/proxyv2-ubi8:2.0.0" - name: "IMAGE_3scale-kourier-control" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.1:kourier" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.1:kourier" - name: "IMAGE_eventing-controller__eventing-controller" value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.2:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" @@ -414,23 +418,27 @@ spec: - name: KAFKASOURCE_MANIFEST_PATH value: deploy/resources/knativekafka/kafkasource-latest.yaml - name: "IMAGE_queue-proxy" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-queue" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-queue" - name: "IMAGE_activator" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-activator" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-activator" - name: "IMAGE_autoscaler" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-autoscaler" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-autoscaler-hpa" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-controller" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-controller" - name: "IMAGE_webhook" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-0.18.2__migrate" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-storage-version-migration" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-webhook" + - name: "IMAGE_domain-mapping" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-domain-mapping" + - name: "IMAGE_domainmapping-webhook" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-0.19.0__migrate" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-storage-version-migration" - name: "IMAGE_3scale-kourier-gateway" - value: "docker.io/maistra/proxyv2-ubi8:1.1.5" + value: "docker.io/maistra/proxyv2-ubi8:2.0.0" - name: "IMAGE_3scale-kourier-control" - value: "registry.svc.ci.openshift.org/openshift/knative-v0.18.1:kourier" + value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.1:kourier" - name: "IMAGE_eventing-controller__eventing-controller" value: "registry.svc.ci.openshift.org/openshift/knative-v0.19.2:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" @@ -687,23 +695,27 @@ spec: # This reference will be replaced in local builds and CI via hack/lib/catalogsource.bash. image: registry.svc.ci.openshift.org/openshift/openshift-serverless-nightly:knative-openshift-ingress - name: "IMAGE_queue-proxy" - image: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-queue" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-queue" - name: "IMAGE_activator" - image: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-activator" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-activator" - name: "IMAGE_autoscaler" - image: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-autoscaler" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-autoscaler" - name: "IMAGE_autoscaler-hpa" - image: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-autoscaler-hpa" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-autoscaler-hpa" - name: "IMAGE_controller" - image: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-controller" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-controller" - name: "IMAGE_webhook" - image: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-webhook" - - name: "IMAGE_storage-version-migration-serving-serving-0.18.2__migrate" - image: "registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-storage-version-migration" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-webhook" + - name: "IMAGE_domain-mapping" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-domain-mapping" + - name: "IMAGE_domainmapping-webhook" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-domain-mapping-webhook" + - name: "IMAGE_storage-version-migration-serving-serving-0.19.0__migrate" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-storage-version-migration" - name: "IMAGE_3scale-kourier-gateway" - image: "docker.io/maistra/proxyv2-ubi8:1.1.5" + image: "docker.io/maistra/proxyv2-ubi8:2.0.0" - name: "IMAGE_3scale-kourier-control" - image: "registry.svc.ci.openshift.org/openshift/knative-v0.18.1:kourier" + image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.1:kourier" - name: "IMAGE_eventing-controller__eventing-controller" image: "registry.svc.ci.openshift.org/openshift/knative-v0.19.2:knative-eventing-controller" - name: "IMAGE_sugar-controller__controller" diff --git a/olm-catalog/serverless-operator/project.yaml b/olm-catalog/serverless-operator/project.yaml index af139a1d86..1c37d3fea5 100644 --- a/olm-catalog/serverless-operator/project.yaml +++ b/olm-catalog/serverless-operator/project.yaml @@ -19,9 +19,9 @@ requirements: - '4.6' dependencies: - serving: 0.18.2 + serving: 0.19.0 eventing: 0.19.2 eventing_kafka: 0.19.1 - kourier: 0.18.1 + kourier: 0.19.1 cli: 0.18.4 - maistra: 1.1.5 + maistra: 2.0.0 diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/1-serving-crds.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/1-serving-crds.yaml similarity index 80% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/1-serving-crds.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/1-serving-crds.yaml index 02d2f6413c..2d8eaad525 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/1-serving-crds.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/1-serving-crds.yaml @@ -17,7 +17,7 @@ kind: CustomResourceDefinition metadata: name: certificates.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -73,16 +73,15 @@ kind: CustomResourceDefinition metadata: name: configurations.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev versions: - - &version - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: @@ -106,11 +105,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1beta1 - - !!merge <<: *version - name: v1 - storage: true names: kind: Configuration plural: configurations @@ -123,14 +117,6 @@ spec: - config - cfg scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving --- # Copyright 2020 The Knative Authors @@ -152,7 +138,7 @@ kind: CustomResourceDefinition metadata: name: ingresses.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -209,7 +195,7 @@ kind: CustomResourceDefinition metadata: name: metrics.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -263,7 +249,7 @@ kind: CustomResourceDefinition metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -326,15 +312,14 @@ kind: CustomResourceDefinition metadata: name: revisions.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev versions: - - &version - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: @@ -361,11 +346,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1beta1 - - !!merge <<: *version - name: v1 - storage: true names: kind: Revision plural: revisions @@ -377,14 +357,6 @@ spec: shortNames: - rev scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving --- # Copyright 2019 The Knative Authors @@ -406,16 +378,15 @@ kind: CustomResourceDefinition metadata: name: routes.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: group: serving.knative.dev versions: - - &version - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: @@ -436,11 +407,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1beta1 - - !!merge <<: *version - name: v1 - storage: true names: kind: Route plural: routes @@ -452,14 +418,6 @@ spec: shortNames: - rt scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving --- # Copyright 2019 The Knative Authors @@ -481,7 +439,7 @@ kind: CustomResourceDefinition metadata: name: serverlessservices.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -549,27 +507,88 @@ kind: CustomResourceDefinition metadata: name: services.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev versions: - - &version - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: openAPIV3Schema: type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: | + A template for the current desired application state. + Changes to `template` will cause a new Revision to be created as + defined in the lifecycle section. The contents of the Service's + RevisionTemplateSpec is used to create a corresponding Configuration. + traffic: + x-kubernetes-preserve-unknown-fields: true + type: array + description: | + Traffic specifies how to distribute traffic over a + collection of Revisions belonging to the Service. If traffic is + empty or not provided, defaults to 100% traffic to the latest + `Ready` Revision. The contents of the Service's TrafficTarget is + used to create a corresponding Route. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + revisionName: + type: string + description: | + A specific revision to which to send this portion + of traffic. + This is mutually exclusive with configurationName. + configurationName: + type: string + description: | + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. + This is mutually exclusive with RevisionName. + latestRevision: + type: boolean + description: | + `latestRevision` may be optionally provided to indicate + that the latest ready Revision of the Configuration should be used + for this traffic target. When provided latestRevision MUST be true + if revisionName is empty, and it MUST be false when revisionName is non-empty. + tag: + type: string + description: | + Tag is optionally used to expose a dedicated URL for + referencing this target exclusively. The dedicated URL MUST include + in it the string provided by tag. + percent: + type: integer + description: | + The percentage of requests which should be allocated + from the main Route domain name to the specified `revisionName` or + `configurationName`. + All `percent` values in `traffic` MUST sum to 100. + minimum: 0 + maximum: 100 + status: + type: object + x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: URL type: string @@ -586,11 +605,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1beta1 - - !!merge <<: *version - name: v1 - storage: true names: kind: Service plural: services @@ -603,14 +617,6 @@ spec: - kservice - ksvc scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving --- # Copyright 2018 The Knative Authors @@ -659,5 +665,9 @@ spec: # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image --- diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/2-serving-core.yaml similarity index 89% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/2-serving-core.yaml index 30f47d8636..3c213343ad 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/2-serving-core.yaml @@ -17,7 +17,7 @@ kind: Namespace metadata: name: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" --- # Copyright 2019 The Knative Authors @@ -39,7 +39,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" # Labeled to facilitate aggregated cluster roles that act on Addressables. duck.knative.dev/addressable: "true" # Do not use this role directly. These rules will be added to the "addressable-resolver" role. @@ -77,7 +77,7 @@ metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -92,7 +92,7 @@ metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -107,7 +107,7 @@ metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] @@ -133,7 +133,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-core labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" serving.knative.dev/controller: "true" rules: - apiGroups: [""] @@ -184,7 +184,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" # Labeled to facilitate aggregated cluster roles that act on PodSpecables. duck.knative.dev/podspecable: "true" # Do not use this role directly. These rules will be added to the "podspecable-binder" role. @@ -220,14 +220,14 @@ metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-admin labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" aggregationRule: clusterRoleSelectors: - matchLabels: @@ -239,7 +239,7 @@ kind: ClusterRoleBinding metadata: name: knative-serving-controller-admin labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" subjects: - kind: ServiceAccount name: controller @@ -296,6 +296,10 @@ spec: # # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image --- # Copyright 2020 The Knative Authors @@ -317,7 +321,7 @@ kind: CustomResourceDefinition metadata: name: certificates.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -373,16 +377,15 @@ kind: CustomResourceDefinition metadata: name: configurations.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev versions: - - &version - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: @@ -406,11 +409,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1beta1 - - !!merge <<: *version - name: v1 - storage: true names: kind: Configuration plural: configurations @@ -423,14 +421,6 @@ spec: - config - cfg scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving --- # Copyright 2020 The Knative Authors @@ -452,7 +442,7 @@ kind: CustomResourceDefinition metadata: name: ingresses.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -509,7 +499,7 @@ kind: CustomResourceDefinition metadata: name: metrics.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -563,7 +553,7 @@ kind: CustomResourceDefinition metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev @@ -626,15 +616,14 @@ kind: CustomResourceDefinition metadata: name: revisions.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: serving.knative.dev versions: - - &version - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: @@ -661,11 +650,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1beta1 - - !!merge <<: *version - name: v1 - storage: true names: kind: Revision plural: revisions @@ -677,14 +661,6 @@ spec: shortNames: - rev scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving --- # Copyright 2019 The Knative Authors @@ -706,16 +682,15 @@ kind: CustomResourceDefinition metadata: name: routes.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: group: serving.knative.dev versions: - - &version - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: @@ -736,11 +711,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1beta1 - - !!merge <<: *version - name: v1 - storage: true names: kind: Route plural: routes @@ -752,14 +722,6 @@ spec: shortNames: - rt scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving --- # Copyright 2019 The Knative Authors @@ -781,7 +743,7 @@ kind: CustomResourceDefinition metadata: name: serverlessservices.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -849,27 +811,88 @@ kind: CustomResourceDefinition metadata: name: services.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev versions: - - &version - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: openAPIV3Schema: type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: | + A template for the current desired application state. + Changes to `template` will cause a new Revision to be created as + defined in the lifecycle section. The contents of the Service's + RevisionTemplateSpec is used to create a corresponding Configuration. + traffic: + x-kubernetes-preserve-unknown-fields: true + type: array + description: | + Traffic specifies how to distribute traffic over a + collection of Revisions belonging to the Service. If traffic is + empty or not provided, defaults to 100% traffic to the latest + `Ready` Revision. The contents of the Service's TrafficTarget is + used to create a corresponding Route. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + revisionName: + type: string + description: | + A specific revision to which to send this portion + of traffic. + This is mutually exclusive with configurationName. + configurationName: + type: string + description: | + ConfigurationName of a configuration to whose latest revision we will send + this portion of traffic. When the "status.latestReadyRevisionName" of the + referenced configuration changes, we will automatically migrate traffic + from the prior "latest ready" revision to the new one. This field is never + set in Route's status, only its spec. + This is mutually exclusive with RevisionName. + latestRevision: + type: boolean + description: | + `latestRevision` may be optionally provided to indicate + that the latest ready Revision of the Configuration should be used + for this traffic target. When provided latestRevision MUST be true + if revisionName is empty, and it MUST be false when revisionName is non-empty. + tag: + type: string + description: | + Tag is optionally used to expose a dedicated URL for + referencing this target exclusively. The dedicated URL MUST include + in it the string provided by tag. + percent: + type: integer + description: | + The percentage of requests which should be allocated + from the main Route domain name to the specified `revisionName` or + `configurationName`. + All `percent` values in `traffic` MUST sum to 100. + minimum: 0 + maximum: 100 + status: + type: object + x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: URL type: string @@ -886,11 +909,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - !!merge <<: *version - name: v1beta1 - - !!merge <<: *version - name: v1 - storage: true names: kind: Service plural: services @@ -903,14 +921,6 @@ spec: - kservice - ksvc scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving --- # Copyright 2018 The Knative Authors @@ -933,11 +943,11 @@ metadata: name: queue-proxy namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:a324eedc6f9b3b23dcaf105e3a4451e7122ac60d0e0cf4e87c9c3e262b161cd8 + image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:1a569afd4c34e285f6d647633925e2b684899bc8d01b4894047c90b75ca49357 --- # Copyright 2018 The Knative Authors @@ -960,9 +970,9 @@ metadata: name: config-autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: - knative.dev/example-checksum: "7b6520ae" + knative.dev/example-checksum: "1d830d9e" data: _example: | ################################ @@ -1095,11 +1105,11 @@ data: # Scale to zero pod retention period defines the minimum amount # of time the last pod will remain after Autoscaler has decided to # scale to zero. - # This flag is for the situations where the pod starup is very expensive + # This flag is for the situations where the pod startup is very expensive # and the traffic is bursty (requiring smaller windows for fast action), # but patchy. # The larger of this flag and `scale-to-zero-grace-period` will effectively - # detemine how the last pod will hang around. + # determine how the last pod will hang around. scale-to-zero-pod-retention-period: "0s" # pod-autoscaler-class specifies the default pod autoscaler class @@ -1130,6 +1140,19 @@ data: # If set to 0, the revision has no maximum scale. max-scale: "0" + # scale-down-delay is the amount of time that must pass at reduced + # concurrency before a scale down decision is applied. This can be useful, + # for example, to maintain replica count and avoid a cold start penalty if + # more requests come in within the scale down delay period. + # The default, 0s, imposes no delay at all. + scale-down-delay: "0s" + + # max-scale-limit sets the maximum permitted value for the max scale of a revision. + # When this is set to a positive value, a revision with a maxScale above that value + # (including a maxScale of "0" = unlimited) is disallowed. + # A value of zero (the default) allows any limit, including unlimited. + max-scale-limit: "0" + --- # Copyright 2019 The Knative Authors # @@ -1151,9 +1174,9 @@ metadata: name: config-defaults namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: - knative.dev/example-checksum: "d19e4f27" + knative.dev/example-checksum: "cdabec96" data: _example: | ################################ @@ -1257,10 +1280,12 @@ data: # enableServiceLinks field of the PodSpec, when it is omitted by the user. # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service # + # This is a tri-state flag with possible values of (true|false|default). + # # In environments with large number of services it is suggested # to set this value to `false`. # See https://github.com/knative/serving/issues/8498. - enable-service-links: "default" + enable-service-links: "false" --- # Copyright 2019 The Knative Authors @@ -1283,13 +1308,13 @@ metadata: name: config-deployment namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: knative.dev/example-checksum: "52900e59" data: # This is the Go import path for the binary that is containerized # and substituted here. - queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:a324eedc6f9b3b23dcaf105e3a4451e7122ac60d0e0cf4e87c9c3e262b161cd8 + queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:1a569afd4c34e285f6d647633925e2b684899bc8d01b4894047c90b75ca49357 _example: | ################################ # # @@ -1364,9 +1389,9 @@ metadata: name: config-domain namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: - knative.dev/example-checksum: "f8e5beb4" + knative.dev/example-checksum: "74c3fc6a" data: _example: | ################################ @@ -1395,9 +1420,10 @@ data: selector: app: nonprofit - # Routes having domain suffix of 'svc.cluster.local' will not be exposed - # through Ingress. You can define your own label selector to assign that - # domain suffix to your Route here, or you can set the label + # Routes having the cluster domain suffix (by default 'svc.cluster.local') + # will not be exposed through Ingress. You can define your own label + # selector to assign that domain suffix to your Route here, or you can set + # the label # "serving.knative.dev/visibility=cluster-local" # to achieve the same effect. This shows how to make routes having # the label app=secret only exposed to the local cluster. @@ -1426,9 +1452,9 @@ metadata: name: config-features namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: - knative.dev/example-checksum: "6a69cdef" + knative.dev/example-checksum: "2d4c16b9" data: _example: | ################################ @@ -1449,31 +1475,37 @@ data: # Indicates whether multi container support is enabled # # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#multi-containers multi-container: "enabled" # Indicates whether Kubernetes affinity support is enabled # # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity kubernetes.podspec-affinity: "disabled" # Indicates whether Kubernetes nodeSelector support is enabled # # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector kubernetes.podspec-nodeselector: "disabled" # Indicates whether Kubernetes tolerations support is enabled # # WARNING: Cannot safely be disabled once enabled + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration kubernetes.podspec-tolerations: "disabled" # Indicates whether Kubernetes FieldRef support is enabled # # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref kubernetes.podspec-fieldref: "disabled" # Indicates whether Kubernetes RuntimeClassName support is enabled # # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class kubernetes.podspec-runtimeclassname: "disabled" # This feature allows end-users to set a subset of fields on the Pod's SecurityContext @@ -1498,6 +1530,7 @@ data: # from Knative or your service mesh # # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context kubernetes.podspec-securitycontext: "disabled" # This feature validates PodSpecs from the validating webhook @@ -1507,17 +1540,20 @@ data: # When "allowed", the server will not run the dry-run validation by default. # However, clients may enable the behavior on an individual Service by # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run kubernetes.podspec-dryrun: "allowed" # Indicates whether new responsive garbage collection is enabled. This # feature labels revisions in real-time as they become referenced and # dereferenced by Routes. This allows us to reap revisions shortly after # they are no longer active. - responsive-revision-gc: "allowed" + # See: https://knative.dev/docs/serving/feature-flags/#responsive-revision-garbage-collector + responsive-revision-gc: "enabled" # Controls whether tag header based routing feature are enabled or not. # 1. Enabled: enabling tag header based routing # 2. Disabled: disabling tag header based routing + # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing tag-header-based-routing: "disabled" --- @@ -1541,7 +1577,7 @@ metadata: name: config-gc namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: knative.dev/example-checksum: "4b89cfa0" data: @@ -1659,9 +1695,9 @@ metadata: name: config-leader-election namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: - knative.dev/example-checksum: "a255a6cc" + knative.dev/example-checksum: "96896b00" data: _example: | ################################ @@ -1691,6 +1727,13 @@ data: # actions; 2 seconds is the value used by core kubernetes controllers. retryPeriod: "2s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + --- # Copyright 2018 The Knative Authors # @@ -1712,7 +1755,7 @@ metadata: name: config-logging namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: knative.dev/example-checksum: "23eed3d8" data: @@ -1790,7 +1833,7 @@ metadata: name: config-network namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: knative.dev/example-checksum: "5e3df87d" data: @@ -1898,9 +1941,9 @@ metadata: name: config-observability namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: - knative.dev/example-checksum: "11674c15" + knative.dev/example-checksum: "97c1d10b" data: _example: | ################################ @@ -1925,9 +1968,7 @@ data: # logging.revision-url-template provides a template to use for producing the # logging URL that is injected into the status of each Revision. - # This value is what you might use the the Knative monitoring bundle, and provides - # access to Kibana after setting up kubectl proxy. - logging.revision-url-template: "http://localhost:8001/api/v1/namespaces/knative-monitoring/services/kibana-logging/proxy/app/kibana#/discover?_a=(query:(match:(kubernetes.labels.knative-dev%2FrevisionUID:(query:'${REVISION_UID}',type:phrase))))" + logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe # requests. @@ -1963,7 +2004,7 @@ data: logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' # If true, the request logging will be enabled. - # NB: up to and including Knative version 0.18 if logging.requst-log-template is non-empty, this value + # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value # will be ignored. logging.enable-request-log: "false" @@ -2020,7 +2061,7 @@ metadata: name: config-tracing namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" annotations: knative.dev/example-checksum: "4002b4c2" data: @@ -2080,7 +2121,7 @@ metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: minReplicas: 1 maxReplicas: 20 @@ -2104,7 +2145,7 @@ metadata: name: activator-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: minAvailable: 1 selector: @@ -2132,7 +2173,7 @@ metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: selector: matchLabels: @@ -2145,14 +2186,14 @@ spec: labels: app: activator role: activator - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: serviceAccountName: controller containers: - name: activator # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:5f66958c87b2287dd4d5f845d933ae796a21a191c505341921da4932a63d3798 + image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:1e3db4f2eeed42d3ef03f41cc3d07c333edab92af3653a530d6d5f370da96ab6 # The numbers are based on performance test results from # https://github.com/knative/serving/issues/1625#issuecomment-511930023 resources: @@ -2187,6 +2228,11 @@ spec: value: knative.dev/internal/serving securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 @@ -2227,7 +2273,7 @@ metadata: namespace: knative-serving labels: app: activator - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: selector: app: activator @@ -2268,7 +2314,7 @@ metadata: name: autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: replicas: 1 selector: @@ -2280,7 +2326,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app: autoscaler - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -2297,7 +2343,7 @@ spec: - name: autoscaler # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:6306cd25aca62175b684a678e610c8e0f6cb080a3b12bce7c0436e2d790a4bb9 + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:db6ceff2aab47083b36c0e24ab0c0eea6f070bc8e7c82dae828778c6714fe1fb resources: requests: cpu: 30m @@ -2310,6 +2356,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: SYSTEM_NAMESPACE valueFrom: fieldRef: @@ -2323,6 +2373,11 @@ spec: value: knative.dev/serving securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 @@ -2349,7 +2404,7 @@ kind: Service metadata: labels: app: autoscaler - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" name: autoscaler namespace: knative-serving spec: @@ -2388,7 +2443,7 @@ metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: selector: matchLabels: @@ -2399,7 +2454,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: controller - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -2416,7 +2471,7 @@ spec: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:4f550aa4d52f118589eb12c9040f6b48861857e15b98a5d0ec509c13f74127df + image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:b2cd45b8a8a4747efbb24443240ac7836b1afc64207da837417862479d2e84c5 resources: requests: cpu: 100m @@ -2442,6 +2497,11 @@ spec: value: knative.dev/internal/serving securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 @@ -2453,7 +2513,7 @@ kind: Service metadata: labels: app: controller - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" name: controller namespace: knative-serving spec: @@ -2468,6 +2528,56 @@ spec: selector: app: controller +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: webhook + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.19.0" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: webhook + metrics: + - type: Resource + resource: + name: cpu + # Percentage of the requested CPU + targetAverageUtilization: 100 +--- +# Webhook PDB. +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: webhook-pdb + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.19.0" +spec: + minAvailable: 1 + selector: + matchLabels: + app: webhook + --- # Copyright 2018 The Knative Authors # @@ -2489,7 +2599,7 @@ metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: selector: matchLabels: @@ -2502,7 +2612,7 @@ spec: labels: app: webhook role: webhook - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -2519,7 +2629,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:994d7dc3193e78484afcb450a5deedd7d43f65877ab05fef6c016934480982c8 + image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:d27b4495ccc304d5a921d847dd1bce82bd2664ce3e5625b57758ebad03542b5f resources: requests: cpu: 100m @@ -2547,6 +2657,11 @@ spec: value: knative.dev/serving securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 @@ -2560,10 +2675,10 @@ spec: scheme: HTTPS port: 8443 httpHeaders: - - name: k-kubelet-probe - value: "webhook" + - name: k-kubelet-probe + value: "webhook" livenessProbe: - <<: *probe + !!merge <<: *probe failureThreshold: 6 initialDelaySeconds: 20 # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently @@ -2575,7 +2690,7 @@ kind: Service metadata: labels: role: webhook - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" name: webhook namespace: knative-serving spec: @@ -2613,7 +2728,7 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2649,7 +2764,7 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2681,7 +2796,7 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2714,7 +2829,7 @@ metadata: name: webhook-certs namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" # The data is populated at install time. --- diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/3-serving-hpa.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/3-serving-hpa.yaml similarity index 89% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/3-serving-hpa.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/3-serving-hpa.yaml index bf314c91eb..83b8823223 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/3-serving-hpa.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/3-serving-hpa.yaml @@ -18,7 +18,7 @@ metadata: name: autoscaler-hpa namespace: knative-serving labels: - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" autoscaling.knative.dev/autoscaler-provider: hpa spec: selector: @@ -30,7 +30,7 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: autoscaler-hpa - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: # To avoid node becoming SPOF, spread our replicas to different nodes. affinity: @@ -47,7 +47,7 @@ spec: - name: autoscaler-hpa # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:e7d8b6172fce03688bd8e55d6c98e0772f18afc3d295e2c09bf04ba23040886b + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa@sha256:469d1bbad39c05260df1a9809b39e4cef595ca56e57d1c16d4af195cf96588b7 resources: requests: cpu: 30m @@ -69,6 +69,11 @@ spec: value: knative.dev/serving securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 @@ -80,7 +85,7 @@ kind: Service metadata: labels: app: autoscaler-hpa - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" autoscaling.knative.dev/autoscaler-provider: hpa name: autoscaler-hpa namespace: knative-serving diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/4-serving-domainmapping-crds.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/4-serving-domainmapping-crds.yaml new file mode 100644 index 0000000000..1f39cc824d --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/4-serving-domainmapping-crds.yaml @@ -0,0 +1,109 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + serving.knative.dev/release: "v0.19.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + serving.knative.dev/release: "v0.19.0" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced + +--- diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/5-serving-domainmapping.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/5-serving-domainmapping.yaml new file mode 100644 index 0000000000..d0b8b2bb3c --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/5-serving-domainmapping.yaml @@ -0,0 +1,404 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + serving.knative.dev/release: "v0.19.0" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + serving.knative.dev/release: "v0.19.0" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domain-mapping + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.19.0" +spec: + selector: + matchLabels: + app: domain-mapping + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: domain-mapping + serving.knative.dev/release: "v0.19.0" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domain-mapping + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: domain-mapping + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:e098a7307e4f7e2e0ce63bffe9551fb520cefa46ffa9dbae0b49ecf5876a762e + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domainmapping-webhook + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.19.0" +spec: + selector: + matchLabels: + app: domainmapping-webhook + role: domainmapping-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: domainmapping-webhook + role: domainmapping-webhook + serving.knative.dev/release: "v0.19.0" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domainmapping-webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: domainmapping-webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:3a262d0bcb6f1568f6dddd8dceaebaab516e659c5a387c4ad2201b20016833f7 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_PORT + value: "8443" + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: &probe + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + !!merge <<: *probe + failureThreshold: 6 + initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: domainmapping-webhook + serving.knative.dev/release: "v0.19.0" + name: domainmapping-webhook + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: domainmapping-webhook + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.domainmapping.serving.knative.dev + labels: + serving.knative.dev/release: "v0.19.0" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: domainmapping-webhook-certs + namespace: knative-serving + labels: + serving.knative.dev/release: "v0.19.0" +# The data is populated at install time. + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.domainmapping.serving.knative.dev + labels: + serving.knative.dev/release: "v0.19.0" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + +--- diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/4-serving-post-install-jobs.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/6-serving-post-install-jobs.yaml similarity index 89% rename from openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/4-serving-post-install-jobs.yaml rename to openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/6-serving-post-install-jobs.yaml index 258662230b..abe3848a01 100644 --- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/4-serving-post-install-jobs.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/6-serving-post-install-jobs.yaml @@ -1,6 +1,6 @@ --- -# /tmp/tmp.1D46YeFxsI/serving-storage-version-migration.yaml +# /tmp/tmp.O5qrBiHT0O/serving-storage-version-migration.yaml # Copyright 2020 The Knative Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +22,7 @@ metadata: namespace: knative-serving labels: app: "storage-version-migration-serving" - serving.knative.dev/release: "v0.18.2" + serving.knative.dev/release: "v0.19.0" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 @@ -39,7 +39,7 @@ spec: - name: migrate # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:3f01d0fe39b73f6c86216053b9b6ea3bb63a145d3c2a2b779c81f6add3e167e9 + image: gcr.io/knative-releases/knative.dev/serving/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:ea103af99c3cdfd952905f4800d609d329535c27c5f0da4c138e7f487924c59d args: - "services.serving.knative.dev" - "configurations.serving.knative.dev" diff --git a/openshift-knative-operator/hack/001-liveness.patch b/openshift-knative-operator/hack/001-liveness.patch deleted file mode 100644 index 7ed250afc1..0000000000 --- a/openshift-knative-operator/hack/001-liveness.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml -index c43de832..adce83ca 100644 ---- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml -+++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml -@@ -2554,23 +2554,18 @@ spec: - containerPort: 8008 - - name: https-webhook - containerPort: 8443 -- readinessProbe: -+ readinessProbe: &probe - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: -- - name: k-kubelet-probe -- value: "webhook" -+ - name: k-kubelet-probe -+ value: "webhook" - livenessProbe: -- periodSeconds: 1 -- httpGet: -- scheme: HTTPS -- port: 8443 -- httpHeaders: -- - name: k-kubelet-probe -- value: "webhook" -+ <<: *probe - failureThreshold: 6 -+ initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 diff --git a/openshift-knative-operator/hack/003-activator-pdb.patch b/openshift-knative-operator/hack/003-activator-pdb.patch deleted file mode 100644 index 5d81cb474f..0000000000 --- a/openshift-knative-operator/hack/003-activator-pdb.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml -index adce83ca..30f47d86 100644 ---- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml -+++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.18.2/2-serving-core.yaml -@@ -2106,7 +2106,7 @@ metadata: - labels: - serving.knative.dev/release: "v0.18.2" - spec: -- minAvailable: 80% -+ minAvailable: 1 - selector: - matchLabels: - app: activator diff --git a/openshift-knative-operator/hack/003-serving-pdb.patch b/openshift-knative-operator/hack/003-serving-pdb.patch new file mode 100644 index 0000000000..458551f2b6 --- /dev/null +++ b/openshift-knative-operator/hack/003-serving-pdb.patch @@ -0,0 +1,22 @@ +diff --git a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/2-serving-core.yaml b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/2-serving-core.yaml +index af41a2ad..3c213343 100644 +--- a/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/2-serving-core.yaml ++++ b/openshift-knative-operator/cmd/operator/kodata/knative-serving/0.19.0/2-serving-core.yaml +@@ -2147,7 +2147,7 @@ metadata: + labels: + serving.knative.dev/release: "v0.19.0" + spec: +- minAvailable: 80% ++ minAvailable: 1 + selector: + matchLabels: + app: activator +@@ -2573,7 +2573,7 @@ metadata: + labels: + serving.knative.dev/release: "v0.19.0" + spec: +- minAvailable: 80% ++ minAvailable: 1 + selector: + matchLabels: + app: webhook diff --git a/openshift-knative-operator/hack/update-manifests.sh b/openshift-knative-operator/hack/update-manifests.sh index a738c963d7..d548c5656d 100755 --- a/openshift-knative-operator/hack/update-manifests.sh +++ b/openshift-knative-operator/hack/update-manifests.sh @@ -9,7 +9,7 @@ source "$root/hack/lib/__sources__.bash" # These files could in theory change from release to release, though their names should # be fairly stable. -serving_files=(serving-crds serving-core serving-hpa serving-post-install-jobs) +serving_files=(serving-crds serving-core serving-hpa serving-domainmapping-crds serving-domainmapping serving-post-install-jobs) eventing_files=(eventing-crds eventing-core in-memory-channel mt-channel-broker eventing-sugar-controller) function download { @@ -37,12 +37,10 @@ function download { } download serving $KNATIVE_SERVING_VERSION "${serving_files[@]}" -# TODO: Remove this patch once 0.18.5 of serving or newer is available. -git apply "$root/openshift-knative-operator/hack/001-liveness.patch" # TODO: Remove this once upstream fixed https://github.com/knative/operator/issues/376. # See also https://issues.redhat.com/browse/SRVKS-670. -git apply "$root/openshift-knative-operator/hack/003-activator-pdb.patch" +git apply "$root/openshift-knative-operator/hack/003-serving-pdb.patch" download eventing $KNATIVE_EVENTING_VERSION "${eventing_files[@]}" # Extra ClusterRole for downstream, so that users can get the CMs of knative-eventing diff --git a/openshift/ci-operator/source-image/Dockerfile b/openshift/ci-operator/source-image/Dockerfile index c9fa1438fd..78139346a0 100644 --- a/openshift/ci-operator/source-image/Dockerfile +++ b/openshift/ci-operator/source-image/Dockerfile @@ -1,7 +1,7 @@ FROM src COPY oc /usr/bin/oc -COPY --from=registry.svc.ci.openshift.org/openshift/knative-v0.18.2:knative-serving-src /go/src/knative.dev/serving/ /go/src/knative.dev/serving/ +COPY --from=registry.svc.ci.openshift.org/openshift/knative-v0.19.0:knative-serving-src /go/src/knative.dev/serving/ /go/src/knative.dev/serving/ COPY --from=registry.svc.ci.openshift.org/openshift/knative-v0.19.2:knative-eventing-src /go/src/knative.dev/eventing/ /go/src/knative.dev/eventing/ COPY --from=registry.svc.ci.openshift.org/openshift/knative-v0.19.1:knative-eventing-kafka-src /go/src/knative.dev/eventing-kafka/ /go/src/knative.dev/eventing-kafka/ diff --git a/test/serving.bash b/test/serving.bash index 25e89e4654..8e27893826 100644 --- a/test/serving.bash +++ b/test/serving.bash @@ -126,6 +126,11 @@ function run_serving_preupgrade_test { --kubeconfig "$KUBECONFIG" \ --resolvabledomain + # Remove the following files in case we failed to clean them up in an earlier test. + rm -f /tmp/prober-signal + rm -f /tmp/autoscaling-signal + rm -f /tmp/autoscaling-tbc-signal + logger.success 'Serving pre upgrade tests passed' } @@ -187,6 +192,14 @@ function end_serving_prober { local prober_pid prober_pid="${1:?Pass a prober pid as arg[1]}" + # The probe tests are blocking on the following files to know when it should exit. + # + # This is kind of gross. First attempt was to just send a signal to the go test, + # but "go test" intercepts the signal and always exits with a non-zero code. + echo "done" > /tmp/prober-signal + echo "done" > /tmp/autoscaling-signal + echo "done" > /tmp/autoscaling-tbc-signal + end_prober 'Serving' "${prober_pid}" } diff --git a/test/upstream-e2e-tests.sh b/test/upstream-e2e-tests.sh index e20c7d9182..13cbde2094 100755 --- a/test/upstream-e2e-tests.sh +++ b/test/upstream-e2e-tests.sh @@ -17,6 +17,12 @@ create_namespaces install_catalogsource logger.success '🚀 Cluster prepared for testing.' +# Need 6 worker nodes when running upgrade or upstream. Set, if not enough. +if [[ "${SCALE_UP}" -lt 6 ]]; then + SCALE_UP=6 + scale_up_workers +fi + # Run upgrade tests if [[ $TEST_KNATIVE_UPGRADE == true ]]; then install_serverless_previous @@ -30,11 +36,6 @@ fi # Run upstream knative serving, eventing and eventing-kafka tests if [[ $TEST_KNATIVE_E2E == true ]]; then - # Need 6 worker nodes when running upstream. Set, if not enough. - if [[ "${SCALE_UP}" -lt 6 ]]; then - SCALE_UP=6 - fi - scale_up_workers ensure_serverless_installed if [[ $TEST_KNATIVE_KAFKA == true ]]; then upstream_knative_eventing_kafka_e2e