From 80469f59ac1192d171dd618f72df2a8e9f1313f2 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Sun, 17 Jul 2022 12:53:25 +0000 Subject: [PATCH 01/22] Update changelog.md. Closes #360. Closes #365. --- CHANGELOG.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index da4f4341..0fc0ef02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,51 @@ The Kubeflow on Google Cloud distribution versioning is following the versioning ### Unreleased +### v1.6.0 + +* Upgrade cert-manger to v1.5.0 (#372) +* Upgrade knative to v1.2 (#373) +* Update CHANGELOG.md (#) +* Fix ASM/istio ingress gateway issue (#371) + +### v1.5.1 + +* Upgrade ASM to v1.13 (#369) +* Fixed KServe issues with dashboard (#362) and directory(#361). +* Increased the maximum length of Kubeflow cluster name (#359). +* Moved RequestAuthentication policy creation to iap-enabler to improve GitOps friendliness (#364). +* Renamed `${name}-kfp-cloudsql` service account into `${name}-sql` to fix the name length restriction (#358) + +### v1.5.0 + +* Upgrade Kubeflow components versions as listed in components versions table +* Integrated with Config Controller, simplified management cluster maintenance cost, there is no need to manually upgrade Config Connector CRD. +* Switch from kfserving to KServe as default serving component, you can switch back to kfserving in config.yaml. +* Fixed cloudsqlproxy issue with livenessProbe configuration. + +### v1.4.1 + +* Upgrade: Integrate with Kubeflow 1.4.1 manifests (kubeflow/manifests#2084) +* Fix: Change cloud endpoint images destination (#343) +* Fix: Use yq4 in iap-ingress Makefile. + +### v1.4.0 + +* Upgrade Kubeflow components versions as listed in components versions table +* Removed GKE 1.18 image version and k8s runtime pin, now GKE version is default to Stable channel. +* Set Emissary Executor as default Argo Workflow executor for Kubeflow Pipelines. +* Upgraded kpt versions from 0.X.X to 1.0.0-beta.6. +* Upgraded yq from v3 to v4. +* Upgraded ASM(Anthos Service Mesh) to 1.10.4-asm.6. +* Unblocked KFSserving usage by removing commonLabels from kustomization patch #298 #324. +* Integrated with KFServing Web App UI. +* Integrated with unified operator: training-operator. +* Simplified deployment: Removed requirement for independent installation of yq, jq, kustomize, kpt. + +### v1.3.1 + +* Change folder name istio-1-9-0 to istio-1-9 + ### v1.3.0 * Refactor manifest organizing approach and abandon `instance` folder structure. From 0f2662fbe6d5dcc3b120242bcca4adf6a9febc4b Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Tue, 19 Jul 2022 03:43:13 +0000 Subject: [PATCH 02/22] Remove deprecated KFServing component. Closes #375 --- CHANGELOG.md | 1 - kubeflow/apps/kfserving/Makefile | 20 ---------------- kubeflow/apps/kfserving/README.md | 3 --- kubeflow/apps/kfserving/deployment-patch.yaml | 23 ------------------- kubeflow/apps/kfserving/kustomization.yaml | 7 ------ kubeflow/config.yaml | 9 ++------ kubeflow/pull-upstream.sh | 7 ------ 7 files changed, 2 insertions(+), 68 deletions(-) delete mode 100644 kubeflow/apps/kfserving/Makefile delete mode 100644 kubeflow/apps/kfserving/README.md delete mode 100644 kubeflow/apps/kfserving/deployment-patch.yaml delete mode 100644 kubeflow/apps/kfserving/kustomization.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fc0ef02..4c6497c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,6 @@ The Kubeflow on Google Cloud distribution versioning is following the versioning * Upgrade cert-manger to v1.5.0 (#372) * Upgrade knative to v1.2 (#373) -* Update CHANGELOG.md (#) * Fix ASM/istio ingress gateway issue (#371) ### v1.5.1 diff --git a/kubeflow/apps/kfserving/Makefile b/kubeflow/apps/kfserving/Makefile deleted file mode 100644 index a62ddbb6..00000000 --- a/kubeflow/apps/kfserving/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -build_dir?=./build -PACKAGE_DIR?=$(shell pwd)/../.. -YQ=docker run --rm -v "$(PACKAGE_DIR)/":/workdir mikefarah/yq:4 -NAME=$(shell $(YQ) e '.data.name' kptconfig/kpt-setter-config.yaml) -PROJECT=$(shell $(YQ) e '.data."gcloud.core.project"' kptconfig/kpt-setter-config.yaml) - -# The kubectl context for your Kubeflow cluster -KFCTXT=$(NAME) - -.PHONY: apply -apply: hydrate -# Apply App kfserving - kubectl --context=$(KFCTXT) apply -f $(build_dir) - kubectl --context=$(KFCTXT) patch cm config-domain --namespace knative-serving --type merge -p '{"data":{"$(NAME).endpoints.$(PROJECT).cloud.goog": ""}}' - -.PHONY: hydrate -hydrate: -# Hydrate App kfserving - rm -rf $(build_dir) && mkdir -p $(build_dir) - kustomize build -o $(build_dir) ./ diff --git a/kubeflow/apps/kfserving/README.md b/kubeflow/apps/kfserving/README.md deleted file mode 100644 index 5626e17e..00000000 --- a/kubeflow/apps/kfserving/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# KFServing usage guide - -KFServing has been renamed to kserve. Refer to `GCP-IAP` example in https://github.com/kserve/kserve/tree/master/docs/samples/gcp-iap for creating inference service and accessing such endpoint. diff --git a/kubeflow/apps/kfserving/deployment-patch.yaml b/kubeflow/apps/kfserving/deployment-patch.yaml deleted file mode 100644 index f957436a..00000000 --- a/kubeflow/apps/kfserving/deployment-patch.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kfserving-models-web-app - namespace: kfserving-system -spec: - template: - spec: - containers: - - name: kfserving-models-web-app - env: - - name: USERID_HEADER - value: null - valueFrom: - configMapKeyRef: - name: kubeflow-config - key: userid-header - - name: USERID_PREFIX - value: null - valueFrom: - configMapKeyRef: - name: kubeflow-config - key: userid-prefix diff --git a/kubeflow/apps/kfserving/kustomization.yaml b/kubeflow/apps/kfserving/kustomization.yaml deleted file mode 100644 index e35b3466..00000000 --- a/kubeflow/apps/kfserving/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: -- upstream/overlays/kubeflow -patchesStrategicMerge: -- deployment-patch.yaml diff --git a/kubeflow/config.yaml b/kubeflow/config.yaml index 9f156a76..d4e247f6 100644 --- a/kubeflow/config.yaml +++ b/kubeflow/config.yaml @@ -115,14 +115,9 @@ components: # dependencies: [ common/cert-manager ] - common/knative -# KFServing -# Migrated from KFServing to KServe since Kubeflow 1.5 -# Don't install both KFServing and KServe, it will cause problems using either one. -# If you want to use KFServing, also checkout the kubeflow/apps/centraldashboard/kustomization.yaml file for instruction. -# dependencies: [ common/knative ] -# - apps/kfserving - # KServe +# We deprecated KFServing in favor of KServe beginning Kubeflow 1.6 +# How to migrate: https://www.kubeflow.org/docs/external-add-ons/kserve/migration/ # dependencies: [ common/knative ] - contrib/kserve diff --git a/kubeflow/pull-upstream.sh b/kubeflow/pull-upstream.sh index 24578608..b37b55cc 100755 --- a/kubeflow/pull-upstream.sh +++ b/kubeflow/pull-upstream.sh @@ -63,13 +63,6 @@ fi mkdir -p apps/training-operator kpt pkg get "${KUBEFLOW_MANIFESTS_REPO}/apps/training-operator/upstream@${KUBEFLOW_MANIFESTS_VERSION}" apps/training-operator -if [ -d apps/kfserving/upstream ]; then - rm -rf apps/kfserving/upstream -fi -mkdir -p apps/kfserving -kpt pkg get "${KUBEFLOW_MANIFESTS_REPO}/apps/kfserving/upstream@${KUBEFLOW_MANIFESTS_VERSION}" apps/kfserving -rm apps/kfserving/upstream/Kptfile - if [ -d apps/katib/upstream ]; then rm -rf apps/katib/upstream fi From ee585c8df97015b0083a598cf0972acf33a42656 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Sun, 17 Jul 2022 09:15:28 +0000 Subject: [PATCH 03/22] Upgrade knative serving to v1.2.5, net-istio to 1.2 (#365) --- kubeflow/common/.krmignore | 1 + .../knative/knative-0-22-0/serving-core.yaml | 2864 -------- .../knative/knative-0-22-0/serving-crds.yaml | 673 -- .../net-istio.yaml | 421 +- .../knative/knative-1-2-5/serving-core.yaml | 5945 +++++++++++++++++ .../knative/knative-1-2-5/serving-crds.yaml | 3189 +++++++++ kubeflow/common/knative/kustomization.yaml | 4 +- 7 files changed, 9363 insertions(+), 3734 deletions(-) delete mode 100644 kubeflow/common/knative/knative-0-22-0/serving-core.yaml delete mode 100644 kubeflow/common/knative/knative-0-22-0/serving-crds.yaml rename kubeflow/common/knative/{knative-0-22-0 => knative-1-2-5}/net-istio.yaml (79%) create mode 100644 kubeflow/common/knative/knative-1-2-5/serving-core.yaml create mode 100644 kubeflow/common/knative/knative-1-2-5/serving-crds.yaml diff --git a/kubeflow/common/.krmignore b/kubeflow/common/.krmignore index 2a66a203..91777c07 100644 --- a/kubeflow/common/.krmignore +++ b/kubeflow/common/.krmignore @@ -6,3 +6,4 @@ iap-ingress/base/params.yaml istio/upstream/profile-overlay.yaml istio/upstream/profile.yaml user-namespace/upstream/base/params.yaml +knative/upstream/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml diff --git a/kubeflow/common/knative/knative-0-22-0/serving-core.yaml b/kubeflow/common/knative/knative-0-22-0/serving-core.yaml deleted file mode 100644 index aaf705d1..00000000 --- a/kubeflow/common/knative/knative-0-22-0/serving-core.yaml +++ /dev/null @@ -1,2864 +0,0 @@ -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-addressable-resolver - labels: - serving.knative.dev/release: "v0.22.0" - # Labeled to facilitate aggregated cluster roles that act on Addressables. - duck.knative.dev/addressable: "true" -# Do not use this role directly. These rules will be added to the "addressable-resolver" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - routes - - routes/status - - services - - services/status - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v0.22.0" -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v0.22.0" -rules: - - apiGroups: ["serving.knative.dev"] - resources: ["*"] - verbs: ["create", "update", "patch", "delete"] - - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-namespaced-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v0.22.0" -rules: - - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] - resources: ["*"] - verbs: ["get", "list", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-core - labels: - serving.knative.dev/release: "v0.22.0" - serving.knative.dev/controller: "true" -rules: - - apiGroups: [""] - resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: [""] - resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission - verbs: ["create"] - - apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] - resources: ["*", "*/status", "*/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] - - apiGroups: ["caching.internal.knative.dev"] - resources: ["images"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-podspecable-binding - labels: - serving.knative.dev/release: "v0.22.0" - # Labeled to facilitate aggregated cluster roles that act on PodSpecables. - duck.knative.dev/podspecable: "true" -# Do not use this role directly. These rules will be added to the "podspecable-binder" role. -rules: - - apiGroups: - - serving.knative.dev - resources: - - configurations - - services - verbs: - - list - - watch - - patch - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: knative-serving-admin - labels: - serving.knative.dev/release: "v0.22.0" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - serving.knative.dev/controller: "true" -rules: [] # Rules are automatically filled in by the controller manager. ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: knative-serving-controller-admin - labels: - serving.knative.dev/release: "v0.22.0" -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving -roleRef: - kind: ClusterRole - name: knative-serving-admin - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - shortNames: - - img - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: | - A template for the current desired application state. - Changes to `template` will cause a new Revision to be created as - defined in the lifecycle section. The contents of the Service's - RevisionTemplateSpec is used to create a corresponding Configuration. - traffic: - x-kubernetes-preserve-unknown-fields: true - type: array - description: | - Traffic specifies how to distribute traffic over a - collection of Revisions belonging to the Service. If traffic is - empty or not provided, defaults to 100% traffic to the latest - `Ready` Revision. The contents of the Service's TrafficTarget is - used to create a corresponding Route. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - revisionName: - type: string - description: | - A specific revision to which to send this portion - of traffic. - This is mutually exclusive with configurationName. - configurationName: - type: string - description: | - ConfigurationName of a configuration to whose latest revision we will send - this portion of traffic. When the "status.latestReadyRevisionName" of the - referenced configuration changes, we will automatically migrate traffic - from the prior "latest ready" revision to the new one. This field is never - set in Route's status, only its spec. - This is mutually exclusive with RevisionName. - latestRevision: - type: boolean - description: | - `latestRevision` may be optionally provided to indicate - that the latest ready Revision of the Configuration should be used - for this traffic target. When provided latestRevision MUST be true - if revisionName is empty, and it MUST be false when revisionName is non-empty. - tag: - type: string - description: | - Tag is optionally used to expose a dedicated URL for - referencing this target exclusively. The dedicated URL MUST include - in it the string provided by tag. - percent: - type: integer - description: | - The percentage of requests which should be allocated - from the main Route domain name to the specified `revisionName` or - `configurationName`. - All `percent` values in `traffic` MUST sum to 100. - minimum: 0 - maximum: 100 - status: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: caching.internal.knative.dev/v1alpha1 -kind: Image -metadata: - name: queue-proxy - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:6cd0c234bfbf88ac75df5243c2f9213dcc9def610414c506d418f9388187b771 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-autoscaler - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "604cb513" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # The Revision ContainerConcurrency field specifies the maximum number - # of requests the Container can handle at once. Container concurrency - # target percentage is how much of that maximum to use in a stable - # state. E.g. if a Revision specifies ContainerConcurrency of 10, then - # the Autoscaler will try to maintain 7 concurrent connections per pod - # on average. - # Note: this limit will be applied to container concurrency set at every - # level (ConfigMap, Revision Spec or Annotation). - # For legacy and backwards compatibility reasons, this value also accepts - # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). - # Thus minimal percentage value must be greater than 1.0, or it will be - # treated as a fraction. - # NOTE: that this value does not affect actual number of concurrent requests - # the user container may receive, but only the average number of requests - # that the revision pods will receive. - container-concurrency-target-percentage: "70" - - # The container concurrency target default is what the Autoscaler will - # try to maintain when concurrency is used as the scaling metric for the - # Revision and the Revision specifies unlimited concurrency. - # When revision explicitly specifies container concurrency, that value - # will be used as a scaling target for autoscaler. - # When specifying unlimited concurrency, the autoscaler will - # horizontally scale the application based on this target concurrency. - # This is what we call "soft limit" in the documentation, i.e. it only - # affects number of pods and does not affect the number of requests - # individual pod processes. - # The value must be a positive number such that the value multiplied - # by container-concurrency-target-percentage is greater than 0.01. - # NOTE: that this value will be adjusted by application of - # container-concurrency-target-percentage, i.e. by default - # the system will target on average 70 concurrent requests - # per revision pod. - # NOTE: Only one metric can be used for autoscaling a Revision. - container-concurrency-target-default: "100" - - # The requests per second (RPS) target default is what the Autoscaler will - # try to maintain when RPS is used as the scaling metric for a Revision and - # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, - # the autoscaler will horizontally scale the application based on this - # target RPS. - # Must be greater than 1.0. - # NOTE: Only one metric can be used for autoscaling a Revision. - requests-per-second-target-default: "200" - - # The target burst capacity specifies the size of burst in concurrent - # requests that the system operator expects the system will receive. - # Autoscaler will try to protect the system from queueing by introducing - # Activator in the request path if the current spare capacity of the - # service is less than this setting. - # If this setting is 0, then Activator will be in the request path only - # when the revision is scaled to 0. - # If this setting is > 0 and container-concurrency-target-percentage is - # 100% or 1.0, then activator will always be in the request path. - # -1 denotes unlimited target-burst-capacity and activator will always - # be in the request path. - # Other negative values are invalid. - target-burst-capacity: "200" - - # When operating in a stable mode, the autoscaler operates on the - # average concurrency over the stable window. - # Stable window must be in whole seconds. - stable-window: "60s" - - # When observed average concurrency during the panic window reaches - # panic-threshold-percentage the target concurrency, the autoscaler - # enters panic mode. When operating in panic mode, the autoscaler - # scales on the average concurrency over the panic window which is - # panic-window-percentage of the stable-window. - # Must be in the [1, 100] range. - # When computing the panic window it will be rounded to the closest - # whole second, at least 1s. - panic-window-percentage: "10.0" - - # The percentage of the container concurrency target at which to - # enter panic mode when reached within the panic window. - panic-threshold-percentage: "200.0" - - # Max scale up rate limits the rate at which the autoscaler will - # increase pod count. It is the maximum ratio of desired pods versus - # observed pods. - # Cannot be less or equal to 1. - # I.e with value of 2.0 the number of pods can at most go N to 2N - # over single Autoscaler period (2s), but at least N to - # N+1, if Autoscaler needs to scale up. - max-scale-up-rate: "1000.0" - - # Max scale down rate limits the rate at which the autoscaler will - # decrease pod count. It is the maximum ratio of observed pods versus - # desired pods. - # Cannot be less or equal to 1. - # I.e. with value of 2.0 the number of pods can at most go N to N/2 - # over single Autoscaler evaluation period (2s), but at - # least N to N-1, if Autoscaler needs to scale down. - max-scale-down-rate: "2.0" - - # Scale to zero feature flag. - enable-scale-to-zero: "true" - - # Scale to zero grace period is the time an inactive revision is left - # running before it is scaled to zero (must be positive, but recommended - # at least a few seconds if running with mesh networking). - # This is the upper limit and is provided not to enforce timeout after - # the revision stopped receiving requests for stable window, but to - # ensure network reprogramming to put activator in the path has completed. - # If the system determines that a shorter period is satisfactory, - # then the system will only wait that amount of time before scaling to 0. - # NOTE: this period might actually be 0, if activator has been - # in the request path sufficiently long. - # If there is necessity for the last pod to linger longer use - # scale-to-zero-pod-retention-period flag. - scale-to-zero-grace-period: "30s" - - # Scale to zero pod retention period defines the minimum amount - # of time the last pod will remain after Autoscaler has decided to - # scale to zero. - # This flag is for the situations where the pod startup is very expensive - # and the traffic is bursty (requiring smaller windows for fast action), - # but patchy. - # The larger of this flag and `scale-to-zero-grace-period` will effectively - # determine how the last pod will hang around. - scale-to-zero-pod-retention-period: "0s" - - # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, the Knative - # Horizontal Pod Autoscaler (KPA) is used by default. - pod-autoscaler-class: "kpa.autoscaling.knative.dev" - - # The capacity of a single activator task. - # The `unit` is one concurrent request proxied by the activator. - # activator-capacity must be at least 1. - # This value is used for computation of the Activator subset size. - # See the algorithm here: http://bit.ly/38XiCZ3. - # TODO(vagababov): tune after actual benchmarking. - activator-capacity: "100.0" - - # initial-scale is the cluster-wide default value for the initial target - # scale of a revision after creation, unless overridden by the - # "autoscaling.knative.dev/initialScale" annotation. - # This value must be greater than 0 unless allow-zero-initial-scale is true. - initial-scale: "1" - - # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, - # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. - allow-zero-initial-scale: "false" - - # max-scale is the cluster-wide default value for the max scale of a revision, - # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. - # If set to 0, the revision has no maximum scale. - max-scale: "0" - - # scale-down-delay is the amount of time that must pass at reduced - # concurrency before a scale down decision is applied. This can be useful, - # for example, to maintain replica count and avoid a cold start penalty if - # more requests come in within the scale down delay period. - # The default, 0s, imposes no delay at all. - scale-down-delay: "0s" - - # max-scale-limit sets the maximum permitted value for the max scale of a revision. - # When this is set to a positive value, a revision with a maxScale above that value - # (including a maxScale of "0" = unlimited) is disallowed. - # A value of zero (the default) allows any limit, including unlimited. - max-scale-limit: "0" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "cdabec96" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # revision-timeout-seconds contains the default number of - # seconds to use for the revision's per-request timeout, if - # none is specified. - revision-timeout-seconds: "300" # 5 minutes - - # max-revision-timeout-seconds contains the maximum number of - # seconds that can be used for revision-timeout-seconds. - # This value must be greater than or equal to revision-timeout-seconds. - # If omitted, the system default is used (600 seconds). - # - # If this value is increased, the activator's terminationGraceTimeSeconds - # should also be increased to prevent in-flight requests being disrupted. - max-revision-timeout-seconds: "600" # 10 minutes - - # revision-cpu-request contains the cpu allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-request. - # By default, it is not set by Knative. - revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) - - # revision-memory-request contains the memory allocation to assign - # to revisions by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-request. - # By default, it is not set by Knative. - revision-memory-request: "100M" # 100 megabytes of memory - - # revision-ephemeral-storage-request contains the ephemeral storage - # allocation to assign to revisions by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-request: "500M" # 500 megabytes of storage - - # revision-cpu-limit contains the cpu allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-cpu-limit. - # By default, it is not set by Knative. - revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) - - # revision-memory-limit contains the memory allocation to limit - # revisions to by default. If omitted, no value is specified - # and the system default is used. - # Below is an example of setting revision-memory-limit. - # By default, it is not set by Knative. - revision-memory-limit: "200M" # 200 megabytes of memory - - # revision-ephemeral-storage-limit contains the ephemeral storage - # allocation to limit revisions to by default. If omitted, no value is - # specified and the system default is used. - revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage - - # container-name-template contains a template for the default - # container name, if none is specified. This field supports - # Go templating and is supplied with the ObjectMeta of the - # enclosing Service or Configuration, so values such as - # {{.Name}} are also valid. - container-name-template: "user-container" - - # container-concurrency specifies the maximum number - # of requests the Container can handle at once, and requests - # above this threshold are queued. Setting a value of zero - # disables this throttling and lets through as many requests as - # the pod receives. - container-concurrency: "0" - - # The container concurrency max limit is an operator setting ensuring that - # the individual revisions cannot have arbitrary large concurrency - # values, or autoscaling targets. `container-concurrency` default setting - # must be at or below this value. - # - # Must be greater than 1. - # - # Note: even with this set, a user can choose a containerConcurrency - # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is - # set to "false". - container-concurrency-max-limit: "1000" - - # allow-container-concurrency-zero controls whether users can - # specify 0 (i.e. unbounded) for containerConcurrency. - allow-container-concurrency-zero: "true" - - # enable-service-links specifies the default value used for the - # enableServiceLinks field of the PodSpec, when it is omitted by the user. - # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service - # - # This is a tri-state flag with possible values of (true|false|default). - # - # In environments with large number of services it is suggested - # to set this value to `false`. - # See https://github.com/knative/serving/issues/8498. - enable-service-links: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-deployment - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "fa67b403" -data: - # This is the Go import path for the binary that is containerized - # and substituted here. - queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:6cd0c234bfbf88ac75df5243c2f9213dcc9def610414c506d418f9388187b771 - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # List of repositories for which tag to digest resolving should be skipped - registriesSkippingTagResolving: "kind.local,ko.local,dev.local" - - # digestResolutionTimeout is the maximum time allowed for an image's - # digests to be resolved. - digestResolutionTimeout: "10s" - - # ProgressDeadline is the duration we wait for the deployment to - # be ready before considering it failed. - progressDeadline: "600s" - - # queueSidecarCPURequest is the requests.cpu to set for the queue proxy sidecar container. - # If omitted, a default value (currently "25m"), is used. - queueSidecarCPURequest: "25m" - - # queueSidecarCPULimit is the limits.cpu to set for the queue proxy sidecar container. - # If omitted, no value is specified and the system default is used. - queueSidecarCPULimit: "1000m" - - # queueSidecarMemoryRequest is the requests.memory to set for the queue proxy container. - # If omitted, no value is specified and the system default is used. - queueSidecarMemoryRequest: "400Mi" - - # queueSidecarMemoryLimit is the limits.memory to set for the queue proxy container. - # If omitted, no value is specified and the system default is used. - queueSidecarMemoryLimit: "800Mi" - - # queueSidecarEphemeralStorageRequest is the requests.ephemeral-storage to - # set for the queue proxy sidecar container. - # If omitted, no value is specified and the system default is used. - queueSidecarEphemeralStorageRequest: "512Mi" - - # queueSidecarEphemeralStorageLimit is the limits.ephemeral-storage to set - # for the queue proxy sidecar container. - # If omitted, no value is specified and the system default is used. - queueSidecarEphemeralStorageLimit: "1024Mi" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-domain - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "74c3fc6a" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Default value for domain. - # Although it will match all routes, it is the least-specific rule so it - # will only be used if no other domain matches. - example.com: | - - # These are example settings of domain. - # example.org will be used for routes having app=nonprofit. - example.org: | - selector: - app: nonprofit - - # Routes having the cluster domain suffix (by default 'svc.cluster.local') - # will not be exposed through Ingress. You can define your own label - # selector to assign that domain suffix to your Route here, or you can set - # the label - # "serving.knative.dev/visibility=cluster-local" - # to achieve the same effect. This shows how to make routes having - # the label app=secret only exposed to the local cluster. - svc.cluster.local: | - selector: - app: secret - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-features - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "2cf73688" -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Indicates whether multi container support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#multi-containers - multi-container: "enabled" - - # Indicates whether Kubernetes affinity support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity - kubernetes.podspec-affinity: "disabled" - - # Indicates whether Kubernetes hostAliases support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases - kubernetes.podspec-hostaliases: "disabled" - - # Indicates whether Kubernetes nodeSelector support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector - kubernetes.podspec-nodeselector: "disabled" - - # Indicates whether Kubernetes tolerations support is enabled - # - # WARNING: Cannot safely be disabled once enabled - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration - kubernetes.podspec-tolerations: "disabled" - - # Indicates whether Kubernetes FieldRef support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref - kubernetes.podspec-fieldref: "disabled" - - # Indicates whether Kubernetes RuntimeClassName support is enabled - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class - kubernetes.podspec-runtimeclassname: "disabled" - - # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # in addition to expanding the allowable fields within a Container's SecurityContext. - # - # When set to "enabled" or "allowed" it allows the following - # PodSecurityContext properties: - # - FSGroup - # - RunAsGroup - # - RunAsNonRoot - # - SupplementalGroups - # - RunAsUser - # - # When set to "enabled" or "allowed" it allows the following - # Container SecurityContext properties: - # - RunAsNonRoot - # - RunAsGroup - # - RunAsUser (already allowed without this flag) - # - # This feature flag should be used with caution as the PodSecurityContext - # properties may have a side-effect on non-user sidecar containers that come - # from Knative or your service mesh - # - # WARNING: Cannot safely be disabled once enabled. - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context - kubernetes.podspec-securitycontext: "disabled" - - # This feature validates PodSpecs from the validating webhook - # against the K8s API Server. - # - # When "enabled", the server will always run the extra validation. - # When "allowed", the server will not run the dry-run validation by default. - # However, clients may enable the behavior on an individual Service by - # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". - # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run - kubernetes.podspec-dryrun: "allowed" - - # Indicates whether new responsive garbage collection is enabled. This - # feature labels revisions in real-time as they become referenced and - # dereferenced by Routes. This allows us to reap revisions shortly after - # they are no longer active. - # See: https://knative.dev/docs/serving/feature-flags/#responsive-revision-garbage-collector - responsive-revision-gc: "enabled" - - # Controls whether tag header based routing feature are enabled or not. - # 1. Enabled: enabling tag header based routing - # 2. Disabled: disabling tag header based routing - # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing - tag-header-based-routing: "disabled" - - # Controls whether http2 auto-detection should be enabled or not. - # 1. Enabled: http2 connection will be attempted via upgrade. - # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". - autodetect-http2: "disabled" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-gc - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "e6149382" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - - # --------------------------------------- - # Garbage Collector Settings - # --------------------------------------- - # - # Active - # * Revisions which are referenced by a Route are considered active. - # * Individual revisions may be marked with the annotation - # "knative.dev/no-gc":"true" to be permanently considered active. - # * Active revisions are not considered for GC. - # Retention - # * Revisions are retained if they are any of the following: - # 1. Active - # 2. Were created within "retain-since-create-time" - # 3. Were last referenced by a route within - # "retain-since-last-active-time" - # 4. There are fewer than "min-non-active-revisions" - # If none of these conditions are met, or if the count of revisions exceed - # "max-non-active-revisions", they will be deleted by GC. - # The special value "disabled" may be used to turn off these limits. - # - # Example config to immediately collect any inactive revision: - # min-non-active-revisions: "0" - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # - # Example config to always keep around the last ten non-active revisions: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "10" - # - # Example config to disable all GC: - # retain-since-create-time: "disabled" - # retain-since-last-active-time: "disabled" - # max-non-active-revisions: "disabled" - # - # Example config to keep recently deployed or active revisions, - # always maintain the last two in case of rollback, and prevent - # burst activity from exploding the count of old revisions: - # retain-since-create-time: "48h" - # retain-since-last-active-time: "15h" - # min-non-active-revisions: "2" - # max-non-active-revisions: "1000" - - # Duration since creation before considering a revision for GC or "disabled". - retain-since-create-time: "48h" - - # Duration since active before considering a revision for GC or "disabled". - retain-since-last-active-time: "15h" - - # Minimum number of non-active revisions to retain. - min-non-active-revisions: "20" - - # Maximum number of non-active revisions to retain - # or "disabled" to disable any maximum limit. - max-non-active-revisions: "1000" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "96896b00" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # leaseDuration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - leaseDuration: "15s" - - # renewDeadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renewDeadline: "10s" - - # retryPeriod is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retryPeriod: "2s" - - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "d9570453" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - - # Log level overrides - # For all components except the queue proxy, - # changes are picked up immediately. - # For queue proxy, changes require recreation of the pods. - loglevel.controller: "info" - loglevel.autoscaler: "info" - loglevel.queueproxy: "info" - loglevel.webhook: "info" - loglevel.activator: "info" - loglevel.hpaautoscaler: "info" - loglevel.certcontroller: "info" - loglevel.istiocontroller: "info" - loglevel.nscontroller: "info" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-network - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "15954d34" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # ingress.class specifies the default ingress class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Istio ingress. - # - # Note that changing the Ingress class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - ingress.class: "istio.ingress.networking.knative.dev" - - # certificate.class specifies the default Certificate class - # to use when not dictated by Route annotation. - # - # If not specified, will use the Cert-Manager Certificate. - # - # Note that changing the Certificate class of an existing Route - # will result in undefined behavior. Therefore it is best to only - # update this value during the setup of Knative, to avoid getting - # undefined behavior. - certificate.class: "cert-manager.certificate.networking.knative.dev" - - # domainTemplate specifies the golang text template string to use - # when constructing the Knative service's DNS name. The default - # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". - # - # Valid variables defined in the template include Name, Namespace, Domain, - # Labels, and Annotations. Name will be the result of the tagTemplate - # below, if a tag is specified for the route. - # - # Changing this value might be necessary when the extra levels in - # the domain name generated is problematic for wildcard certificates - # that only support a single level of domain name added to the - # certificate's domain. In those cases you might consider using a value - # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace - # entirely from the template. When choosing a new value be thoughtful - # of the potential for conflicts - for example, when users choose to use - # characters such as `-` in their service, or namespace, names. - # {{.Annotations}} or {{.Labels}} can be used for any customization in the - # go template if needed. - # We strongly recommend keeping namespace part of the template to avoid - # domain name clashes: - # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' - # and you have an annotation {"sub":"foo"}, then the generated template - # would be {Name}-{Namespace}.foo.{Domain} - domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}" - - # tagTemplate specifies the golang text template string to use - # when constructing the DNS name for "tags" within the traffic blocks - # of Routes and Configuration. This is used in conjunction with the - # domainTemplate above to determine the full URL for the tag. - tagTemplate: "{{.Tag}}-{{.Name}}" - - # Controls whether TLS certificates are automatically provisioned and - # installed in the Knative ingress to terminate external TLS connection. - # 1. Enabled: enabling auto-TLS feature. - # 2. Disabled: disabling auto-TLS feature. - autoTLS: "Disabled" - - # Controls the behavior of the HTTP endpoint for the Knative ingress. - # It requires autoTLS to be enabled. - # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Disabled: The Knative ingress will reject HTTP traffic. - # 3. Redirected: The Knative ingress will send a 302 redirect for all - # http connections, asking the clients to use HTTPS. - httpProtocol: "Enabled" - - # rolloutDuration contains the minimal duration in seconds over which the - # Configuration traffic targets are rolled out to the newest revision. - rolloutDuration: "0" - - # autocreateClusterDomainClaims controls whether ClusterDomainClaims should - # be automatically created (and deleted) as needed when DomainMappings are - # reconciled. - # - # If this is "false", the cluster administrator is responsible for creating - # ClusterDomainClaims and delegating them to namespaces via their - # spec.Namespace field. This is useful for multitenant environments - # which need to control which namespace can use a particular domain name in - # a domain mapping. - autocreateClusterDomainClaims: "true" - - # If true, networking plugins can add additional information to deployed - # applications to make their pods directly accessible via their IPs even if mesh is - # enabled and thus direct-addressability is usually not possible. - # Consumers like Knative Serving can use this setting to adjust their behavior - # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. - # - # NOTE: This flag is in an alpha state and is mostly here to enable internal testing - # for now. Use with caution. - enable-mesh-pod-addressability: "false" - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "97c1d10b" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # logging.enable-var-log-collection defaults to false. - # The fluentd daemon set will be set up to collect /var/log if - # this flag is true. - logging.enable-var-log-collection: "false" - - # logging.revision-url-template provides a template to use for producing the - # logging URL that is injected into the status of each Revision. - logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" - - # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe - # requests. - # NB: after 0.18 release logging.enable-request-log must be explicitly set to true - # in order for request logging to be enabled. - # - # The value determines the shape of the request logs and it must be a valid go text/template. - # It is important to keep this as a single line. Multiple lines are parsed as separate entities - # by most collection agents and will split the request logs into multiple records. - # - # The following fields and functions are available to the template: - # - # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) - # representing an HTTP request received by the server. - # - # Response: - # struct { - # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) - # Size int // An int representing the size of the response. - # Latency float64 // A float64 representing the latency of the response in seconds. - # } - # - # Revision: - # struct { - # Name string // Knative revision name - # Namespace string // Knative revision namespace - # Service string // Knative service name - # Configuration string // Knative configuration name - # PodName string // Name of the pod hosting the revision - # PodIP string // IP of the pod hosting the revision - # } - # - logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' - - # If true, the request logging will be enabled. - # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value - # will be ignored. - logging.enable-request-log: "false" - - # If true, this enables queue proxy writing request logs for probe requests to stdout. - # It uses the same template for user requests, i.e. logging.request-log-template. - logging.enable-probe-request-log: "false" - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_revision" resource type. Setting this - # flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from - # the pods via an HTTP server in the format expected by the pprof visualization tool. When - # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. - # The HTTP context root for profiling is then /debug/pprof/. - profiling.enable: "false" - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - annotations: - knative.dev/example-checksum: "4002b4c2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "stackdriver", the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # The GCP project into which stackdriver metrics will be written - # when backend is "stackdriver". If unspecified, the project-id - # is read from GCP metadata when running on GCP. - stackdriver-project-id: "my-project" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: activator - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - minReplicas: 1 - maxReplicas: 20 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: activator - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. -# Given the subsetting and that the activators are partially stateful systems, we want -# a slow rollout of the new versions and slow migration during node upgrades. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: activator-pdb - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - minAvailable: 80% - selector: - matchLabels: - app: activator - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: activator - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: activator - role: activator - serving.knative.dev/release: "v0.22.0" - spec: - serviceAccountName: controller - containers: - - name: activator - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:91e67a579378fa39d7c941e379db183464c3add3d53b4617f65d9cbc2f0c770a - # The numbers are based on performance test results from - # https://github.com/knative/serving/issues/1625#issuecomment-511930023 - resources: - requests: - cpu: 300m - memory: 60Mi - limits: - cpu: 1000m - memory: 600Mi - env: - # Run Activator with GC collection when newly generated memory is 500%. - - name: GOGC - value: "500" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - all - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: http1 - containerPort: 8012 - - name: h2c - containerPort: 8013 - readinessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - failureThreshold: 12 - livenessProbe: - httpGet: - port: 8012 - httpHeaders: - - name: k-kubelet-probe - value: "activator" - failureThreshold: 12 - initialDelaySeconds: 15 - # The activator (often) sits on the dataplane, and may proxy long (e.g. - # streaming, websockets) requests. We give a long grace period for the - # activator to "lame duck" and drain outstanding requests before we - # forcibly terminate the pod (and outstanding connections). This value - # should be at least as large as the upper bound on the Revision's - # timeoutSeconds property to avoid servicing events disrupting - # connections. - terminationGracePeriodSeconds: 600 ---- -apiVersion: v1 -kind: Service -metadata: - name: activator-service - namespace: knative-serving - labels: - app: activator - serving.knative.dev/release: "v0.22.0" -spec: - selector: - app: activator - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 80 - targetPort: 8012 - - name: http2 - port: 81 - targetPort: 8013 - type: ClusterIP - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: autoscaler - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - replicas: 1 - selector: - matchLabels: - app: autoscaler - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: autoscaler - serving.knative.dev/release: "v0.22.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: autoscaler - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: autoscaler - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:761dc36210e69ebef3a64ce72ad9f54f8172e4aed6b97e8a706e3128956ec54d - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - all - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: websocket - containerPort: 8080 - readinessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - livenessProbe: - httpGet: - port: 8080 - httpHeaders: - - name: k-kubelet-probe - value: "autoscaler" - failureThreshold: 6 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler - serving.knative.dev/release: "v0.22.0" - name: autoscaler - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: http - port: 8080 - targetPort: 8080 - selector: - app: autoscaler - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - selector: - matchLabels: - app: controller - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - labels: - app: controller - serving.knative.dev/release: "v0.22.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: controller - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: controller - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:d772809059033e437d6e98248a334ded37b6f430c2ca23377875cc2459a3b73e - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - all - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: controller - serving.knative.dev/release: "v0.22.0" - name: controller - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - selector: - app: controller - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: webhook - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - minReplicas: 1 - maxReplicas: 5 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: webhook - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - # Percentage of the requested CPU - averageUtilization: 100 ---- -# Webhook PDB. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: webhook-pdb - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - minAvailable: 80% - selector: - matchLabels: - app: webhook - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: webhook - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -spec: - selector: - matchLabels: - app: webhook - role: webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: webhook - role: webhook - serving.knative.dev/release: "v0.22.0" - spec: - # To avoid node becoming SPOF, spread our replicas to different nodes. - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app: webhook - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:268bd1383b56ba7b9acf391c681f7a63780c22dcd4555c2f4a7b61ec6da81cf4 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: WEBHOOK_NAME - value: webhook - - name: WEBHOOK_PORT - value: "8443" - # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config - - name: METRICS_DOMAIN - value: knative.dev/internal/serving - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - all - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - readinessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - livenessProbe: - periodSeconds: 1 - httpGet: - scheme: HTTPS - port: 8443 - httpHeaders: - - name: k-kubelet-probe - value: "webhook" - failureThreshold: 6 - initialDelaySeconds: 20 - # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently - # high value that we respect whatever value it has configured for the lame duck grace period. - terminationGracePeriodSeconds: 300 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: webhook - serving.knative.dev/release: "v0.22.0" - name: webhook - namespace: knative-serving -spec: - ports: - # Define metrics and profiling for them to be accessible within service meshes. - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - role: webhook - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.serving.knative.dev - namespaceSelector: - matchExpressions: - - key: serving.knative.dev/release - operator: Exists - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: webhook.serving.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" -webhooks: - - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: validation.webhook.serving.knative.dev - timeoutSeconds: 10 - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" -# The data is populated at install time. - ---- \ No newline at end of file diff --git a/kubeflow/common/knative/knative-0-22-0/serving-crds.yaml b/kubeflow/common/knative/knative-0-22-0/serving-crds.yaml deleted file mode 100644 index 64ec8d75..00000000 --- a/kubeflow/common/knative/knative-0-22-0/serving-crds.yaml +++ /dev/null @@ -1,673 +0,0 @@ -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - names: - kind: Certificate - plural: certificates - singular: certificate - categories: - - knative-internal - - networking - shortNames: - - kcert - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: configurations.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Configuration - plural: configurations - singular: configuration - categories: - - all - - knative - - serving - shortNames: - - config - - cfg - scope: Namespaced - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresses.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Ingress - plural: ingresses - singular: ingress - categories: - - knative-internal - - networking - shortNames: - - kingress - - king - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: metrics.autoscaling.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: podautoscalers.autoscaling.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: autoscaling.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: DesiredScale - type: integer - jsonPath: ".status.desiredScale" - - name: ActualScale - type: integer - jsonPath: ".status.actualScale" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: revisions.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: serving.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Config Name - type: string - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" - - name: K8s Service Name - type: string - jsonPath: ".status.serviceName" - - name: Generation - type: string # int in string form :( - jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: routes.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: serving.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: serverlessservices.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" -spec: - group: networking.internal.knative.dev - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Mode - type: string - jsonPath: ".spec.mode" - - name: Activators - type: integer - jsonPath: ".spec.numActivators" - - name: ServiceName - type: string - jsonPath: ".status.serviceName" - - name: PrivateServiceName - type: string - jsonPath: ".status.privateServiceName" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: ServerlessService - plural: serverlessservices - singular: serverlessservice - categories: - - knative-internal - - networking - shortNames: - - sks - scope: Namespaced - ---- -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: services.serving.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" - duck.knative.dev/podspecable: "true" -spec: - group: serving.knative.dev - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - template: - type: object - x-kubernetes-preserve-unknown-fields: true - description: | - A template for the current desired application state. - Changes to `template` will cause a new Revision to be created as - defined in the lifecycle section. The contents of the Service's - RevisionTemplateSpec is used to create a corresponding Configuration. - traffic: - x-kubernetes-preserve-unknown-fields: true - type: array - description: | - Traffic specifies how to distribute traffic over a - collection of Revisions belonging to the Service. If traffic is - empty or not provided, defaults to 100% traffic to the latest - `Ready` Revision. The contents of the Service's TrafficTarget is - used to create a corresponding Route. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - revisionName: - type: string - description: | - A specific revision to which to send this portion - of traffic. - This is mutually exclusive with configurationName. - configurationName: - type: string - description: | - ConfigurationName of a configuration to whose latest revision we will send - this portion of traffic. When the "status.latestReadyRevisionName" of the - referenced configuration changes, we will automatically migrate traffic - from the prior "latest ready" revision to the new one. This field is never - set in Route's status, only its spec. - This is mutually exclusive with RevisionName. - latestRevision: - type: boolean - description: | - `latestRevision` may be optionally provided to indicate - that the latest ready Revision of the Configuration should be used - for this traffic target. When provided latestRevision MUST be true - if revisionName is empty, and it MUST be false when revisionName is non-empty. - tag: - type: string - description: | - Tag is optionally used to expose a dedicated URL for - referencing this target exclusively. The dedicated URL MUST include - in it the string provided by tag. - percent: - type: integer - description: | - The percentage of requests which should be allocated - from the main Route domain name to the specified `revisionName` or - `configurationName`. - All `percent` values in `traffic` MUST sum to 100. - minimum: 0 - maximum: 100 - status: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - shortNames: - - img - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - # this is a work around so we don't need to flush out the - # schema for each version at this time - # - # see issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Image - type: string - jsonPath: .spec.image - ---- diff --git a/kubeflow/common/knative/knative-0-22-0/net-istio.yaml b/kubeflow/common/knative/knative-1-2-5/net-istio.yaml similarity index 79% rename from kubeflow/common/knative/knative-0-22-0/net-istio.yaml rename to kubeflow/common/knative/knative-1-2-5/net-istio.yaml index 60c3c375..f5ec89ed 100644 --- a/kubeflow/common/knative/knative-0-22-0/net-istio.yaml +++ b/kubeflow/common/knative/knative-1-2-5/net-istio.yaml @@ -1,4 +1,4 @@ -# Generated when HEAD was 153a3ca38ec6a468d14ff9eafaef61375e3e946b +# Generated when HEAD was dc8f82eb4cc1573fbaa6b7085b27dc77918d5233 # # Copyright 2019 The Knative Authors # @@ -13,21 +13,22 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: # These are the permissions needed by the Istio Ingress implementation. name: knative-serving-istio labels: - serving.knative.dev/release: "v0.22.0" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" serving.knative.dev/controller: "true" networking.knative.dev/ingress-provider: istio rules: - apiGroups: ["networking.istio.io"] resources: ["virtualservices", "gateways", "destinationrules"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - --- # Copyright 2019 The Knative Authors # @@ -42,7 +43,6 @@ rules: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - # This is the shared Gateway for all Knative routes to use. apiVersion: networking.istio.io/v1alpha3 kind: Gateway @@ -50,7 +50,10 @@ metadata: name: knative-ingress-gateway namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -62,7 +65,6 @@ spec: protocol: HTTP hosts: - "*" - --- # Copyright 2019 The Knative Authors # @@ -77,7 +79,6 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - # A cluster local gateway to allow pods outside of the mesh to access # Services and Routes not exposing through an ingress. If the users # do have a service mesh setup, this isn't required. @@ -87,7 +88,10 @@ metadata: name: knative-local-gateway namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -106,8 +110,12 @@ metadata: name: knative-local-gateway namespace: istio-system labels: - serving.knative.dev/release: "v0.22.0" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio + experimental.istio.io/disable-gateway-port-translation: "true" spec: type: ClusterIP selector: @@ -116,155 +124,6 @@ spec: - name: http2 port: 80 targetPort: 8081 - ---- -# Allows the Webhooks to be reached by kube-api with or without -# sidecar injection and with mTLS PERMISSIVE and STRICT. -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.0" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "domainmapping-webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.0" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: domainmapping-webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "istio-webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.0" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: istio-webhook - portLevelMtls: - "8443": - mode: PERMISSIVE - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.istio.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - networking.knative.dev/ingress-provider: istio -webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: istio-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - objectSelector: - matchExpressions: - - {key: "serving.knative.dev/configuration", operator: Exists} - name: webhook.istio.networking.internal.knative.dev - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.istio.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.0" - networking.knative.dev/ingress-provider: istio -webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: istio-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.istio.networking.internal.knative.dev - namespaceSelector: - matchExpressions: - - key: serving.knative.dev/release - operator: Exists - ---- -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: istio-webhook-certs - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.0" - networking.knative.dev/ingress-provider: istio - --- # Copyright 2018 The Knative Authors # @@ -279,14 +138,16 @@ metadata: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: v1 kind: ConfigMap metadata: name: config-istio namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio data: _example: | @@ -305,12 +166,10 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # Default Knative Gateway after v0.3. It points to the Istio - # standard istio-ingressgateway, instead of a custom one that we - # used pre-0.3. The configuration format should be `gateway. - # {{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}. - # {{ingress_namespace}}.svc.cluster.local"`. The {{gateway_namespace}} - # is optional; when it is omitted, the system will search for + # A gateway and Istio service to serve external traffic. + # The configuration format should be + # `gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local"`. + # The {{gateway_namespace}} is optional; when it is omitted, the system will search for # the gateway in the serving system namespace `knative-serving` gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" @@ -330,15 +189,77 @@ data: # `knative-serving` local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local" + # DEPRECATED: local-gateway.mesh is deprecated. + # See: https://github.com/knative/serving/issues/11523 + # # To use only Istio service mesh and no knative-local-gateway, replace # all local-gateway.* entries by the following entry. local-gateway.mesh: "mesh" # If true, knative will use the Istio VirtualService's status to determine # endpoint readiness. Otherwise, probe as usual. + # NOTE: This feature is currently experimental and should not be used in production. enable-virtualservice-status: "false" # TODO(nghia): Extract the .svc.cluster.local suffix into its own config. - +--- +# Allows the Webhooks to be reached by kube-api with or without +# sidecar injection and with mTLS PERMISSIVE and STRICT. +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: webhook + portLevelMtls: + "8443": + mode: PERMISSIVE +--- +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "domainmapping-webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: domainmapping-webhook + portLevelMtls: + "8443": + mode: PERMISSIVE +--- +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "net-istio-webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: net-istio-webhook + portLevelMtls: + "8443": + mode: PERMISSIVE --- # Copyright 2019 The Knative Authors # @@ -353,19 +274,21 @@ data: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: apps/v1 kind: Deployment metadata: - name: networking-istio + name: net-istio-controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: selector: matchLabels: - app: networking-istio + app: net-istio-controller template: metadata: annotations: @@ -375,15 +298,18 @@ spec: # this is the Istio controller, and so it may be Istio-aware. sidecar.istio.io/inject: "false" labels: - app: networking-istio - serving.knative.dev/release: "v0.22.0" + app: net-istio-controller + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" spec: serviceAccountName: controller containers: - - name: networking-istio + - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:17ee40a68cda50772375dcc4230efa99e7f8666a050ad2ffcd0338ff31c1bfaa + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:f253b82941c2220181cee80d7488fe1cefce9d49ab30bdb54bcb8c76515f7a26 resources: requests: cpu: 30m @@ -418,7 +344,6 @@ spec: # Unlike other controllers, this doesn't need a Service defined for metrics and # profiling because it opts out of the mesh (see annotation above). - --- # Copyright 2020 The Knative Authors # @@ -433,35 +358,40 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: apps/v1 kind: Deployment metadata: - name: istio-webhook + name: net-istio-webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.0" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: selector: matchLabels: - app: istio-webhook - role: istio-webhook + app: net-istio-webhook + role: net-istio-webhook template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: - app: istio-webhook - role: istio-webhook - serving.knative.dev/release: "v0.22.0" + app: net-istio-webhook + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" spec: serviceAccountName: controller containers: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:1da4b47f1778005b3cf07d384cac27c8c688628b9e7e631f15dd6ac3456c3039 + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:a705c1ea8e9e556f860314fe055082fbe3cde6a924c29291955f98d979f8185e resources: requests: cpu: 20m @@ -482,7 +412,7 @@ spec: - name: METRICS_DOMAIN value: knative.dev/net-istio - name: WEBHOOK_NAME - value: istio-webhook + value: net-istio-webhook securityContext: allowPrivilegeEscalation: false ports: @@ -492,7 +422,6 @@ spec: containerPort: 8008 - name: https-webhook containerPort: 8443 - --- # Copyright 2020 The Knative Authors # @@ -507,15 +436,42 @@ spec: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +apiVersion: v1 +kind: Secret +metadata: + name: net-istio-webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: v1 kind: Service metadata: - name: istio-webhook + name: net-istio-webhook namespace: knative-serving labels: - role: istio-webhook - serving.knative.dev/release: "v0.22.0" + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: ports: @@ -530,6 +486,81 @@ spec: port: 443 targetPort: 8443 selector: - app: istio-webhook - ---- \ No newline at end of file + app: net-istio-webhook +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + objectSelector: + matchExpressions: + - {key: "serving.knative.dev/configuration", operator: Exists} + name: webhook.istio.networking.internal.knative.dev +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.istio.networking.internal.knative.dev + namespaceSelector: + matchExpressions: + - key: serving.knative.dev/release + operator: Exists diff --git a/kubeflow/common/knative/knative-1-2-5/serving-core.yaml b/kubeflow/common/knative/knative-1-2-5/serving-core.yaml new file mode 100644 index 00000000..8e0e7ee5 --- /dev/null +++ b/kubeflow/common/knative/knative-1-2-5/serving-core.yaml @@ -0,0 +1,5945 @@ +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Namespace +metadata: + name: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# Use this aggregated ClusterRole when you need readonly access to "Addressables" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + # Named like this to avoid clashing with eventing's existing `addressable-resolver` role + # (which should be identical, but isn't guaranteed to be installed alongside serving). + name: knative-serving-aggregated-addressable-resolver + labels: + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/addressable: "true" +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-addressable-resolver + labels: + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + # Labeled to facilitate aggregated cluster roles that act on Addressables. + duck.knative.dev/addressable: "true" +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - serving.knative.dev + resources: + - routes + - routes/status + - services + - services/status + verbs: + - get + - list + - watch +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev"] + resources: ["*"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-namespaced-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] + resources: ["*"] + verbs: ["get", "list", "watch"] +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-core + labels: + serving.knative.dev/controller: "true" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving +rules: + - apiGroups: [""] + resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: [""] + resources: ["endpoints/restricted"] # Permission for RestrictedEndpointsAdmission + verbs: ["create"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] # finalizers are needed for the owner reference of the webhook + verbs: ["update"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] # finalizers are needed for the owner reference of the webhook + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["autoscaling"] + resources: ["horizontalpodautoscalers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["serving.knative.dev", "autoscaling.internal.knative.dev", "networking.internal.knative.dev"] + resources: ["*", "*/status", "*/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "deletecollection", "patch", "watch"] + - apiGroups: ["caching.internal.knative.dev"] + resources: ["images"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-podspecable-binding + labels: + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + # Labeled to facilitate aggregated cluster roles that act on PodSpecables. + duck.knative.dev/podspecable: "true" +# Do not use this role directly. These rules will be added to the "podspecable-binder" role. +rules: + - apiGroups: + - serving.knative.dev + resources: + - configurations + - services + verbs: + - list + - watch + - patch +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller + namespace: knative-serving + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-serving-admin + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +aggregationRule: + clusterRoleSelectors: + - matchLabels: + serving.knative.dev/controller: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-admin + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-addressable-resolver + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-aggregated-addressable-resolver + apiGroup: rbac.authorization.k8s.io +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + shortNames: + - img + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: certificates.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Certificate + plural: certificates + singular: certificate + categories: + - knative-internal + - networking + shortNames: + - kcert + scope: Namespaced +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: configurations.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + required: + - ref + properties: + ref: + description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + type: object + required: + - kind + - name + properties: + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + required: + - ref + properties: + ref: + description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + type: object + required: + - kind + - name + properties: + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ingresses.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: Ingress + plural: ingresses + singular: ingress + categories: + - knative-internal + - networking + shortNames: + - kingress + - king + scope: Namespaced +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metrics.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: podautoscalers.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: DesiredScale + type: integer + jsonPath: ".status.desiredScale" + - name: ActualScale + type: integer + jsonPath: ".status.actualScale" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/10KWynvAJYuOEWy69VBa6bHJVCqIsz1TNdEKosNvcpPY/edit' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + serviceName: + description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. + type: string +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: revisions.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Config Name + type: string + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" + - name: K8s Service Name + type: string + jsonPath: ".status.serviceName" + - name: Generation + type: string # int in string form :( + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: routes.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" +spec: + group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + traffic: + description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serverlessservices.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Mode + type: string + jsonPath: ".spec.mode" + - name: Activators + type: integer + jsonPath: ".spec.numActivators" + - name: ServiceName + type: string + jsonPath: ".status.serviceName" + - name: PrivateServiceName + type: string + jsonPath: ".status.privateServiceName" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: ServerlessService + plural: serverlessservices + singular: serverlessservice + categories: + - knative-internal + - networking + shortNames: + - sks + scope: Namespaced +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: services.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + traffic: + description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: ServiceStatus represents the Status stanza of the Service resource. + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + traffic: + description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: caching.internal.knative.dev/v1alpha1 +kind: Image +metadata: + name: queue-proxy + namespace: knative-serving + labels: + app.kubernetes.io/component: queue-proxy + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:14415b204ea8d0567235143a6c3377f49cbd35f18dc84dfa4baa7695c2a9b53d +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-autoscaler + namespace: knative-serving + labels: + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "16af78ce" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # The Revision ContainerConcurrency field specifies the maximum number + # of requests the Container can handle at once. Container concurrency + # target percentage is how much of that maximum to use in a stable + # state. E.g. if a Revision specifies ContainerConcurrency of 10, then + # the Autoscaler will try to maintain 7 concurrent connections per pod + # on average. + # Note: this limit will be applied to container concurrency set at every + # level (ConfigMap, Revision Spec or Annotation). + # For legacy and backwards compatibility reasons, this value also accepts + # fractional values in (0, 1] interval (i.e. 0.7 ⇒ 70%). + # Thus minimal percentage value must be greater than 1.0, or it will be + # treated as a fraction. + # NOTE: that this value does not affect actual number of concurrent requests + # the user container may receive, but only the average number of requests + # that the revision pods will receive. + container-concurrency-target-percentage: "70" + + # The container concurrency target default is what the Autoscaler will + # try to maintain when concurrency is used as the scaling metric for the + # Revision and the Revision specifies unlimited concurrency. + # When revision explicitly specifies container concurrency, that value + # will be used as a scaling target for autoscaler. + # When specifying unlimited concurrency, the autoscaler will + # horizontally scale the application based on this target concurrency. + # This is what we call "soft limit" in the documentation, i.e. it only + # affects number of pods and does not affect the number of requests + # individual pod processes. + # The value must be a positive number such that the value multiplied + # by container-concurrency-target-percentage is greater than 0.01. + # NOTE: that this value will be adjusted by application of + # container-concurrency-target-percentage, i.e. by default + # the system will target on average 70 concurrent requests + # per revision pod. + # NOTE: Only one metric can be used for autoscaling a Revision. + container-concurrency-target-default: "100" + + # The requests per second (RPS) target default is what the Autoscaler will + # try to maintain when RPS is used as the scaling metric for a Revision and + # the Revision specifies unlimited RPS. Even when specifying unlimited RPS, + # the autoscaler will horizontally scale the application based on this + # target RPS. + # Must be greater than 1.0. + # NOTE: Only one metric can be used for autoscaling a Revision. + requests-per-second-target-default: "200" + + # The target burst capacity specifies the size of burst in concurrent + # requests that the system operator expects the system will receive. + # Autoscaler will try to protect the system from queueing by introducing + # Activator in the request path if the current spare capacity of the + # service is less than this setting. + # If this setting is 0, then Activator will be in the request path only + # when the revision is scaled to 0. + # If this setting is > 0 and container-concurrency-target-percentage is + # 100% or 1.0, then activator will always be in the request path. + # -1 denotes unlimited target-burst-capacity and activator will always + # be in the request path. + # Other negative values are invalid. + target-burst-capacity: "200" + + # When operating in a stable mode, the autoscaler operates on the + # average concurrency over the stable window. + # Stable window must be in whole seconds. + stable-window: "60s" + + # When observed average concurrency during the panic window reaches + # panic-threshold-percentage the target concurrency, the autoscaler + # enters panic mode. When operating in panic mode, the autoscaler + # scales on the average concurrency over the panic window which is + # panic-window-percentage of the stable-window. + # Must be in the [1, 100] range. + # When computing the panic window it will be rounded to the closest + # whole second, at least 1s. + panic-window-percentage: "10.0" + + # The percentage of the container concurrency target at which to + # enter panic mode when reached within the panic window. + panic-threshold-percentage: "200.0" + + # Max scale up rate limits the rate at which the autoscaler will + # increase pod count. It is the maximum ratio of desired pods versus + # observed pods. + # Cannot be less or equal to 1. + # I.e with value of 2.0 the number of pods can at most go N to 2N + # over single Autoscaler period (2s), but at least N to + # N+1, if Autoscaler needs to scale up. + max-scale-up-rate: "1000.0" + + # Max scale down rate limits the rate at which the autoscaler will + # decrease pod count. It is the maximum ratio of observed pods versus + # desired pods. + # Cannot be less or equal to 1. + # I.e. with value of 2.0 the number of pods can at most go N to N/2 + # over single Autoscaler evaluation period (2s), but at + # least N to N-1, if Autoscaler needs to scale down. + max-scale-down-rate: "2.0" + + # Scale to zero feature flag. + enable-scale-to-zero: "true" + + # Scale to zero grace period is the time an inactive revision is left + # running before it is scaled to zero (must be positive, but recommended + # at least a few seconds if running with mesh networking). + # This is the upper limit and is provided not to enforce timeout after + # the revision stopped receiving requests for stable window, but to + # ensure network reprogramming to put activator in the path has completed. + # If the system determines that a shorter period is satisfactory, + # then the system will only wait that amount of time before scaling to 0. + # NOTE: this period might actually be 0, if activator has been + # in the request path sufficiently long. + # If there is necessity for the last pod to linger longer use + # scale-to-zero-pod-retention-period flag. + scale-to-zero-grace-period: "30s" + + # Scale to zero pod retention period defines the minimum amount + # of time the last pod will remain after Autoscaler has decided to + # scale to zero. + # This flag is for the situations where the pod startup is very expensive + # and the traffic is bursty (requiring smaller windows for fast action), + # but patchy. + # The larger of this flag and `scale-to-zero-grace-period` will effectively + # determine how the last pod will hang around. + scale-to-zero-pod-retention-period: "0s" + + # pod-autoscaler-class specifies the default pod autoscaler class + # that should be used if none is specified. If omitted, + # the Knative Pod Autoscaler (KPA) is used by default. + pod-autoscaler-class: "kpa.autoscaling.knative.dev" + + # The capacity of a single activator task. + # The `unit` is one concurrent request proxied by the activator. + # activator-capacity must be at least 1. + # This value is used for computation of the Activator subset size. + # See the algorithm here: http://bit.ly/38XiCZ3. + # TODO(vagababov): tune after actual benchmarking. + activator-capacity: "100.0" + + # initial-scale is the cluster-wide default value for the initial target + # scale of a revision after creation, unless overridden by the + # "autoscaling.knative.dev/initialScale" annotation. + # This value must be greater than 0 unless allow-zero-initial-scale is true. + initial-scale: "1" + + # allow-zero-initial-scale controls whether either the cluster-wide initial-scale flag, + # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. + allow-zero-initial-scale: "false" + + # min-scale is the cluster-wide default value for the min scale of a revision, + # unless overridden by the "autoscaling.knative.dev/minScale" annotation. + min-scale: "0" + + # max-scale is the cluster-wide default value for the max scale of a revision, + # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. + # If set to 0, the revision has no maximum scale. + max-scale: "0" + + # scale-down-delay is the amount of time that must pass at reduced + # concurrency before a scale down decision is applied. This can be useful, + # for example, to maintain replica count and avoid a cold start penalty if + # more requests come in within the scale down delay period. + # The default, 0s, imposes no delay at all. + scale-down-delay: "0s" + + # max-scale-limit sets the maximum permitted value for the max scale of a revision. + # When this is set to a positive value, a revision with a maxScale above that value + # (including a maxScale of "0" = unlimited) is disallowed. + # A value of zero (the default) allows any limit, including unlimited. + max-scale-limit: "0" +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "a0feb4c6" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # revision-timeout-seconds contains the default number of + # seconds to use for the revision's per-request timeout, if + # none is specified. + revision-timeout-seconds: "300" # 5 minutes + + # max-revision-timeout-seconds contains the maximum number of + # seconds that can be used for revision-timeout-seconds. + # This value must be greater than or equal to revision-timeout-seconds. + # If omitted, the system default is used (600 seconds). + # + # If this value is increased, the activator's terminationGraceTimeSeconds + # should also be increased to prevent in-flight requests being disrupted. + max-revision-timeout-seconds: "600" # 10 minutes + + # revision-cpu-request contains the cpu allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-cpu-request. + # By default, it is not set by Knative. + revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) + + # revision-memory-request contains the memory allocation to assign + # to revisions by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-memory-request. + # By default, it is not set by Knative. + revision-memory-request: "100M" # 100 megabytes of memory + + # revision-ephemeral-storage-request contains the ephemeral storage + # allocation to assign to revisions by default. If omitted, no value is + # specified and the system default is used. + revision-ephemeral-storage-request: "500M" # 500 megabytes of storage + + # revision-cpu-limit contains the cpu allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-cpu-limit. + # By default, it is not set by Knative. + revision-cpu-limit: "1000m" # 1 CPU (aka 1000 milli-CPU) + + # revision-memory-limit contains the memory allocation to limit + # revisions to by default. If omitted, no value is specified + # and the system default is used. + # Below is an example of setting revision-memory-limit. + # By default, it is not set by Knative. + revision-memory-limit: "200M" # 200 megabytes of memory + + # revision-ephemeral-storage-limit contains the ephemeral storage + # allocation to limit revisions to by default. If omitted, no value is + # specified and the system default is used. + revision-ephemeral-storage-limit: "750M" # 750 megabytes of storage + + # container-name-template contains a template for the default + # container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + container-name-template: "user-container" + + # init-container-name-template contains a template for the default + # init container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + init-container-name-template: "init-container" + + # container-concurrency specifies the maximum number + # of requests the Container can handle at once, and requests + # above this threshold are queued. Setting a value of zero + # disables this throttling and lets through as many requests as + # the pod receives. + container-concurrency: "0" + + # The container concurrency max limit is an operator setting ensuring that + # the individual revisions cannot have arbitrary large concurrency + # values, or autoscaling targets. `container-concurrency` default setting + # must be at or below this value. + # + # Must be greater than 1. + # + # Note: even with this set, a user can choose a containerConcurrency + # of 0 (i.e. unbounded) unless allow-container-concurrency-zero is + # set to "false". + container-concurrency-max-limit: "1000" + + # allow-container-concurrency-zero controls whether users can + # specify 0 (i.e. unbounded) for containerConcurrency. + allow-container-concurrency-zero: "true" + + # enable-service-links specifies the default value used for the + # enableServiceLinks field of the PodSpec, when it is omitted by the user. + # See: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service + # + # This is a tri-state flag with possible values of (true|false|default). + # + # In environments with large number of services it is suggested + # to set this value to `false`. + # See https://github.com/knative/serving/issues/8498. + enable-service-links: "false" +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-deployment + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "dd7ee769" +data: + # This is the Go import path for the binary that is containerized + # and substituted here. + # TODO: switch to 'queue-sidecar-image' after 0.27 + queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:14415b204ea8d0567235143a6c3377f49cbd35f18dc84dfa4baa7695c2a9b53d + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # List of repositories for which tag to digest resolving should be skipped + registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" + + # Maximum time allowed for an image's digests to be resolved. + digest-resolution-timeout: "10s" + + # Duration we wait for the deployment to be ready before considering it failed. + progress-deadline: "600s" + + # Sets the queue proxy's CPU request. + # If omitted, a default value (currently "25m"), is used. + queue-sidecar-cpu-request: "25m" + + # Sets the queue proxy's CPU limit. + # If omitted, no value is specified and the system default is used. + queue-sidecar-cpu-limit: "1000m" + + # Sets the queue proxy's memory request. + # If omitted, no value is specified and the system default is used. + queue-sidecar-memory-request: "400Mi" + + # Sets the queue proxy's memory limit. + # If omitted, no value is specified and the system default is used. + queue-sidecar-memory-limit: "800Mi" + + # Sets the queue proxy's ephemeral storage request. + # If omitted, no value is specified and the system default is used. + queue-sidecar-ephemeral-storage-request: "512Mi" + + # Sets the queue proxy's ephemeral storage limit. + # If omitted, no value is specified and the system default is used. + queue-sidecar-ephemeral-storage-limit: "1024Mi" + + # The freezer service endpoint that queue-proxy calls when its traffic drops to zero or + # scales up from zero. + # + # Freezer service is available at: https://github.com/knative-sandbox/container-freezer + # or users may write their own service. + # + # The value will need to include both the host and the port that will be accessed. + # For the host, $HOST_IP can be passed, and the appropriate host IP value will be swapped + # in at runtime, which will enable the freezer daemonset to be reachable via the node IP. + # + # As an example: + # concurrency-state-endpoint: "http://$HOST_IP:9696" + # + # If not set, queue proxy takes no action (this is the default behavior). + # + # When enabled, a serviceAccountToken will be mounted to queue-proxy using + # a projected volume. This requires the Service Account Token Volume Projection feature + # to be enabled. For details, see this link: + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection + # + # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE + concurrency-state-endpoint: "" +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-domain + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "81552d0b" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Default value for domain. + # Although it will match all routes, it is the least-specific rule so it + # will only be used if no other domain matches. + example.com: | + + # These are example settings of domain. + # example.org will be used for routes having app=nonprofit. + example.org: | + selector: + app: nonprofit + + # Routes having the cluster domain suffix (by default 'svc.cluster.local') + # will not be exposed through Ingress. You can define your own label + # selector to assign that domain suffix to your Route here, or you can set + # the label + # "networking.knative.dev/visibility=cluster-local" + # to achieve the same effect. This shows how to make routes having + # the label app=secret only exposed to the local cluster. + svc.cluster.local: | + selector: + app: secret +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-features + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "d9e300ba" +data: + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Indicates whether multi container support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#multi-containers + multi-container: "enabled" + + # Indicates whether Kubernetes affinity support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-affinity + kubernetes.podspec-affinity: "disabled" + + # Indicates whether Kubernetes hostAliases support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-host-aliases + kubernetes.podspec-hostaliases: "disabled" + + # Indicates whether Kubernetes nodeSelector support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector + kubernetes.podspec-nodeselector: "disabled" + + # Indicates whether Kubernetes tolerations support is enabled + # + # WARNING: Cannot safely be disabled once enabled + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-toleration + kubernetes.podspec-tolerations: "disabled" + + # Indicates whether Kubernetes FieldRef support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-fieldref + kubernetes.podspec-fieldref: "disabled" + + # Indicates whether Kubernetes RuntimeClassName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-runtime-class + kubernetes.podspec-runtimeclassname: "disabled" + + # This feature allows end-users to set a subset of fields on the Pod's SecurityContext + # + # When set to "enabled" or "allowed" it allows the following + # PodSecurityContext properties: + # - FSGroup + # - RunAsGroup + # - RunAsNonRoot + # - SupplementalGroups + # - RunAsUser + # + # This feature flag should be used with caution as the PodSecurityContext + # properties may have a side-effect on non-user sidecar containers that come + # from Knative or your service mesh + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context + kubernetes.podspec-securitycontext: "disabled" + + # Indicates whether Kubernetes PriorityClassName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name + kubernetes.podspec-priorityclassname: "disabled" + + # Indicates whether Kubernetes SchedulerName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name + kubernetes.podspec-schedulername: "disabled" + + # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. + # + # When set to "enabled" or "allowed" it allows capabilities to be added to the container. + # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html + kubernetes.containerspec-addcapabilities: "disabled" + + # This feature validates PodSpecs from the validating webhook + # against the K8s API Server. + # + # When "enabled", the server will always run the extra validation. + # When "allowed", the server will not run the dry-run validation by default. + # However, clients may enable the behavior on an individual Service by + # attaching the following metadata annotation: "features.knative.dev/podspec-dryrun":"enabled". + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run + kubernetes.podspec-dryrun: "allowed" + + # Controls whether tag header based routing feature are enabled or not. + # 1. Enabled: enabling tag header based routing + # 2. Disabled: disabling tag header based routing + # See: https://knative.dev/docs/serving/feature-flags/#tag-header-based-routing + tag-header-based-routing: "disabled" + + # Controls whether http2 auto-detection should be enabled or not. + # 1. Enabled: http2 connection will be attempted via upgrade. + # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". + autodetect-http2: "disabled" + + # Controls whether volume support for EmptyDir is enabled or not. + # 1. Enabled: enabling EmptyDir volume support + # 2. Disabled: disabling EmptyDir volume support + kubernetes.podspec-volumes-emptydir: "disabled" + + # Controls whether init containers support is enabled or not. + # 1. Enabled: enabling init containers support + # 2. Disabled: disabling init containers support + kubernetes.podspec-init-containers: "disabled" + + # Controls whether persistent volume claim support is enabled or not. + # 1. Enabled: enabling persistent volume claim support + # 2. Disabled: disabling persistent volume claim support + kubernetes.podspec-persistent-volume-claim: "disabled" + + # Controls whether write access for persistent volumes is enabled or not. + # 1. Enabled: enabling write access for persistent volumes + # 2. Disabled: disabling write access for persistent volumes + kubernetes.podspec-persistent-volume-write: "disabled" +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-gc + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "51b4d68a" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + + # --------------------------------------- + # Garbage Collector Settings + # --------------------------------------- + # + # Active + # * Revisions which are referenced by a Route are considered active. + # * Individual revisions may be marked with the annotation + # "serving.knative.dev/no-gc":"true" to be permanently considered active. + # * Active revisions are not considered for GC. + # Retention + # * Revisions are retained if they are any of the following: + # 1. Active + # 2. Were created within "retain-since-create-time" + # 3. Were last referenced by a route within + # "retain-since-last-active-time" + # 4. There are fewer than "min-non-active-revisions" + # If none of these conditions are met, or if the count of revisions exceed + # "max-non-active-revisions", they will be deleted by GC. + # The special value "disabled" may be used to turn off these limits. + # + # Example config to immediately collect any inactive revision: + # min-non-active-revisions: "0" + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # + # Example config to always keep around the last ten non-active revisions: + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # max-non-active-revisions: "10" + # + # Example config to disable all GC: + # retain-since-create-time: "disabled" + # retain-since-last-active-time: "disabled" + # max-non-active-revisions: "disabled" + # + # Example config to keep recently deployed or active revisions, + # always maintain the last two in case of rollback, and prevent + # burst activity from exploding the count of old revisions: + # retain-since-create-time: "48h" + # retain-since-last-active-time: "15h" + # min-non-active-revisions: "2" + # max-non-active-revisions: "1000" + + # Duration since creation before considering a revision for GC or "disabled". + retain-since-create-time: "48h" + + # Duration since active before considering a revision for GC or "disabled". + retain-since-last-active-time: "15h" + + # Minimum number of non-active revisions to retain. + min-non-active-revisions: "20" + + # Maximum number of non-active revisions to retain + # or "disabled" to disable any maximum limit. + max-non-active-revisions: "1000" +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "f4b71f57" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: knative-serving + labels: + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + annotations: + knative.dev/example-checksum: "be93ff10" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # Common configuration for all Knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + + # Log level overrides + # For all components except the queue proxy, + # changes are picked up immediately. + # For queue proxy, changes require recreation of the pods. + loglevel.controller: "info" + loglevel.autoscaler: "info" + loglevel.queueproxy: "info" + loglevel.webhook: "info" + loglevel.activator: "info" + loglevel.hpaautoscaler: "info" + loglevel.net-certmanager-controller: "info" + loglevel.net-istio-controller: "info" +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-network + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "6e2033e0" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # ingress-class specifies the default ingress class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Istio ingress. + # + # Note that changing the Ingress class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + ingress-class: "istio.ingress.networking.knative.dev" + + # certificate-class specifies the default Certificate class + # to use when not dictated by Route annotation. + # + # If not specified, will use the Cert-Manager Certificate. + # + # Note that changing the Certificate class of an existing Route + # will result in undefined behavior. Therefore it is best to only + # update this value during the setup of Knative, to avoid getting + # undefined behavior. + certificate-class: "cert-manager.certificate.networking.knative.dev" + + # namespace-wildcard-cert-selector specifies a LabelSelector which + # determines which namespaces should have a wildcard certificate + # provisioned. + # + # Use an empty value to disable the feature (this is the default): + # namespace-wildcard-cert-selector: "" + # + # Use an empty object to enable for all namespaces + # namespace-wildcard-cert-selector: {} + # + # Useful labels include the "kubernetes.io/metadata.name" label to + # avoid provisioning a certifcate for the "kube-system" namespaces. + # Use the following selector to match pre-1.0 behavior of using + # "networking.knative.dev/disableWildcardCert" to exclude namespaces: + # + # matchExpressions: + # - key: "networking.knative.dev/disableWildcardCert" + # operator: "NotIn" + # values: ["true"] + namespace-wildcard-cert-selector: "" + + # domain-template specifies the golang text template string to use + # when constructing the Knative service's DNS name. The default + # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". + # + # Valid variables defined in the template include Name, Namespace, Domain, + # Labels, and Annotations. Name will be the result of the tagTemplate + # below, if a tag is specified for the route. + # + # Changing this value might be necessary when the extra levels in + # the domain name generated is problematic for wildcard certificates + # that only support a single level of domain name added to the + # certificate's domain. In those cases you might consider using a value + # of "{{.Name}}-{{.Namespace}}.{{.Domain}}", or removing the Namespace + # entirely from the template. When choosing a new value be thoughtful + # of the potential for conflicts - for example, when users choose to use + # characters such as `-` in their service, or namespace, names. + # {{.Annotations}} or {{.Labels}} can be used for any customization in the + # go template if needed. + # We strongly recommend keeping namespace part of the template to avoid + # domain name clashes: + # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' + # and you have an annotation {"sub":"foo"}, then the generated template + # would be {Name}-{Namespace}.foo.{Domain} + domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + + # tagTemplate specifies the golang text template string to use + # when constructing the DNS name for "tags" within the traffic blocks + # of Routes and Configuration. This is used in conjunction with the + # domainTemplate above to determine the full URL for the tag. + tag-template: "{{.Tag}}-{{.Name}}" + + # Controls whether TLS certificates are automatically provisioned and + # installed in the Knative ingress to terminate external TLS connection. + # 1. Enabled: enabling auto-TLS feature. + # 2. Disabled: disabling auto-TLS feature. + auto-tls: "Disabled" + + # Controls the behavior of the HTTP endpoint for the Knative ingress. + # It requires autoTLS to be enabled. + # 1. Enabled: The Knative ingress will be able to serve HTTP connection. + # 2. Redirected: The Knative ingress will send a 301 redirect for all + # http connections, asking the clients to use HTTPS. + # + # "Disabled" option is deprecated. + http-protocol: "Enabled" + + # rollout-duration contains the minimal duration in seconds over which the + # Configuration traffic targets are rolled out to the newest revision. + rollout-duration: "0" + + # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should + # be automatically created (and deleted) as needed when DomainMappings are + # reconciled. + # + # If this is "false" (the default), the cluster administrator is + # responsible for creating ClusterDomainClaims and delegating them to + # namespaces via their spec.Namespace field. This setting should be used in + # multitenant environments which need to control which namespace can use a + # particular domain name in a domain mapping. + # + # If this is "true", users are able to associate arbitrary names with their + # services via the DomainMapping feature. + autocreate-cluster-domain-claims: "false" + + # If true, networking plugins can add additional information to deployed + # applications to make their pods directly accessible via their IPs even if mesh is + # enabled and thus direct-addressability is usually not possible. + # Consumers like Knative Serving can use this setting to adjust their behavior + # accordingly, i.e. to drop fallback solutions for non-pod-addressable systems. + # + # NOTE: This flag is in an alpha state and is mostly here to enable internal testing + # for now. Use with caution. + enable-mesh-pod-addressability: "false" + + # mesh-compatibility-mode indicates whether consumers of network plugins + # should directly contact Pod IPs (most efficient), or should use the + # Cluster IP (less efficient, needed when mesh is enabled unless + # `enable-mesh-pod-addressability`, above, is set). + # Permitted values are: + # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. + # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. + # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. + mesh-compatibility-mode: "auto" + + # Defines the scheme used for external URLs if autoTLS is not enabled. + # This can be used for making Knative report all URLs as "HTTPS" for example, if you're + # fronting Knative with an external loadbalancer that deals with TLS termination and + # Knative doesn't know about that otherwise. + default-external-scheme: "http" +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "fed4756e" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # logging.enable-var-log-collection defaults to false. + # The fluentd daemon set will be set up to collect /var/log if + # this flag is true. + logging.enable-var-log-collection: "false" + + # logging.revision-url-template provides a template to use for producing the + # logging URL that is injected into the status of each Revision. + logging.revision-url-template: "http://logging.example.com/?revisionUID=${REVISION_UID}" + + # If non-empty, this enables queue proxy writing user request logs to stdout, excluding probe + # requests. + # NB: after 0.18 release logging.enable-request-log must be explicitly set to true + # in order for request logging to be enabled. + # + # The value determines the shape of the request logs and it must be a valid go text/template. + # It is important to keep this as a single line. Multiple lines are parsed as separate entities + # by most collection agents and will split the request logs into multiple records. + # + # The following fields and functions are available to the template: + # + # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) + # representing an HTTP request received by the server. + # + # Response: + # struct { + # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) + # Size int // An int representing the size of the response. + # Latency float64 // A float64 representing the latency of the response in seconds. + # } + # + # Revision: + # struct { + # Name string // Knative revision name + # Namespace string // Knative revision namespace + # Service string // Knative service name + # Configuration string // Knative configuration name + # PodName string // Name of the pod hosting the revision + # PodIP string // IP of the pod hosting the revision + # } + # + logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' + + # If true, the request logging will be enabled. + # NB: up to and including Knative version 0.18 if logging.request-log-template is non-empty, this value + # will be ignored. + logging.enable-request-log: "false" + + # If true, this enables queue proxy writing request logs for probe requests to stdout. + # It uses the same template for user requests, i.e. logging.request-log-template. + logging.enable-probe-request-log: "false" + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or opencensus. + metrics.backend-destination: prometheus + + # metrics.request-metrics-backend-destination specifies the request metrics + # destination. It enables queue proxy to send request metrics. + # Currently supported values: prometheus (the default), opencensus. + metrics.request-metrics-backend-destination: prometheus + + # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from + # the pods via an HTTP server in the format expected by the pprof visualization tool. When + # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. + # The HTTP context root for profiling is then /debug/pprof/. + profiling.enable: "false" +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: knative-serving + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + annotations: + knative.dev/example-checksum: "26614636" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # This may be "zipkin" or "none" (default) + backend: "none" + + # URL to zipkin collector where traces are sent. + # This must be specified when backend is "zipkin" + zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" + + # Enable zipkin debug mode. This allows all spans to be sent to the server + # bypassing sampling. + debug: "false" + + # Percentage (0-1) of requests to trace + sample-rate: "0.1" +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + minReplicas: 1 + maxReplicas: 20 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: activator + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + # Percentage of the requested CPU + averageUtilization: 100 +--- +# Activator PDB. Currently we permit unavailability of 20% of tasks at the same time. +# Given the subsetting and that the activators are partially stateful systems, we want +# a slow rollout of the new versions and slow migration during node upgrades. +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: activator-pdb + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + minAvailable: 80% + selector: + matchLabels: + app: activator +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: activator + namespace: knative-serving + labels: + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.2.5" +spec: + selector: + matchLabels: + app: activator + role: activator + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: activator + role: activator + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + spec: + serviceAccountName: controller + containers: + - name: activator + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:93ff6e69357785ff97806945b284cbd1d37e50402b876a320645be8877c0d7b7 + # The numbers are based on performance test results from + # https://github.com/knative/serving/issues/1625#issuecomment-511930023 + resources: + requests: + cpu: 300m + memory: 60Mi + limits: + cpu: 1000m + memory: 600Mi + env: + # Run Activator with GC collection when newly generated memory is 500%. + - name: GOGC + value: "500" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/internal/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: http1 + containerPort: 8012 + - name: h2c + containerPort: 8013 + readinessProbe: + httpGet: + port: 8012 + httpHeaders: + - name: k-kubelet-probe + value: "activator" + periodSeconds: 5 + failureThreshold: 5 + livenessProbe: + httpGet: + port: 8012 + httpHeaders: + - name: k-kubelet-probe + value: "activator" + periodSeconds: 10 + failureThreshold: 12 + initialDelaySeconds: 15 + # The activator (often) sits on the dataplane, and may proxy long (e.g. + # streaming, websockets) requests. We give a long grace period for the + # activator to "lame duck" and drain outstanding requests before we + # forcibly terminate the pod (and outstanding connections). This value + # should be at least as large as the upper bound on the Revision's + # timeoutSeconds property to avoid servicing events disrupting + # connections. + terminationGracePeriodSeconds: 600 +--- +apiVersion: v1 +kind: Service +metadata: + name: activator-service + namespace: knative-serving + labels: + app: activator + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.2.5" +spec: + selector: + app: activator + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http + port: 80 + targetPort: 8012 + - name: http2 + port: 81 + targetPort: 8013 + type: ClusterIP +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: autoscaler + namespace: knative-serving + labels: + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + replicas: 1 + selector: + matchLabels: + app: autoscaler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: autoscaler + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: autoscaler + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: autoscaler + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:007820fdb75b60e6fd5a25e65fd6ad9744082a6bf195d72795561c91b425d016 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: websocket + containerPort: 8080 + readinessProbe: + httpGet: + port: 8080 + httpHeaders: + - name: k-kubelet-probe + value: "autoscaler" + livenessProbe: + httpGet: + port: 8080 + httpHeaders: + - name: k-kubelet-probe + value: "autoscaler" + failureThreshold: 6 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: autoscaler + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + name: autoscaler + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: http + port: 8080 + targetPort: 8080 + selector: + app: autoscaler +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller + namespace: knative-serving + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + selector: + matchLabels: + app: controller + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: controller + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: controller + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:75cfdcfa050af9522e798e820ba5483b9093de1ce520207a3fedf112d73a4686 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/internal/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: controller + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + name: controller + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + app: controller +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domain-mapping + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + selector: + matchLabels: + app: domain-mapping + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: domain-mapping + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domain-mapping + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: domain-mapping + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:23baa19322320f25a462568eded1276601ef67194883db9211e1ea24f21a0beb + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domainmapping-webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + selector: + matchLabels: + app: domainmapping-webhook + role: domainmapping-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: domainmapping-webhook + role: domainmapping-webhook + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domainmapping-webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: domainmapping-webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:847bb97e38440c71cb4bcc3e430743e18b328ad1e168b6fca35b10353b9a2c22 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_PORT + value: "8443" + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + failureThreshold: 6 + initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: domainmapping-webhook + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + name: domainmapping-webhook + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: domainmapping-webhook +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: webhook + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + # Percentage of the requested CPU + averageUtilization: 100 +--- +# Webhook PDB. +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: webhook-pdb + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + minAvailable: 80% + selector: + matchLabels: + app: webhook +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: webhook + namespace: knative-serving + labels: + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving +spec: + selector: + matchLabels: + app: webhook + role: webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: webhook + role: webhook + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:9084ea8498eae3c6c4364a397d66516a25e48488f4a9871ef765fa554ba483f0 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_NAME + value: webhook + - name: WEBHOOK_PORT + value: "8443" + # TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config + - name: METRICS_DOMAIN + value: knative.dev/internal/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + failureThreshold: 6 + initialDelaySeconds: 20 + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: webhook + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + name: webhook + namespace: knative-serving +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: webhook +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.serving.knative.dev + namespaceSelector: + matchExpressions: + - key: serving.knative.dev/release + operator: Exists + timeoutSeconds: 10 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.domainmapping.serving.knative.dev + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + - v1beta1 + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - domainmappings +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: domainmapping-webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +# The data is populated at install time. +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.domainmapping.serving.knative.dev + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - domainmappings +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.serving.knative.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +# The data is populated at install time. diff --git a/kubeflow/common/knative/knative-1-2-5/serving-crds.yaml b/kubeflow/common/knative/knative-1-2-5/serving-crds.yaml new file mode 100644 index 00000000..7b178b18 --- /dev/null +++ b/kubeflow/common/knative/knative-1-2-5/serving-crds.yaml @@ -0,0 +1,3189 @@ +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: certificates.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Certificate + plural: certificates + singular: certificate + categories: + - knative-internal + - networking + shortNames: + - kcert + scope: Namespaced +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: configurations.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + required: + - ref + properties: + ref: + description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + type: object + required: + - kind + - name + properties: + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + required: + - ref + properties: + ref: + description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + type: object + required: + - kind + - name + properties: + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping + categories: + - all + - knative + - serving + shortNames: + - dm + scope: Namespaced +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ingresses.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: Ingress + plural: ingresses + singular: ingress + categories: + - knative-internal + - networking + shortNames: + - kingress + - king + scope: Namespaced +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metrics.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: podautoscalers.autoscaling.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: DesiredScale + type: integer + jsonPath: ".status.desiredScale" + - name: ActualScale + type: integer + jsonPath: ".status.actualScale" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/10KWynvAJYuOEWy69VBa6bHJVCqIsz1TNdEKosNvcpPY/edit' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + serviceName: + description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. + type: string +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: revisions.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Config Name + type: string + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configuration']" + - name: K8s Service Name + type: string + jsonPath: ".status.serviceName" + - name: Generation + type: string # int in string form :( + jsonPath: ".metadata.labels['serving\\.knative\\.dev/configurationGeneration']" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: routes.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" +spec: + group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + traffic: + description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serverlessservices.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Mode + type: string + jsonPath: ".spec.mode" + - name: Activators + type: integer + jsonPath: ".spec.numActivators" + - name: ServiceName + type: string + jsonPath: ".status.serviceName" + - name: PrivateServiceName + type: string + jsonPath: ".status.privateServiceName" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: ServerlessService + plural: serverlessservices + singular: serverlessservice + categories: + - knative-internal + - networking + shortNames: + - sks + scope: Namespaced +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Note: The schema part of the spec is auto-generated by hack/update-schemas.sh. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: services.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + duck.knative.dev/podspecable: "true" +spec: + group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + traffic: + description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: ServiceStatus represents the Status stanza of the Service resource. + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + traffic: + description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string +--- +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + knative.dev/crd-install: "true" +spec: + group: caching.internal.knative.dev + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + shortNames: + - img + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flush out the + # schema for each version at this time + # + # see issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Image + type: string + jsonPath: .spec.image diff --git a/kubeflow/common/knative/kustomization.yaml b/kubeflow/common/knative/kustomization.yaml index 0e96fb92..d558cf25 100644 --- a/kubeflow/common/knative/kustomization.yaml +++ b/kubeflow/common/knative/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ./knative-0-22-0/serving-core.yaml -- ./knative-0-22-0/net-istio.yaml +- ./knative-1-2-5/serving-core.yaml +- ./knative-1-2-5/net-istio.yaml patches: - path: patches/namespace-patch.yaml transformers: From 4221c306eacbaabedf93ac86111fdd7e412ca2ee Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Mon, 18 Jul 2022 17:28:07 +0000 Subject: [PATCH 04/22] Add comment about serving-crds.yaml --- kubeflow/common/knative/kustomization.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/kubeflow/common/knative/kustomization.yaml b/kubeflow/common/knative/kustomization.yaml index d558cf25..c04c8561 100644 --- a/kubeflow/common/knative/kustomization.yaml +++ b/kubeflow/common/knative/kustomization.yaml @@ -1,6 +1,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + # Official knative installation instructions recommend applying serving-crds.yaml + # before serving-core.yaml due to existing dependencies. However, serving-core.yaml + # includes all required CRDs. Therefore, we only build serving-core.yaml here and then + # we enforce the required order by setting it in the Makefile. For your reference we + # include serving-crds.yaml in the folder. + # + # knative YAML: https://knative.dev/docs/install/yaml-install/serving/serving-installation-files/ + # Reference issue: https://github.com/knative/serving/issues/9945 - ./knative-1-2-5/serving-core.yaml - ./knative-1-2-5/net-istio.yaml patches: From fc3bc45bbc14a754ba89570601e1e117d22ec54c Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Sun, 17 Jul 2022 11:11:38 +0000 Subject: [PATCH 05/22] Update the backend-updater workload to fix #371 --- kubeflow/common/iap-ingress/base/config-map.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubeflow/common/iap-ingress/base/config-map.yaml b/kubeflow/common/iap-ingress/base/config-map.yaml index 63ac1242..653ca341 100644 --- a/kubeflow/common/iap-ingress/base/config-map.yaml +++ b/kubeflow/common/iap-ingress/base/config-map.yaml @@ -171,7 +171,7 @@ data: echo Setting BackendConfig healthCheck.port to: ${HC_INGRESS_PORT} kubectl patch backendconfig iap-backendconfig -n ${NAMESPACE} --type json -p '[{"op": "replace", "path": "/spec/healthCheck/port", "value": '${HC_INGRESS_PORT}'}]' - HC_INGRESS_PATH=$(kubectl -n istio-system get deployments istio-ingressgateway -o jsonpath='{.spec.template.spec.containers[?(@.name=="istio-proxy")].readinessProbe.httpGet.path}') + HC_INGRESS_PATH=$(kubectl get pods -n istio-system -l app=istio-ingressgateway -o jsonpath='{.items[0].spec.containers[?(@.name=="istio-proxy")].readinessProbe.httpGet.path}') echo Setting BackendConfig healthCheck.requestPath to ${HC_INGRESS_PATH} kubectl patch backendconfig iap-backendconfig -n ${NAMESPACE} --type json -p '[{"op": "replace", "path": "/spec/healthCheck/requestPath", "value": "'${HC_INGRESS_PATH}'"}]' } From 76dde6f59e86e1c3d82fd63523aeb04d3dcac878 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Sun, 17 Jul 2022 11:52:59 +0000 Subject: [PATCH 06/22] Prevent recreation of iap-enabler and backend-updater --- kubeflow/common/iap-ingress/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubeflow/common/iap-ingress/Makefile b/kubeflow/common/iap-ingress/Makefile index 06aa234a..2d0d7507 100644 --- a/kubeflow/common/iap-ingress/Makefile +++ b/kubeflow/common/iap-ingress/Makefile @@ -26,7 +26,7 @@ check-iap: pod-reset: # Kick the IAP pod because we will reset the policy and need to patch it. # TODO(https://github.com/kubeflow/gcp-blueprints/issues/14) - kubectl --context=$(KFCTXT) -n istio-system delete pods -l service=iap-enabler + kubectl --context=$(KFCTXT) -n istio-system delete deployment iap-enabler # Kick the backend updater pod, because information might be outdated after the apply. # https://github.com/kubeflow/gcp-blueprints/issues/160 - kubectl --context=$(KFCTXT) -n istio-system delete pods -l service=backend-updater + kubectl --context=$(KFCTXT) -n istio-system delete statefulset backend-updater From 5e08f5d4516499e06358de9d70505cbed064b4c1 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Tue, 19 Jul 2022 08:46:23 +0000 Subject: [PATCH 07/22] Migrate from authorization.k8s.io/v1beta1 --- kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml | 2 +- kubeflow/common/cloud-endpoints/base/cluster-role.yaml | 2 +- kubeflow/common/iap-ingress/base/cluster-role.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml b/kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml index 79ff5afd..56ed50be 100755 --- a/kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml +++ b/kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml @@ -1,4 +1,4 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cloud-endpoints-controller diff --git a/kubeflow/common/cloud-endpoints/base/cluster-role.yaml b/kubeflow/common/cloud-endpoints/base/cluster-role.yaml index fac2877b..4f00573f 100755 --- a/kubeflow/common/cloud-endpoints/base/cluster-role.yaml +++ b/kubeflow/common/cloud-endpoints/base/cluster-role.yaml @@ -1,4 +1,4 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cloud-endpoints-controller diff --git a/kubeflow/common/iap-ingress/base/cluster-role.yaml b/kubeflow/common/iap-ingress/base/cluster-role.yaml index 67d36eba..690f0ec7 100755 --- a/kubeflow/common/iap-ingress/base/cluster-role.yaml +++ b/kubeflow/common/iap-ingress/base/cluster-role.yaml @@ -1,4 +1,4 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kf-admin-iap From fc735cf91ba91aeb25414073529b2efa17e561ff Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Tue, 19 Jul 2022 09:04:30 +0000 Subject: [PATCH 08/22] Migrate from networking.k8s.io/v1beta1 --- kubeflow/common/iap-ingress/base/ingress.yaml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/kubeflow/common/iap-ingress/base/ingress.yaml b/kubeflow/common/iap-ingress/base/ingress.yaml index 6afcfc6d..7cb6b992 100755 --- a/kubeflow/common/iap-ingress/base/ingress.yaml +++ b/kubeflow/common/iap-ingress/base/ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -7,14 +7,20 @@ metadata: networking.gke.io/managed-certificates: gke-certificate name: envoy-ingress spec: - backend: - serviceName: istio-ingressgateway - servicePort: 80 + defaultBackend: + service: + name: istio-ingressgateway + port: + number: 80 rules: - host: $(hostname) http: paths: - backend: - serviceName: istio-ingressgateway - servicePort: 80 + service: + name: istio-ingressgateway + port: + number: 80 path: /* + pathType: Prefix + From 3444e766862518b55feec3b79bd8dad744ab7639 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Tue, 19 Jul 2022 09:24:19 +0000 Subject: [PATCH 09/22] Migrate from rbac.authorization.k8s.io/v1beta1 --- kubeflow/common/iap-ingress/base/cluster-role-binding.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubeflow/common/iap-ingress/base/cluster-role-binding.yaml b/kubeflow/common/iap-ingress/base/cluster-role-binding.yaml index b1905032..9d0390d6 100755 --- a/kubeflow/common/iap-ingress/base/cluster-role-binding.yaml +++ b/kubeflow/common/iap-ingress/base/cluster-role-binding.yaml @@ -1,4 +1,4 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kf-admin-iap From b0f60abbefbe545de6db67ac0011255eef2ac35c Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Tue, 19 Jul 2022 10:37:45 +0000 Subject: [PATCH 10/22] Update config-connector --- .../configconnector-operator.yaml | 440 +++++++++++------- 1 file changed, 282 insertions(+), 158 deletions(-) diff --git a/management/manifests/cnrm-install/install-system/configconnector-operator.yaml b/management/manifests/cnrm-install/install-system/configconnector-operator.yaml index 03af7508..ad67ed96 100644 --- a/management/manifests/cnrm-install/install-system/configconnector-operator.yaml +++ b/management/manifests/cnrm-install/install-system/configconnector-operator.yaml @@ -2,17 +2,17 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 + cnrm.cloud.google.com/operator-version: 1.89.0 labels: cnrm.cloud.google.com/operator-system: "true" name: configconnector-operator-system --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 - controller-gen.kubebuilder.io/version: v0.2.4 + cnrm.cloud.google.com/operator-version: 1.89.0 + controller-gen.kubebuilder.io/version: v0.6.2 creationTimestamp: null labels: cnrm.cloud.google.com/operator-system: "true" @@ -25,66 +25,85 @@ spec: plural: configconnectorcontexts singular: configconnectorcontext scope: Namespaced - validation: - openAPIV3Schema: - description: ConfigConnectorContext is the Schema for the ConfigConnectorContexts - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigConnectorContextSpec defines the desired state of ConfigConnectorContext - properties: - googleServiceAccount: - description: The Google Service Account to be used by Config Connector - to authenticate with Google Cloud APIs in the associated namespace. - type: string - requestProjectPolicy: - description: Specifies which project to use for preconditions, quota, - and billing for requests made to Google Cloud APIs for resources in - the associated namespace. Must be one of 'SERVICE_ACCOUNT_PROJECT' - or 'RESOURCE_PROJECT'. Defaults to 'SERVICE_ACCOUNT_PROJECT'. If set - to 'SERVICE_ACCOUNT_PROJECT', uses the project that the Google Service - Account belongs to. If set to 'RESOURCE_PROJECT', uses the project - that the resource belongs to. - enum: - - SERVICE_ACCOUNT_PROJECT - - RESOURCE_PROJECT - type: string - required: - - googleServiceAccount - type: object - status: - description: ConfigConnectorContextStatus defines the observed state of - ConfigConnectorContext - properties: - errors: - items: - type: string - type: array - healthy: - type: boolean - required: - - healthy - type: object - required: - - spec - type: object - version: v1beta1 versions: - - name: v1beta1 + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'true' the most recent reconcile of the ConfigConnectorContext + object succeeded + jsonPath: .status.healthy + name: Healthy + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ConfigConnectorContext is the Schema for the ConfigConnectorContexts + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigConnectorContextSpec defines the desired state of ConfigConnectorContext + properties: + billingProject: + description: Specifies the project to use for preconditions, quota + and billing. Should only be used when requestProjectPolicy is set + to BILLING_PROJECT. + type: string + googleServiceAccount: + description: The Google Service Account to be used by Config Connector + to authenticate with Google Cloud APIs in the associated namespace. + type: string + requestProjectPolicy: + description: Specifies which project to use for preconditions, quota, + and billing for requests made to Google Cloud APIs for resources + in the associated namespace. Must be one of 'SERVICE_ACCOUNT_PROJECT', + 'RESOURCE_PROJECT', or 'BILLING_PROJECT. Defaults to 'SERVICE_ACCOUNT_PROJECT'. + If set to 'SERVICE_ACCOUNT_PROJECT', uses the project that the Google + Service Account belongs to. If set to 'RESOURCE_PROJECT', uses the + project that the resource belongs to. If set to 'BILLING_PROJECT', + uses the project specified by spec.billingProject. + enum: + - SERVICE_ACCOUNT_PROJECT + - RESOURCE_PROJECT + - BILLING_PROJECT + type: string + required: + - googleServiceAccount + type: object + status: + description: ConfigConnectorContextStatus defines the observed state of + ConfigConnectorContext + properties: + errors: + items: + type: string + type: array + healthy: + type: boolean + phase: + type: string + required: + - healthy + type: object + required: + - spec + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -92,12 +111,12 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 - controller-gen.kubebuilder.io/version: v0.2.4 + cnrm.cloud.google.com/operator-version: 1.89.0 + controller-gen.kubebuilder.io/version: v0.6.2 creationTimestamp: null labels: cnrm.cloud.google.com/operator-system: "true" @@ -110,104 +129,118 @@ spec: plural: configconnectors singular: configconnector scope: Cluster - validation: - openAPIV3Schema: - description: ConfigConnector is the Schema for the configconnectors API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - anyOf: - - oneOf: - - not: + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'true' the most recent reconcile of the ConfigConnector object + succeeded + jsonPath: .status.healthy + name: Healthy + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ConfigConnector is the Schema for the configconnectors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - oneOf: + - not: + required: + - googleServiceAccount + required: + - credentialSecretName + - not: + required: + - credentialSecretName required: - googleServiceAccount - required: - - credentialSecretName + properties: + mode: + enum: + - cluster - not: - required: - - credentialSecretName - required: - - googleServiceAccount + anyOf: + - required: + - googleServiceAccount + - required: + - credentialSecretName + properties: + mode: + enum: + - namespaced + description: ConfigConnectorSpec defines the desired state of ConfigConnector properties: + credentialSecretName: + description: The Kubernetes secret that contains the Google Service + Account Key's credentials to be used by ConfigConnector to authenticate + with Google Cloud APIs. This field is used only when in cluster + mode. It's recommended to use `googleServiceAccount` when running + ConfigConnector in Google Kubernetes Engine (GKE) clusters with + Workload Identity enabled. This field cannot be specified together + with `googleServiceAccount`. + type: string + googleServiceAccount: + description: The Google Service Account to be used by Config Connector + to authenticate with Google Cloud APIs. This field is used only + when running in cluster mode with Workload Identity enabled. See + Google Kubernetes Engine (GKE) workload-identity (https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) + for details. This field cannot be specified together with `credentialSecretName`. + For namespaced mode, use `googleServiceAccount` in ConfigConnectorContext + CRD to specify the Google Service Account to be used to authenticate + with Google Cloud APIs per namespace. + type: string mode: + description: The mode that Config Connector will run in. This can + be either 'cluster' or 'namespaced'. The default is 'namespaced'. + Cluster mode uses a single Google Service Account to create and + manage resources, even if you are using Config Connector to manage + multiple Projects. You must specify either `credentialSecretName` + or `googleServiceAccount` when in cluster mode, but not both. Namespaced + mode allows you to use different Google service accounts for different + Projects. When in namespaced mode, you must create a ConfigConnectorContext + object per namespace that you want to enable Config Connector in, + and each must set `googleServiceAccount` to specify the Google Service + Account to be used to authenticate with Google Cloud APIs for the + namespace. enum: - cluster - - not: - anyOf: - - required: - - googleServiceAccount - - required: - - credentialSecretName - properties: - mode: - enum: - namespaced - description: ConfigConnectorSpec defines the desired state of ConfigConnector - properties: - credentialSecretName: - description: The Kubernetes secret that contains the Google Service - Account Key's credentials to be used by ConfigConnector to authenticate - with Google Cloud APIs. This field is used only when in cluster mode. - It's recommended to use `googleServiceAccount` when running ConfigConnector - in Google Kubernetes Engine (GKE) clusters with Workload Identity - enabled. This field cannot be specified together with `googleServiceAccount`. - type: string - googleServiceAccount: - description: The Google Service Account to be used by Config Connector - to authenticate with Google Cloud APIs. This field is used only when - running in cluster mode with Workload Identity enabled. See Google - Kubernetes Engine (GKE) workload-identity (https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) - for details. This field cannot be specified together with `credentialSecretName`. - For namespaced mode, use `googleServiceAccount` in ConfigConnectorContext - CRD to specify the Google Service Account to be used to authenticate - with Google Cloud APIs per namespace. - type: string - mode: - description: The mode that Config Connector will run in. This can be - either 'cluster' or 'namespaced'. The default is 'namespaced'. Cluster - mode uses a single Google Service Account to create and manage resources, - even if you are using Config Connector to manage multiple Projects. - You must specify either `credentialSecretName` or `googleServiceAccount` - when in cluster mode, but not both. Namespaced mode allows you to - use different Google service accounts for different Projects. When - in namespaced mode, you must create a ConfigConnectorContext object - per namespace that you want to enable Config Connector in, and each - must set `googleServiceAccount` to specify the Google Service Account - to be used to authenticate with Google Cloud APIs for the namespace. - enum: - - cluster - - namespaced - type: string - type: object - status: - description: ConfigConnectorStatus defines the observed state of ConfigConnector - properties: - errors: - items: type: string - type: array - healthy: - type: boolean - required: - - healthy - type: object - type: object - version: v1beta1 - versions: - - name: v1beta1 + type: object + status: + description: ConfigConnectorStatus defines the observed state of ConfigConnector + properties: + errors: + items: + type: string + type: array + healthy: + type: boolean + phase: + type: string + required: + - healthy + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -219,7 +252,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 + cnrm.cloud.google.com/operator-version: 1.89.0 labels: cnrm.cloud.google.com/operator-system: "true" name: configconnector-operator @@ -229,7 +262,79 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 + cnrm.cloud.google.com/operator-version: 1.89.0 + cnrm.cloud.google.com/version: 1.89.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/operator-system: "true" + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: configconnector-operator-cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + - apigee.cnrm.cloud.google.com + - artifactregistry.cnrm.cloud.google.com + - bigquery.cnrm.cloud.google.com + - bigtable.cnrm.cloud.google.com + - billingbudgets.cnrm.cloud.google.com + - binaryauthorization.cnrm.cloud.google.com + - cloudbuild.cnrm.cloud.google.com + - cloudfunctions.cnrm.cloud.google.com + - cloudidentity.cnrm.cloud.google.com + - cloudscheduler.cnrm.cloud.google.com + - compute.cnrm.cloud.google.com + - configcontroller.cnrm.cloud.google.com + - container.cnrm.cloud.google.com + - containeranalysis.cnrm.cloud.google.com + - dataflow.cnrm.cloud.google.com + - datafusion.cnrm.cloud.google.com + - dataproc.cnrm.cloud.google.com + - dns.cnrm.cloud.google.com + - eventarc.cnrm.cloud.google.com + - filestore.cnrm.cloud.google.com + - firestore.cnrm.cloud.google.com + - gameservices.cnrm.cloud.google.com + - gkehub.cnrm.cloud.google.com + - iam.cnrm.cloud.google.com + - iap.cnrm.cloud.google.com + - identityplatform.cnrm.cloud.google.com + - kms.cnrm.cloud.google.com + - logging.cnrm.cloud.google.com + - memcache.cnrm.cloud.google.com + - monitoring.cnrm.cloud.google.com + - networkconnectivity.cnrm.cloud.google.com + - networksecurity.cnrm.cloud.google.com + - networkservices.cnrm.cloud.google.com + - osconfig.cnrm.cloud.google.com + - privateca.cnrm.cloud.google.com + - pubsub.cnrm.cloud.google.com + - recaptchaenterprise.cnrm.cloud.google.com + - redis.cnrm.cloud.google.com + - resourcemanager.cnrm.cloud.google.com + - run.cnrm.cloud.google.com + - secretmanager.cnrm.cloud.google.com + - servicedirectory.cnrm.cloud.google.com + - servicenetworking.cnrm.cloud.google.com + - serviceusage.cnrm.cloud.google.com + - sourcerepo.cnrm.cloud.google.com + - spanner.cnrm.cloud.google.com + - sql.cnrm.cloud.google.com + - storage.cnrm.cloud.google.com + - storagetransfer.cnrm.cloud.google.com + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.89.0 creationTimestamp: null labels: cnrm.cloud.google.com/operator-system: "true" @@ -328,6 +433,7 @@ rules: - core.cnrm.cloud.google.com resources: - configconnectors/status + - configconnectorcontexts/status verbs: - get - patch @@ -388,7 +494,24 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 + cnrm.cloud.google.com/operator-version: 1.89.0 + labels: + cnrm.cloud.google.com/operator-system: "true" + name: configconnector-operator-cnrm-viewer-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: configconnector-operator-cnrm-viewer +subjects: +- kind: ServiceAccount + name: configconnector-operator + namespace: configconnector-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/operator-version: 1.89.0 labels: cnrm.cloud.google.com/operator-system: "true" name: configconnector-operator-rolebinding @@ -405,7 +528,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 + cnrm.cloud.google.com/operator-version: 1.89.0 labels: cnrm.cloud.google.com/operator-system: "true" name: configconnector-operator-service @@ -422,7 +545,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 + cnrm.cloud.google.com/operator-version: 1.89.0 labels: cnrm.cloud.google.com/component: configconnector-operator cnrm.cloud.google.com/operator-system: "true" @@ -437,7 +560,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/operator-version: 1.46.0 + cnrm.cloud.google.com/operator-version: 1.89.0 labels: cnrm.cloud.google.com/component: configconnector-operator cnrm.cloud.google.com/operator-system: "true" @@ -447,7 +570,8 @@ spec: - --local-repo=/configconnector-operator/channels command: - /configconnector-operator/manager - image: gcr.io/gke-release/cnrm/operator:70a9bee + image: gcr.io/gke-release/cnrm/operator:35d3b61 + imagePullPolicy: Always name: manager resources: limits: From 3b051975ca962d7f49318864348825e2b1cc922c Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Tue, 19 Jul 2022 11:59:36 +0000 Subject: [PATCH 11/22] Clean up comments after removing KFServing --- kubeflow/apps/.krmignore | 3 --- kubeflow/apps/centraldashboard/kustomization.yaml | 3 --- 2 files changed, 6 deletions(-) diff --git a/kubeflow/apps/.krmignore b/kubeflow/apps/.krmignore index 22f31af0..daee8e6d 100644 --- a/kubeflow/apps/.krmignore +++ b/kubeflow/apps/.krmignore @@ -4,15 +4,12 @@ jupyter/jupyter-web-app/upstream/overlays/istio/params.yaml jupyter/notebook-controller/upstream/crd/kustomizeconfig.yaml katib/upstream/installs/katib-openshift/patches/service-serving-cert.yaml katib/upstream/installs/katib-openshift/patches/webhook-inject-cabundle.yaml -kfserving/upstream/crd/patches/protocol.yaml -kfserving/upstream/overlays/kubeflow/patches/web-app-vsvc.yaml pipelines/upstream/third-party/argo/installs/cluster pipelines/upstream/third-party/argo/installs/namespace pipelines/upstream/third-party/argo/upstream/manifests/namespace-install/overlays admission-webhook/upstream centraldashboard/upstream katib/upstream -kfserving/upstream pipelines/upstream profiles/upstream tensorboard/tensorboard-controller/upstream diff --git a/kubeflow/apps/centraldashboard/kustomization.yaml b/kubeflow/apps/centraldashboard/kustomization.yaml index 76036672..3e56a74b 100644 --- a/kubeflow/apps/centraldashboard/kustomization.yaml +++ b/kubeflow/apps/centraldashboard/kustomization.yaml @@ -2,9 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -# Uncomment this line for kfserving -# - upstream/overlays/istio -# Uncomment this line for kserve - upstream/overlays/kserve patchesStrategicMerge: - deployment-patch.yaml From 994a11e187f29fccb88cc7db96740a26c336aa75 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Tue, 19 Jul 2022 12:20:33 +0000 Subject: [PATCH 12/22] Migrate from apiextensions.k8s.io/v1beta1 --- kubeflow/common/cloud-endpoints/base/crd.yaml | 46 ++++++++++++++++++- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/kubeflow/common/cloud-endpoints/base/crd.yaml b/kubeflow/common/cloud-endpoints/base/crd.yaml index 4d09e9fb..dafa1aae 100755 --- a/kubeflow/common/cloud-endpoints/base/crd.yaml +++ b/kubeflow/common/cloud-endpoints/base/crd.yaml @@ -1,6 +1,8 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + "api-approved.kubernetes.io": "unapproved, request not yet submitted" name: cloudendpoints.ctl.isla.solutions spec: group: ctl.isla.solutions @@ -12,4 +14,44 @@ spec: - ce singular: cloudendpoint scope: Namespaced - version: v1 + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + project: + type: string + targetIngress: + properties: + name: + type: string + namespace: + type: string + type: object + required: + - name + - namespace + required: + - project + - targetIngress + type: object + status: + type: object + required: + - metadata + - spec + type: object From 26cf7989465d5695c77fcb40799a9a9f05fbb475 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Wed, 20 Jul 2022 13:36:50 +0000 Subject: [PATCH 13/22] Update README for config-controller --- management/manifests/cnrm-install/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/management/manifests/cnrm-install/README.md b/management/manifests/cnrm-install/README.md index e20816c7..19fdf9cc 100644 --- a/management/manifests/cnrm-install/README.md +++ b/management/manifests/cnrm-install/README.md @@ -1,7 +1,9 @@ # Configuration for installing Cloud Config Connector in the management cluster. -Configs are a copy of the CNRM operator install with necessary Google Cloud -resources to set up workload identity binding. (see [docs](https://cloud.google.com/config-connector/docs/how-to/advanced-install#manual)). +> **Note**: +> Starting with Kubeflow 1.5, we leveraged the managed version of Config Connector, which is called [Config Controller](https://cloud.google.com/anthos-config-management/docs/concepts/config-controller-overview). As it does not require manual upgrading, ignore the upgrade instructions below if you use a default deployment of the management cluster through Config Controller setup process. + +Configs are a copy of the CNRM operator install with necessary Google Cloud resources to set up workload identity binding. (see [docs](https://cloud.google.com/config-connector/docs/how-to/advanced-install#manual)). To update: From fa8491e366ede32ec1666d402c533df6009e526e Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Wed, 3 Aug 2022 12:08:16 +0000 Subject: [PATCH 14/22] Change pathType in ingress, fix typos --- kubeflow/common/cloud-endpoints/base/crd.yaml | 82 +++++++++---------- kubeflow/common/iap-ingress/base/ingress.yaml | 5 +- 2 files changed, 43 insertions(+), 44 deletions(-) diff --git a/kubeflow/common/cloud-endpoints/base/crd.yaml b/kubeflow/common/cloud-endpoints/base/crd.yaml index dafa1aae..9d901f93 100755 --- a/kubeflow/common/cloud-endpoints/base/crd.yaml +++ b/kubeflow/common/cloud-endpoints/base/crd.yaml @@ -14,44 +14,44 @@ spec: - ce singular: cloudendpoint scope: Namespaced - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - project: - type: string - targetIngress: - properties: - name: - type: string - namespace: - type: string - type: object - required: - - name - - namespace - required: - - project - - targetIngress - type: object - status: - type: object - required: - - metadata - - spec - type: object + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + project: + type: string + targetIngress: + properties: + name: + type: string + namespace: + type: string + type: object + required: + - name + - namespace + required: + - project + - targetIngress + type: object + status: + type: object + required: + - metadata + - spec + type: object diff --git a/kubeflow/common/iap-ingress/base/ingress.yaml b/kubeflow/common/iap-ingress/base/ingress.yaml index 7cb6b992..65f6f7b5 100755 --- a/kubeflow/common/iap-ingress/base/ingress.yaml +++ b/kubeflow/common/iap-ingress/base/ingress.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: - kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: $(ipName) networking.gke.io/managed-certificates: gke-certificate name: envoy-ingress @@ -22,5 +22,4 @@ spec: port: number: 80 path: /* - pathType: Prefix - + pathType: ImplementationSpecific From 4e5e319f5c12fa8aff7ac3b6bd07e4c3fcf3911c Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Wed, 3 Aug 2022 12:09:38 +0000 Subject: [PATCH 15/22] Bump upstream tags --- kubeflow/apps/pipelines/pull-upstream.sh | 2 +- kubeflow/pull-upstream.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kubeflow/apps/pipelines/pull-upstream.sh b/kubeflow/apps/pipelines/pull-upstream.sh index 756c1b26..fb5c3f9f 100755 --- a/kubeflow/apps/pipelines/pull-upstream.sh +++ b/kubeflow/apps/pipelines/pull-upstream.sh @@ -17,7 +17,7 @@ set -ex # TODO: Use kubeflow/pipelines once https://github.com/kubeflow/pipelines/pull/6595 is resolved. -export KUBEFLOW_PIPELINES_VERSION=1.8.2 +export KUBEFLOW_PIPELINES_VERSION=2.0.0-alpha.3 export KUBEFLOW_PIPELINES_REPO=https://github.com/kubeflow/pipelines.git # export KUBEFLOW_PIPELINES_VERSION=upgradekpt # Other attempted branches: krmignore, kubeflow14 # export KUBEFLOW_PIPELINES_REPO=https://github.com/zijianjoy/pipelines.git diff --git a/kubeflow/pull-upstream.sh b/kubeflow/pull-upstream.sh index b37b55cc..8a5ba1ba 100755 --- a/kubeflow/pull-upstream.sh +++ b/kubeflow/pull-upstream.sh @@ -16,7 +16,7 @@ set -ex -export KUBEFLOW_MANIFESTS_VERSION=v1.5.1 +export KUBEFLOW_MANIFESTS_VERSION=v1.6.0-rc.1 export KUBEFLOW_MANIFESTS_REPO=https://github.com/kubeflow/manifests.git # Pull Kubeflow Pipelines upstream manifests. @@ -102,7 +102,7 @@ if [ -d common/istio/upstream/ ]; then rm -rf common/istio/upstream/ fi mkdir -p common/istio -kpt pkg get "${KUBEFLOW_MANIFESTS_REPO}/common/istio-1-11/@${KUBEFLOW_MANIFESTS_VERSION}" common/istio/upstream/ +kpt pkg get "${KUBEFLOW_MANIFESTS_REPO}/common/istio-1-14/@${KUBEFLOW_MANIFESTS_VERSION}" common/istio/upstream/ rm common/istio/upstream/Kptfile if [ -d common/cert-manager/upstream/ ]; then From 49877d396b1aa067b509cedff86972bed0581970 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Wed, 3 Aug 2022 12:09:57 +0000 Subject: [PATCH 16/22] Update CHANGELOG --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c6497c5..6764ccb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,11 +4,12 @@ The Kubeflow on Google Cloud distribution versioning is following the versioning ### Unreleased -### v1.6.0 - +* Update CHANGELOG (#360) * Upgrade cert-manger to v1.5.0 (#372) * Upgrade knative to v1.2 (#373) * Fix ASM/istio ingress gateway issue (#371) +* Migrate deprecated API calls (#349) +* Remove deprecated KFServing (#375) ### v1.5.1 From d491a3bdfc6928c3aee1dd4d5c5d7b9cded450bb Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Thu, 4 Aug 2022 11:40:55 +0000 Subject: [PATCH 17/22] Migrate from cloud-endpoints-controller --- kubeflow/common/iap-ingress/Makefile | 2 + .../common/iap-ingress/base/config-map.yaml | 89 ++++++++++++++++++- .../iap-ingress/base/kustomization.yaml | 11 +-- .../common/iap-ingress/base/stateful-set.yaml | 45 ++++++++++ .../iap-ingress/base/swagger_template.yaml | 64 +++++++++++++ kubeflow/config.yaml | 2 +- 6 files changed, 204 insertions(+), 9 deletions(-) create mode 100644 kubeflow/common/iap-ingress/base/swagger_template.yaml diff --git a/kubeflow/common/iap-ingress/Makefile b/kubeflow/common/iap-ingress/Makefile index 2d0d7507..b41741a0 100644 --- a/kubeflow/common/iap-ingress/Makefile +++ b/kubeflow/common/iap-ingress/Makefile @@ -30,3 +30,5 @@ pod-reset: # Kick the backend updater pod, because information might be outdated after the apply. # https://github.com/kubeflow/gcp-blueprints/issues/160 kubectl --context=$(KFCTXT) -n istio-system delete statefulset backend-updater + # Kick the cloud-endpoint setter statefulset, because information might be outdated after the apply. + kubectl --context=$(KFCTXT) -n istio-system delete statefulset cloudendpoints-setter diff --git a/kubeflow/common/iap-ingress/base/config-map.yaml b/kubeflow/common/iap-ingress/base/config-map.yaml index 653ca341..49da3db5 100644 --- a/kubeflow/common/iap-ingress/base/config-map.yaml +++ b/kubeflow/common/iap-ingress/base/config-map.yaml @@ -1,5 +1,3 @@ -# TODO(jlewi): We should switch to using a configmap generator to load from external files. ---- apiVersion: v1 data: healthcheck_route.yaml: | @@ -181,6 +179,92 @@ data: echo "Backend updated successfully. Waiting 1 hour before updating again." sleep 3600 done + setup_cloudendpoints.sh: | + #!/usr/bin/env bash + # + # A simple shell script to configure the JWT audience used with ISTIO + set -x + [ -z ${NAMESPACE} ] && echo Error NAMESPACE must be set && exit 1 + [ -z ${SERVICE} ] && echo Error SERVICE must be set && exit 1 + [ -z ${INGRESS_NAME} ] && echo Error INGRESS_NAME must be set && exit 1 + [ -z ${ENDPOINT_NAME} ] && echo Error ENDPOINT_NAME must be set && exit 1 + + __dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + + PROJECT=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/project/project-id) + if [ -z ${PROJECT} ]; then + echo Error unable to fetch PROJECT from compute metadata + exit 1 + fi + + PROJECT_NUM=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/project/numeric-project-id) + if [ -z ${PROJECT_NUM} ]; then + echo Error unable to fetch PROJECT_NUM from compute metadata + exit 1 + fi + + # Activate the service account + if [ ! -z "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + # As of 0.7.0 we should be using workload identity and never setting GOOGLE_APPLICATION_CREDENTIALS. + # But we kept this for backwards compatibility but can remove later. + gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS} + fi + + # Print out the config for debugging + gcloud config list + gcloud auth list + + set_endpoint () { + NODE_PORT=$(kubectl --namespace=${NAMESPACE} get svc ${SERVICE} -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') + echo "node port is ${NODE_PORT}" + + BACKEND_NAME="" + while [[ -z ${BACKEND_NAME} ]]; do + BACKENDS=$(kubectl --namespace=${NAMESPACE} get ingress ${INGRESS_NAME} -o jsonpath='{.metadata.annotations.ingress\.kubernetes\.io/backends}') + echo "fetching backends info with ${INGRESS_NAME}: ${BACKENDS}" + BACKEND_NAME=$(echo $BACKENDS | grep -o "k8s-be-${NODE_PORT}--[0-9a-z]\+") + echo "backend name is ${BACKEND_NAME}" + sleep 2 + done + + BACKEND_ID="" + while [[ -z ${BACKEND_ID} ]]; do + BACKEND_ID=$(gcloud compute --project=${PROJECT} backend-services list --filter=name~${BACKEND_NAME} --format='value(id)') + echo "Waiting for backend id PROJECT=${PROJECT} NAMESPACE=${NAMESPACE} SERVICE=${SERVICE} filter=name~${BACKEND_NAME}" + sleep 2 + done + echo BACKEND_ID=${BACKEND_ID} + + JWT_AUDIENCE="/projects/${PROJECT_NUM}/global/backendServices/${BACKEND_ID}" + INGRESS_TARGET_IP=$(kubectl get ingress --all-namespaces | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)") + echo "ENDPOINT_NAME = ${ENDPOINT_NAME}" + echo "INGRESS_TARGET_IP = ${INGRESS_TARGET_IP}" + echo "JWT_AUDIENCE = ${JWT_AUDIENCE}" + sed "s|JWT_AUDIENCE|${JWT_AUDIENCE}|;s|ENDPOINT_NAME|${ENDPOINT_NAME}|;s|INGRESS_TARGET_IP|${INGRESS_TARGET_IP}|" swagger_template.yaml > openapi.yaml + + gcloud endpoints services deploy openapi.yaml + gcloud services list + gcloud services enable servicemanagement.googleapis.com + gcloud services enable servicecontrol.googleapis.com + gcloud services enable endpoints.googleapis.com + gcloud services enable ${ENDPOINT_NAME} + gcloud endpoints services add-iam-policy-binding ${ENDPOINT_NAME} \ + --member serviceAccount:${SERVICE_ACCOUNTNAME} \ + --role roles/servicemanagement.serviceController + gcloud projects add-iam-policy-binding ${PROJECT} \ + --member serviceAccount:${SERVICE_ACCOUNTNAME} \ + --role roles/cloudtrace.agent + } + + while true; do + set_endpoint + # Every 5 minutes recheck the JWT policy and reset it if the backend has changed for some reason. + # This follows Kubernetes level based design. + # We have at least one report see + # https://github.com/kubeflow/kubeflow/issues/4342#issuecomment-544653657 + # of the backend id changing over time. + sleep 300 + done kind: ConfigMap metadata: name: envoy-config @@ -212,4 +296,3 @@ data: kind: ConfigMap metadata: name: ingress-bootstrap-config ---- diff --git a/kubeflow/common/iap-ingress/base/kustomization.yaml b/kubeflow/common/iap-ingress/base/kustomization.yaml index ea298313..b644df33 100755 --- a/kubeflow/common/iap-ingress/base/kustomization.yaml +++ b/kubeflow/common/iap-ingress/base/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - backend-config.yaml - cert.yaml -- cloud-endpoint.yaml +# - cloud-endpoint.yaml - cluster-role-binding.yaml - cluster-role.yaml - config-map.yaml @@ -27,10 +27,11 @@ images: newName: gcr.io/ml-pipeline/cloud-solutions-group/esp-sample-app newTag: 1.0.0 configMapGenerator: - - name: envoy-config - behavior: merge - files: - - policy.yaml +- name: envoy-config + behavior: merge + files: + - policy.yaml + - swagger_template.yaml # TODO(Bobgy): migrate kustomize vars to kpt setters? vars: - name: appName diff --git a/kubeflow/common/iap-ingress/base/stateful-set.yaml b/kubeflow/common/iap-ingress/base/stateful-set.yaml index 9e9a33e9..56205466 100755 --- a/kubeflow/common/iap-ingress/base/stateful-set.yaml +++ b/kubeflow/common/iap-ingress/base/stateful-set.yaml @@ -38,3 +38,48 @@ spec: name: envoy-config name: config-volume volumeClaimTemplates: [] +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + service: cloudendpoints-setter + name: cloudendpoints-setter +spec: + serviceName: cloudendpoints-setter + selector: + matchLabels: + service: cloudendpoints-setter + template: + metadata: + labels: + service: cloudendpoints-setter + spec: + containers: + - command: + - bash + - /var/envoy-config/setup_cloudendpoints.sh + env: + - name: NAMESPACE + value: $(istioNamespace) + - name: SERVICE + value: istio-ingressgateway + - name: INGRESS_NAME + value: $(ingressName) + - name: USE_ISTIO + value: "true" + - name: ENDPOINT_NAME + value: $(hostname) + - name: SERVICE_ACCOUNTNAME + value: $(appName)-admin@$(project).iam.gserviceaccount.com + image: gcr.io/kubeflow-images-public/ingress-setup:latest + name: cloudendpoints-setter + volumeMounts: + - mountPath: /var/envoy-config/ + name: config-volume + serviceAccountName: kf-admin + volumes: + - configMap: + name: envoy-config + name: config-volume + volumeClaimTemplates: [] diff --git a/kubeflow/common/iap-ingress/base/swagger_template.yaml b/kubeflow/common/iap-ingress/base/swagger_template.yaml new file mode 100644 index 00000000..c4abb92b --- /dev/null +++ b/kubeflow/common/iap-ingress/base/swagger_template.yaml @@ -0,0 +1,64 @@ +swagger: "2.0" +info: + description: "wildcard config for any HTTP service." + title: "General HTTP Service." + version: "1.0.0" +host: "ENDPOINT_NAME" +x-google-endpoints: +- name: "ENDPOINT_NAME" + target: "INGRESS_TARGET_IP" +basePath: "/" +consumes: +- "application/json" +produces: +- "application/json" +schemes: +- "http" +- "https" +paths: + "/**": + get: + operationId: Get + responses: + '200': + description: Get + default: + description: Error + delete: + operationId: Delete + responses: + '204': + description: Delete + default: + description: Error + patch: + operationId: Patch + responses: + '200': + description: Patch + default: + description: Error + post: + operationId: Post + responses: + '200': + description: Post + default: + description: Error + put: + operationId: Put + responses: + '200': + description: Put + default: + description: Error +security: +- google_jwt: [] +securityDefinitions: + google_jwt: + authorizationUrl: "" + flow: "implicit" + type: "oauth2" + x-google-issuer: "https://cloud.google.com/iap" + x-google-jwks_uri: "https://www.gstatic.com/iap/verify/public_key-jwk" + x-google-audiences: "JWT_AUDIENCE" diff --git a/kubeflow/config.yaml b/kubeflow/config.yaml index d4e247f6..4c5ed696 100644 --- a/kubeflow/config.yaml +++ b/kubeflow/config.yaml @@ -57,7 +57,7 @@ components: # Cloud Endpoints Controller # https://github.com/danisla/cloud-endpoints-controller -- common/cloud-endpoints +# - common/cloud-endpoints # Resources to deploy a Cloud Endpoint + IAP ingress. # dependencies: [ common/cloud-endpoints ] From c3e640c378ac1f4ce6a4cf7a15d74cca90e7432c Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Thu, 4 Aug 2022 14:41:27 +0000 Subject: [PATCH 18/22] Move cloud endpoint to deployments --- kubeflow/common/.krmignore | 1 + kubeflow/common/iap-ingress/Makefile | 4 +- .../common/iap-ingress/base/config-map.yaml | 31 +++++++------ .../common/iap-ingress/base/deployment.yaml | 40 +++++++++++++++++ .../common/iap-ingress/base/stateful-set.yaml | 45 ------------------- kubeflow/config.yaml | 2 +- 6 files changed, 59 insertions(+), 64 deletions(-) diff --git a/kubeflow/common/.krmignore b/kubeflow/common/.krmignore index 91777c07..36b2cf75 100644 --- a/kubeflow/common/.krmignore +++ b/kubeflow/common/.krmignore @@ -7,3 +7,4 @@ istio/upstream/profile-overlay.yaml istio/upstream/profile.yaml user-namespace/upstream/base/params.yaml knative/upstream/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml +iap-ingress/base/swagger_template.yaml diff --git a/kubeflow/common/iap-ingress/Makefile b/kubeflow/common/iap-ingress/Makefile index b41741a0..de68f398 100644 --- a/kubeflow/common/iap-ingress/Makefile +++ b/kubeflow/common/iap-ingress/Makefile @@ -30,5 +30,5 @@ pod-reset: # Kick the backend updater pod, because information might be outdated after the apply. # https://github.com/kubeflow/gcp-blueprints/issues/160 kubectl --context=$(KFCTXT) -n istio-system delete statefulset backend-updater - # Kick the cloud-endpoint setter statefulset, because information might be outdated after the apply. - kubectl --context=$(KFCTXT) -n istio-system delete statefulset cloudendpoints-setter + # Kick the cloud-endpoints-enabler deployment + kubectl --context=$(KFCTXT) -n istio-system delete deployment cloud-endpoints-enabler diff --git a/kubeflow/common/iap-ingress/base/config-map.yaml b/kubeflow/common/iap-ingress/base/config-map.yaml index 49da3db5..f7da04a4 100644 --- a/kubeflow/common/iap-ingress/base/config-map.yaml +++ b/kubeflow/common/iap-ingress/base/config-map.yaml @@ -182,7 +182,7 @@ data: setup_cloudendpoints.sh: | #!/usr/bin/env bash # - # A simple shell script to configure the JWT audience used with ISTIO + # A simple shell script to configure a cloud endpoint set -x [ -z ${NAMESPACE} ] && echo Error NAMESPACE must be set && exit 1 [ -z ${SERVICE} ] && echo Error SERVICE must be set && exit 1 @@ -216,41 +216,44 @@ data: set_endpoint () { NODE_PORT=$(kubectl --namespace=${NAMESPACE} get svc ${SERVICE} -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') - echo "node port is ${NODE_PORT}" + echo "[DEBUG] node port is ${NODE_PORT}" BACKEND_NAME="" while [[ -z ${BACKEND_NAME} ]]; do BACKENDS=$(kubectl --namespace=${NAMESPACE} get ingress ${INGRESS_NAME} -o jsonpath='{.metadata.annotations.ingress\.kubernetes\.io/backends}') - echo "fetching backends info with ${INGRESS_NAME}: ${BACKENDS}" + echo "[DEBUG] fetching backends info with ${INGRESS_NAME}: ${BACKENDS}" BACKEND_NAME=$(echo $BACKENDS | grep -o "k8s-be-${NODE_PORT}--[0-9a-z]\+") - echo "backend name is ${BACKEND_NAME}" + echo "[DEBUG] backend name is ${BACKEND_NAME}" sleep 2 done BACKEND_ID="" while [[ -z ${BACKEND_ID} ]]; do BACKEND_ID=$(gcloud compute --project=${PROJECT} backend-services list --filter=name~${BACKEND_NAME} --format='value(id)') - echo "Waiting for backend id PROJECT=${PROJECT} NAMESPACE=${NAMESPACE} SERVICE=${SERVICE} filter=name~${BACKEND_NAME}" + echo "[DEBUG] Waiting for backend id PROJECT=${PROJECT} NAMESPACE=${NAMESPACE} SERVICE=${SERVICE} filter=name~${BACKEND_NAME}" sleep 2 done echo BACKEND_ID=${BACKEND_ID} JWT_AUDIENCE="/projects/${PROJECT_NUM}/global/backendServices/${BACKEND_ID}" INGRESS_TARGET_IP=$(kubectl get ingress --all-namespaces | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)") - echo "ENDPOINT_NAME = ${ENDPOINT_NAME}" - echo "INGRESS_TARGET_IP = ${INGRESS_TARGET_IP}" - echo "JWT_AUDIENCE = ${JWT_AUDIENCE}" - sed "s|JWT_AUDIENCE|${JWT_AUDIENCE}|;s|ENDPOINT_NAME|${ENDPOINT_NAME}|;s|INGRESS_TARGET_IP|${INGRESS_TARGET_IP}|" swagger_template.yaml > openapi.yaml + echo "[DEBUG] ENDPOINT_NAME = ${ENDPOINT_NAME}" + echo "[DEBUG] INGRESS_TARGET_IP = ${INGRESS_TARGET_IP}" + echo "[DEBUG] JWT_AUDIENCE = ${JWT_AUDIENCE}" + sed "s|JWT_AUDIENCE|${JWT_AUDIENCE}|;s|ENDPOINT_NAME|${ENDPOINT_NAME}|;s|INGRESS_TARGET_IP|${INGRESS_TARGET_IP}|" /var/envoy-config/swagger_template.yaml > openapi.yaml gcloud endpoints services deploy openapi.yaml - gcloud services list + gcloud services enable servicemanagement.googleapis.com gcloud services enable servicecontrol.googleapis.com gcloud services enable endpoints.googleapis.com + gcloud services enable ${ENDPOINT_NAME} + gcloud endpoints services add-iam-policy-binding ${ENDPOINT_NAME} \ --member serviceAccount:${SERVICE_ACCOUNTNAME} \ --role roles/servicemanagement.serviceController + gcloud projects add-iam-policy-binding ${PROJECT} \ --member serviceAccount:${SERVICE_ACCOUNTNAME} \ --role roles/cloudtrace.agent @@ -258,12 +261,8 @@ data: while true; do set_endpoint - # Every 5 minutes recheck the JWT policy and reset it if the backend has changed for some reason. - # This follows Kubernetes level based design. - # We have at least one report see - # https://github.com/kubeflow/kubeflow/issues/4342#issuecomment-544653657 - # of the backend id changing over time. - sleep 300 + echo "Sleeping 30 seconds..." + sleep 30 done kind: ConfigMap metadata: diff --git a/kubeflow/common/iap-ingress/base/deployment.yaml b/kubeflow/common/iap-ingress/base/deployment.yaml index 6ccb8658..e3131206 100755 --- a/kubeflow/common/iap-ingress/base/deployment.yaml +++ b/kubeflow/common/iap-ingress/base/deployment.yaml @@ -64,3 +64,43 @@ spec: - configMap: name: envoy-config name: config-volume +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloud-endpoints-enabler +spec: + replicas: 1 + template: + metadata: + labels: + service: cloud-endpoints-enabler + spec: + containers: + - command: + - bash + - /var/envoy-config/setup_cloudendpoints.sh + env: + - name: NAMESPACE + value: $(istioNamespace) + - name: SERVICE + value: istio-ingressgateway + - name: INGRESS_NAME + value: $(ingressName) + - name: USE_ISTIO + value: "true" + - name: ENDPOINT_NAME + value: $(hostname) + - name: SERVICE_ACCOUNTNAME + value: $(appName)-admin@$(project).iam.gserviceaccount.com + image: gcr.io/kubeflow-images-public/ingress-setup:latest + name: cloud-endpoints-enabler + volumeMounts: + - mountPath: /var/envoy-config/ + name: config-volume + restartPolicy: Always + serviceAccountName: kf-admin + volumes: + - configMap: + name: envoy-config + name: config-volume diff --git a/kubeflow/common/iap-ingress/base/stateful-set.yaml b/kubeflow/common/iap-ingress/base/stateful-set.yaml index 56205466..9e9a33e9 100755 --- a/kubeflow/common/iap-ingress/base/stateful-set.yaml +++ b/kubeflow/common/iap-ingress/base/stateful-set.yaml @@ -38,48 +38,3 @@ spec: name: envoy-config name: config-volume volumeClaimTemplates: [] ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - service: cloudendpoints-setter - name: cloudendpoints-setter -spec: - serviceName: cloudendpoints-setter - selector: - matchLabels: - service: cloudendpoints-setter - template: - metadata: - labels: - service: cloudendpoints-setter - spec: - containers: - - command: - - bash - - /var/envoy-config/setup_cloudendpoints.sh - env: - - name: NAMESPACE - value: $(istioNamespace) - - name: SERVICE - value: istio-ingressgateway - - name: INGRESS_NAME - value: $(ingressName) - - name: USE_ISTIO - value: "true" - - name: ENDPOINT_NAME - value: $(hostname) - - name: SERVICE_ACCOUNTNAME - value: $(appName)-admin@$(project).iam.gserviceaccount.com - image: gcr.io/kubeflow-images-public/ingress-setup:latest - name: cloudendpoints-setter - volumeMounts: - - mountPath: /var/envoy-config/ - name: config-volume - serviceAccountName: kf-admin - volumes: - - configMap: - name: envoy-config - name: config-volume - volumeClaimTemplates: [] diff --git a/kubeflow/config.yaml b/kubeflow/config.yaml index 4c5ed696..d4e247f6 100644 --- a/kubeflow/config.yaml +++ b/kubeflow/config.yaml @@ -57,7 +57,7 @@ components: # Cloud Endpoints Controller # https://github.com/danisla/cloud-endpoints-controller -# - common/cloud-endpoints +- common/cloud-endpoints # Resources to deploy a Cloud Endpoint + IAP ingress. # dependencies: [ common/cloud-endpoints ] From 941195568b0b49eea59b4e9319035b7a2de7efd7 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Thu, 4 Aug 2022 17:07:06 +0000 Subject: [PATCH 19/22] Deprecate cloud-endpoints-controller --- kubeflow/common/cloud-endpoints/.krmignore | 1 - kubeflow/common/cloud-endpoints/Kptfile | 249 ------------------ .../base/cluster-role-binding.yaml | 11 - .../cloud-endpoints/base/cluster-role.yaml | 21 -- .../base/composite-controller.yaml | 20 -- kubeflow/common/cloud-endpoints/base/crd.yaml | 57 ---- .../cloud-endpoints/base/deployment.yaml | 28 -- .../base/gcp-credentials-patch.yaml | 21 -- .../cloud-endpoints/base/kustomization.yaml | 41 --- .../common/cloud-endpoints/base/params.env | 2 - .../common/cloud-endpoints/base/params.yaml | 7 - .../cloud-endpoints/base/service-account.yaml | 4 - .../common/cloud-endpoints/base/service.yaml | 11 - .../common/cloud-endpoints/kustomization.yaml | 6 - .../overlays/application/application.yaml | 31 --- .../overlays/application/kustomization.yaml | 10 - .../gcp-credentials-patch.yaml | 21 -- .../gcp-credentials/kustomization.yaml | 6 - .../cloud-endpoints/service-accounts.yaml | 6 - .../iap-ingress/base/cloud-endpoint.yaml | 9 - .../iap-ingress/base/kustomization.yaml | 1 - kubeflow/config.yaml | 4 - 22 files changed, 567 deletions(-) delete mode 100644 kubeflow/common/cloud-endpoints/.krmignore delete mode 100755 kubeflow/common/cloud-endpoints/Kptfile delete mode 100755 kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/cluster-role.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/composite-controller.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/crd.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/deployment.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/gcp-credentials-patch.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/kustomization.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/params.env delete mode 100755 kubeflow/common/cloud-endpoints/base/params.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/service-account.yaml delete mode 100755 kubeflow/common/cloud-endpoints/base/service.yaml delete mode 100755 kubeflow/common/cloud-endpoints/kustomization.yaml delete mode 100755 kubeflow/common/cloud-endpoints/overlays/application/application.yaml delete mode 100755 kubeflow/common/cloud-endpoints/overlays/application/kustomization.yaml delete mode 100755 kubeflow/common/cloud-endpoints/overlays/gcp-credentials/gcp-credentials-patch.yaml delete mode 100755 kubeflow/common/cloud-endpoints/overlays/gcp-credentials/kustomization.yaml delete mode 100755 kubeflow/common/cloud-endpoints/service-accounts.yaml delete mode 100755 kubeflow/common/iap-ingress/base/cloud-endpoint.yaml diff --git a/kubeflow/common/cloud-endpoints/.krmignore b/kubeflow/common/cloud-endpoints/.krmignore deleted file mode 100644 index ab0fcbca..00000000 --- a/kubeflow/common/cloud-endpoints/.krmignore +++ /dev/null @@ -1 +0,0 @@ -base/params.yaml diff --git a/kubeflow/common/cloud-endpoints/Kptfile b/kubeflow/common/cloud-endpoints/Kptfile deleted file mode 100755 index b2249d71..00000000 --- a/kubeflow/common/cloud-endpoints/Kptfile +++ /dev/null @@ -1,249 +0,0 @@ -apiVersion: kpt.dev/v1 -kind: Kptfile -metadata: - name: instance -info: - description: sample description -# openAPI: -# definitions: -# io.k8s.cli.substitutions.project: -# x-k8s-cli: -# substitution: -# name: project -# pattern: ${gcloud.core.project} -# values: -# - marker: ${gcloud.core.project} -# ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' -# io.k8s.cli.setters.gcloud.core.project: -# x-k8s-cli: -# setter: -# name: gcloud.core.project -# value: jamxl-kfp-dev -# isSet: true -# io.k8s.cli.substitutions.name-label: -# x-k8s-cli: -# substitution: -# name: name-label -# pattern: ${name} -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' -# io.k8s.cli.setters.name: -# x-k8s-cli: -# setter: -# name: name -# value: kf-ref19 -# isSet: true -# io.k8s.cli.setters.location: -# x-k8s-cli: -# setter: -# name: location -# value: "us-west1-b" -# isSet: true -# io.k8s.cli.setters.mgmt-ctxt: -# x-k8s-cli: -# setter: -# name: mgmt-ctxt -# value: kf-man2 -# isSet: true -# io.k8s.cli.setters.kustomize_manifests_path: -# x-k8s-cli: -# setter: -# name: kustomize_manifests_path -# value: ../../../upstream/manifests -# io.k8s.cli.substitutions.knative-installs-generic: -# x-k8s-cli: -# substitution: -# name: knative-installs-generic -# pattern: ${kustomize_manifests_path}/knative/installs/generic -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.gcp-iap-ingress-v3: -# x-k8s-cli: -# substitution: -# name: gcp-iap-ingress-v3 -# pattern: ${kustomize_manifests_path}/gcp/iap-ingress/v3 -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.namespaces-base: -# x-k8s-cli: -# substitution: -# name: namespaces-base -# pattern: ${kustomize_manifests_path}/namespaces/base -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.istio-iap-gateway-base: -# x-k8s-cli: -# substitution: -# name: istio-iap-gateway-base -# pattern: ${kustomize_manifests_path}/istio/iap-gateway/base -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.metacontroller-base: -# x-k8s-cli: -# substitution: -# name: metacontroller-base -# pattern: ${kustomize_manifests_path}/metacontroller/base -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.cert-manager-cert-manager-kube-system-resources-base: -# x-k8s-cli: -# substitution: -# name: cert-manager-cert-manager-kube-system-resources-base -# pattern: ${kustomize_manifests_path}/cert-manager/cert-manager-kube-system-resources/base -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.cert-manager-cert-manager-v3: -# x-k8s-cli: -# substitution: -# name: cert-manager-cert-manager-v3 -# pattern: ${kustomize_manifests_path}/cert-manager/cert-manager/v3 -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.istio-istio-base: -# x-k8s-cli: -# substitution: -# name: istio-istio-base -# pattern: ${kustomize_manifests_path}/istio/istio/base -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.application-v3: -# x-k8s-cli: -# substitution: -# name: application-v3 -# pattern: ${kustomize_manifests_path}/application/v3 -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.stackds-gcp: -# x-k8s-cli: -# substitution: -# name: stackds-gcp -# pattern: ${kustomize_manifests_path}/stackds/gcp -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.gcp-cloud-endpoints-overlays-application: -# x-k8s-cli: -# substitution: -# name: gcp-cloud-endpoints-overlays-application -# pattern: ${kustomize_manifests_path}/gcp/cloud-endpoints/overlays/application -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.cert-manager-cert-manager-cdrds-base: -# x-k8s-cli: -# substitution: -# name: cert-manager-cert-manager-cdrds-base -# pattern: ${kustomize_manifests_path}/cert-manager/cert-manager-cdrds/base -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.cert-manager-cert-manager-kubeflow-issuer: -# x-k8s-cli: -# substitution: -# name: cert-manager-cert-manager-kubeflow-issuer -# pattern: ${kustomize_manifests_path}/cert-manager/cert-manager/kubeflow-issuer -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.substitutions.stacks-gcp: -# x-k8s-cli: -# substitution: -# name: stacks-gcp -# pattern: ${kustomize_manifests_path}/stacks/gcp -# values: -# - marker: ${kustomize_manifests_path} -# ref: '#/definitions/io.k8s.cli.setters.kustomize_manifests_path' -# io.k8s.cli.setters.gke.private: -# x-k8s-cli: -# setter: -# name: gke.private -# value: "false" -# isSet: true -# io.k8s.cli.setters.email: -# x-k8s-cli: -# setter: -# name: email -# value: jamxl@google.com -# isSet: true -# io.k8s.cli.substitutions.gcp-sa: -# x-k8s-cli: -# substitution: -# name: gcp-sa -# pattern: ${name}-user@${gcloud.core.project}.iam.gserviceaccount.com -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' -# - marker: ${gcloud.core.project} -# ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' -# io.k8s.cli.substitutions.ip-name: -# x-k8s-cli: -# substitution: -# name: ip-name -# pattern: ${name}-ip -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' -# io.k8s.cli.substitutions.hostname: -# x-k8s-cli: -# substitution: -# name: hostname -# pattern: ${name}.endpoints.${gcloud.core.project}.cloud.goog -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' -# - marker: ${gcloud.core.project} -# ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' -# io.k8s.cli.substitutions.storage-artifact-store-name: -# x-k8s-cli: -# substitution: -# name: storage-artifact-store-name -# pattern: ${name}-storage-artifact-store -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' -# io.k8s.cli.substitutions.metadata-artifact-store-name: -# x-k8s-cli: -# substitution: -# name: metadata-artifact-store-name -# pattern: ${name}-storage-metadata-store -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' -# io.k8s.cli.substitutions.gcp-sa-admin: -# x-k8s-cli: -# substitution: -# name: gcp-sa-admin -# pattern: ${name}-admin@${gcloud.core.project}.iam.gserviceaccount.com -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' -# - marker: ${gcloud.core.project} -# ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' -# io.k8s.cli.substitutions.vm-sa-ref: -# x-k8s-cli: -# substitution: -# name: vm-sa-ref -# pattern: ${name}-vm@${gcloud.core.project}.iam.gserviceaccount.com -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' -# - marker: ${gcloud.core.project} -# ref: '#/definitions/io.k8s.cli.setters.gcloud.core.project' -# io.k8s.cli.substitutions.node-pool-example: -# x-k8s-cli: -# substitution: -# name: node-pool-example -# pattern: ${name}-example -# values: -# - marker: ${name} -# ref: '#/definitions/io.k8s.cli.setters.name' diff --git a/kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml b/kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml deleted file mode 100755 index 56ed50be..00000000 --- a/kubeflow/common/cloud-endpoints/base/cluster-role-binding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cloud-endpoints-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cloud-endpoints-controller -subjects: -- kind: ServiceAccount - name: kf-admin diff --git a/kubeflow/common/cloud-endpoints/base/cluster-role.yaml b/kubeflow/common/cloud-endpoints/base/cluster-role.yaml deleted file mode 100755 index 4f00573f..00000000 --- a/kubeflow/common/cloud-endpoints/base/cluster-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cloud-endpoints-controller -rules: -- apiGroups: - - "" - resources: - - services - - configmaps - verbs: - - get - - list -- apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list diff --git a/kubeflow/common/cloud-endpoints/base/composite-controller.yaml b/kubeflow/common/cloud-endpoints/base/composite-controller.yaml deleted file mode 100755 index 43146ad5..00000000 --- a/kubeflow/common/cloud-endpoints/base/composite-controller.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - name: cloud-endpoints-controller -spec: - childResources: [] - clientConfig: - service: - caBundle: '...' - name: cloud-endpoints-controller - namespace: $(namespace) - generateSelector: true - hooks: - sync: - webhook: - url: http://cloud-endpoints-controller.$(namespace)/sync - parentResource: - apiVersion: ctl.isla.solutions/v1 - resource: cloudendpoints - resyncPeriodSeconds: 2 diff --git a/kubeflow/common/cloud-endpoints/base/crd.yaml b/kubeflow/common/cloud-endpoints/base/crd.yaml deleted file mode 100755 index 9d901f93..00000000 --- a/kubeflow/common/cloud-endpoints/base/crd.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - "api-approved.kubernetes.io": "unapproved, request not yet submitted" - name: cloudendpoints.ctl.isla.solutions -spec: - group: ctl.isla.solutions - names: - kind: CloudEndpoint - plural: cloudendpoints - shortNames: - - cloudep - - ce - singular: cloudendpoint - scope: Namespaced - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - project: - type: string - targetIngress: - properties: - name: - type: string - namespace: - type: string - type: object - required: - - name - - namespace - required: - - project - - targetIngress - type: object - status: - type: object - required: - - metadata - - spec - type: object diff --git a/kubeflow/common/cloud-endpoints/base/deployment.yaml b/kubeflow/common/cloud-endpoints/base/deployment.yaml deleted file mode 100755 index e3c44dd9..00000000 --- a/kubeflow/common/cloud-endpoints/base/deployment.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cloud-endpoints-controller -spec: - replicas: 1 - template: - metadata: - labels: - app: cloud-endpoints-controller - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - image: gcr.io/ml-pipeline/cloud-solutions-group/cloud-endpoints-controller:0.2.1 - imagePullPolicy: Always - name: cloud-endpoints-controller - readinessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 80 - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - serviceAccountName: kf-admin - terminationGracePeriodSeconds: 5 diff --git a/kubeflow/common/cloud-endpoints/base/gcp-credentials-patch.yaml b/kubeflow/common/cloud-endpoints/base/gcp-credentials-patch.yaml deleted file mode 100755 index 02daa7f7..00000000 --- a/kubeflow/common/cloud-endpoints/base/gcp-credentials-patch.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Patch the env/volumes/volumeMounts for GCP credentials -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cloud-endpoints-controller -spec: - template: - spec: - containers: - - name: cloud-endpoints-controller - env: - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/sa/admin-gcp-sa.json - volumeMounts: - - mountPath: /var/run/secrets/sa - name: sa-key - readOnly: true - volumes: - - name: sa-key - secret: - secretName: admin-gcp-sa diff --git a/kubeflow/common/cloud-endpoints/base/kustomization.yaml b/kubeflow/common/cloud-endpoints/base/kustomization.yaml deleted file mode 100755 index bc4370a0..00000000 --- a/kubeflow/common/cloud-endpoints/base/kustomization.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: -- cluster-role-binding.yaml -- cluster-role.yaml -- composite-controller.yaml -- crd.yaml -- deployment.yaml -- service-account.yaml -- service.yaml -commonLabels: - app: cloud-endpoints-controller - kustomize.component: cloud-endpoints -images: -- name: gcr.io/ml-pipeline/cloud-solutions-group/cloud-endpoints-controller - newName: gcr.io/ml-pipeline/cloud-solutions-group/cloud-endpoints-controller - newTag: 0.2.1 -configMapGenerator: -- name: cloud-endpoints-parameters - envs: - - params.env -generatorOptions: - disableNameSuffixHash: true -vars: -- name: secretName - objref: - kind: ConfigMap - name: cloud-endpoints-parameters - apiVersion: v1 - fieldref: - fieldpath: data.secretName -- name: namespace - objref: - kind: ConfigMap - name: cloud-endpoints-parameters - apiVersion: v1 - fieldref: - fieldpath: data.namespace -configurations: -- params.yaml diff --git a/kubeflow/common/cloud-endpoints/base/params.env b/kubeflow/common/cloud-endpoints/base/params.env deleted file mode 100755 index 53ba6bd1..00000000 --- a/kubeflow/common/cloud-endpoints/base/params.env +++ /dev/null @@ -1,2 +0,0 @@ -namespace=kubeflow -secretName=admin-gcp-sa diff --git a/kubeflow/common/cloud-endpoints/base/params.yaml b/kubeflow/common/cloud-endpoints/base/params.yaml deleted file mode 100755 index 61954abf..00000000 --- a/kubeflow/common/cloud-endpoints/base/params.yaml +++ /dev/null @@ -1,7 +0,0 @@ -varReference: -- path: spec/template/spec/volumes/secret/secretName - kind: Deployment -- path: spec/clientConfig/service/namespace - kind: CompositeController -- path: spec/hooks/sync/webhook/url - kind: CompositeController diff --git a/kubeflow/common/cloud-endpoints/base/service-account.yaml b/kubeflow/common/cloud-endpoints/base/service-account.yaml deleted file mode 100755 index ce1417d6..00000000 --- a/kubeflow/common/cloud-endpoints/base/service-account.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kf-admin diff --git a/kubeflow/common/cloud-endpoints/base/service.yaml b/kubeflow/common/cloud-endpoints/base/service.yaml deleted file mode 100755 index 5d0b3de7..00000000 --- a/kubeflow/common/cloud-endpoints/base/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: cloud-endpoints-controller -spec: - ports: - - name: http - port: 80 - selector: - app: cloud-endpoints-controller - type: ClusterIP diff --git a/kubeflow/common/cloud-endpoints/kustomization.yaml b/kubeflow/common/cloud-endpoints/kustomization.yaml deleted file mode 100755 index f49f037e..00000000 --- a/kubeflow/common/cloud-endpoints/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ./base -patchesStrategicMerge: -- service-accounts.yaml diff --git a/kubeflow/common/cloud-endpoints/overlays/application/application.yaml b/kubeflow/common/cloud-endpoints/overlays/application/application.yaml deleted file mode 100755 index f7017051..00000000 --- a/kubeflow/common/cloud-endpoints/overlays/application/application.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: app.k8s.io/v1beta1 -kind: Application -metadata: - name: cloud-endpoints -spec: - selector: - matchLabels: - app.kubernetes.io/name: cloud-endpoints - app.kubernetes.io/instance: cloud-endpoints-v0.7.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: cloud-endpoints - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.7.0 - componentKinds: - - group: core - kind: ConfigMap - - group: apps - kind: Deployment - descriptor: - type: cloud-endpoints - version: v1beta1 - description: "" - maintainers: [] - owners: [] - keywords: - - cloud-endpoints - - kubeflow - links: - - description: About - url: "" - addOwnerRef: true diff --git a/kubeflow/common/cloud-endpoints/overlays/application/kustomization.yaml b/kubeflow/common/cloud-endpoints/overlays/application/kustomization.yaml deleted file mode 100755 index 844385ce..00000000 --- a/kubeflow/common/cloud-endpoints/overlays/application/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -bases: -- ../../base -commonLabels: - app.kubernetes.io/component: cloud-endpoints - app.kubernetes.io/name: cloud-endpoints -kind: Kustomization -namespace: kubeflow -resources: -- application.yaml diff --git a/kubeflow/common/cloud-endpoints/overlays/gcp-credentials/gcp-credentials-patch.yaml b/kubeflow/common/cloud-endpoints/overlays/gcp-credentials/gcp-credentials-patch.yaml deleted file mode 100755 index 02daa7f7..00000000 --- a/kubeflow/common/cloud-endpoints/overlays/gcp-credentials/gcp-credentials-patch.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Patch the env/volumes/volumeMounts for GCP credentials -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cloud-endpoints-controller -spec: - template: - spec: - containers: - - name: cloud-endpoints-controller - env: - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/sa/admin-gcp-sa.json - volumeMounts: - - mountPath: /var/run/secrets/sa - name: sa-key - readOnly: true - volumes: - - name: sa-key - secret: - secretName: admin-gcp-sa diff --git a/kubeflow/common/cloud-endpoints/overlays/gcp-credentials/kustomization.yaml b/kubeflow/common/cloud-endpoints/overlays/gcp-credentials/kustomization.yaml deleted file mode 100755 index 820285a9..00000000 --- a/kubeflow/common/cloud-endpoints/overlays/gcp-credentials/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../../base -patchesStrategicMerge: -- gcp-credentials-patch.yaml diff --git a/kubeflow/common/cloud-endpoints/service-accounts.yaml b/kubeflow/common/cloud-endpoints/service-accounts.yaml deleted file mode 100755 index ebcc345a..00000000 --- a/kubeflow/common/cloud-endpoints/service-accounts.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kf-admin - annotations: - iam.gke.io/gcp-service-account: ${name}-admin@${gcloud.core.project}.iam.gserviceaccount.com # kpt-set: ${name}-admin@${gcloud.core.project}.iam.gserviceaccount.com diff --git a/kubeflow/common/iap-ingress/base/cloud-endpoint.yaml b/kubeflow/common/iap-ingress/base/cloud-endpoint.yaml deleted file mode 100755 index 139273b2..00000000 --- a/kubeflow/common/iap-ingress/base/cloud-endpoint.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: ctl.isla.solutions/v1 -kind: CloudEndpoint -metadata: - name: $(appName) -spec: - project: $(project) - targetIngress: - name: $(ingressName) - namespace: $(istioNamespace) diff --git a/kubeflow/common/iap-ingress/base/kustomization.yaml b/kubeflow/common/iap-ingress/base/kustomization.yaml index b644df33..4a54b7f0 100755 --- a/kubeflow/common/iap-ingress/base/kustomization.yaml +++ b/kubeflow/common/iap-ingress/base/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization resources: - backend-config.yaml - cert.yaml -# - cloud-endpoint.yaml - cluster-role-binding.yaml - cluster-role.yaml - config-map.yaml diff --git a/kubeflow/config.yaml b/kubeflow/config.yaml index d4e247f6..3ef53cca 100644 --- a/kubeflow/config.yaml +++ b/kubeflow/config.yaml @@ -55,10 +55,6 @@ components: # https://metacontroller.github.io/metacontroller/ - contrib/metacontroller -# Cloud Endpoints Controller -# https://github.com/danisla/cloud-endpoints-controller -- common/cloud-endpoints - # Resources to deploy a Cloud Endpoint + IAP ingress. # dependencies: [ common/cloud-endpoints ] - common/iap-ingress From cbe43660a8119c780a98c25c771b3d5144a458ff Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Thu, 4 Aug 2022 17:36:16 +0000 Subject: [PATCH 20/22] Update changelog. Closes #377. --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6764ccb9..0754ad25 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ The Kubeflow on Google Cloud distribution versioning is following the versioning of [kubeflow/manifests](https://github.com/kubeflow/manifests). -### Unreleased +### v1.6.0-rc.1 * Update CHANGELOG (#360) * Upgrade cert-manger to v1.5.0 (#372) @@ -10,6 +10,7 @@ The Kubeflow on Google Cloud distribution versioning is following the versioning * Fix ASM/istio ingress gateway issue (#371) * Migrate deprecated API calls (#349) * Remove deprecated KFServing (#375) +* Remove deprecated cloud-endpoints-controller (#377) ### v1.5.1 From c9d293b3f190592e0eedb756f600f540283244e8 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Sun, 7 Aug 2022 18:01:42 +0000 Subject: [PATCH 21/22] Move services activation to the website instructions --- kubeflow/common/iap-ingress/base/config-map.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/kubeflow/common/iap-ingress/base/config-map.yaml b/kubeflow/common/iap-ingress/base/config-map.yaml index f7da04a4..9c782239 100644 --- a/kubeflow/common/iap-ingress/base/config-map.yaml +++ b/kubeflow/common/iap-ingress/base/config-map.yaml @@ -180,7 +180,7 @@ data: sleep 3600 done setup_cloudendpoints.sh: | - #!/usr/bin/env bash + #!/bin/bash # # A simple shell script to configure a cloud endpoint set -x @@ -236,24 +236,25 @@ data: echo BACKEND_ID=${BACKEND_ID} JWT_AUDIENCE="/projects/${PROJECT_NUM}/global/backendServices/${BACKEND_ID}" + + # We use a regular expression to obtain the IP address of the target Ingress, assuming IPv4 standard. INGRESS_TARGET_IP=$(kubectl get ingress --all-namespaces | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)") + echo "[DEBUG] ENDPOINT_NAME = ${ENDPOINT_NAME}" echo "[DEBUG] INGRESS_TARGET_IP = ${INGRESS_TARGET_IP}" echo "[DEBUG] JWT_AUDIENCE = ${JWT_AUDIENCE}" + + # Create OpenAPI specification for the RESTful Cloud Endpoint sed "s|JWT_AUDIENCE|${JWT_AUDIENCE}|;s|ENDPOINT_NAME|${ENDPOINT_NAME}|;s|INGRESS_TARGET_IP|${INGRESS_TARGET_IP}|" /var/envoy-config/swagger_template.yaml > openapi.yaml + # Deploy and enable the endpoint gcloud endpoints services deploy openapi.yaml - - gcloud services enable servicemanagement.googleapis.com - gcloud services enable servicecontrol.googleapis.com - gcloud services enable endpoints.googleapis.com - gcloud services enable ${ENDPOINT_NAME} + # Create IAM resources used by the endpoint gcloud endpoints services add-iam-policy-binding ${ENDPOINT_NAME} \ --member serviceAccount:${SERVICE_ACCOUNTNAME} \ --role roles/servicemanagement.serviceController - gcloud projects add-iam-policy-binding ${PROJECT} \ --member serviceAccount:${SERVICE_ACCOUNTNAME} \ --role roles/cloudtrace.agent From f430ef76d26a5498be4014a75286c6615d08e680 Mon Sep 17 00:00:00 2001 From: Ablai Akhazhanov Date: Tue, 16 Aug 2022 18:55:28 +0000 Subject: [PATCH 22/22] Add readme for iap-ingress component --- kubeflow/common/iap-ingress/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 kubeflow/common/iap-ingress/README.md diff --git a/kubeflow/common/iap-ingress/README.md b/kubeflow/common/iap-ingress/README.md new file mode 100644 index 00000000..a5bf0438 --- /dev/null +++ b/kubeflow/common/iap-ingress/README.md @@ -0,0 +1,19 @@ +# Identity-Aware Proxy (IAP) Ingress + +[IAP](https://cloud.google.com/iap) establishes a central authorization layer via HTTPS and enables application-level access control. Your kubeflow cluster can only be accessed through the proxy by users, who have the correct Identity and Access Management (IAM) role. When you grant a user access by IAP, they're subject to the fine-grained access controls without requiring a VPN. When a user tries to access the kubeflow cluster, IAP performs authentication and authorization checks. + +IAP is [integrated through Ingress](https://cloud.google.com/iap/docs/enabling-kubernetes-howto). The incoming traffic is handled by [HTTPS Load Balancing](https://cloud.google.com/load-balancing/docs/https), a component of Cloud Load Balancing, configured by the Ingress controller. The Ingress controller gets configuration information from an [Ingress](https://cloud.google.com/kubernetes-engine/docs/concepts/ingress) object (**envoy-ingress**) that is associated with one or more Service objects. Each Service object holds routing information that is used to direct an incoming request to a particular Pod and port. The Ingress controller reads configuration information from the BackendConfig (**iap-backendconfig**) and sets up the load balancer accordingly. **iap-backendconfig** holds configuration information that is specific to Cloud Load Balancing. + +To create a fully qualified domain name (FQDN) for the kubeflow cluster and expose it through HTTPS, we employ [Cloud Endpoints](https://cloud.google.com/endpoints). Cloud Endpoints is an API management system that helps you secure, monitor, analyze, and set quotas on your APIs using the same infrastructure Google uses for its own APIs. Endpoints works with the Extensible Service Proxy (ESP) and the Extensible Service Proxy V2 (ESPv2) to provide API management. Endpoints supports version 2 of the OpenAPI Specification (formerly known as the [Swagger spec](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md)) — the industry standard for defining REST APIs. If you are unfamiliar with the OpenAPI Specification, see [OpenAPI Overview](https://cloud.google.com/endpoints/docs/openapi/openapi-overview). + +## iap-enabler + +[IAP uses](https://cloud.google.com/iap/docs/signed-headers-howto) JSON Web Tokens ([JWT](https://jwt.io/introduction)) to make sure that a request to kubeflow is authorized. This protects kubeflow from IAP being accidentally disabled, misconfigured firewalls, and access from within the project. This *Deployment* applies a RequestAuthentication (**ingress-jwt**) to the kubeflow cluster based on the [policy.yaml template](./base/policy.yaml). + +## backend-updater + +HTTPS Load Balancing requires a [health check](https://cloud.google.com/load-balancing/docs/health-check-concepts) to determine if backend (**istio-ingressgateway**) responds to traffic. This *StatefulSet* updates the **iap-backendconfig** with the appropriate backend port and backend path for the corresponding health check. + +## cloud-endpoints-enabler + +This *Deployment* is introduced to replace cloud-endpoints-controller. It [establishes a cloud endpoint](https://cloud.google.com/endpoints/docs/openapi/get-started-kubernetes-engine-espv2) using OpenAPI specification. It uses [swagger_template.yaml](./base/swagger_template.yaml) to build an appropriate OpenAPI spec. This template was used in the original [cloud-endpoint-controller](https://github.com/danisla/cloud-endpoints-controller) (deprecated) in Kubeflow 1.5.1 and earlier.