chore: update manifests to v1.16 for CKF 1.10 (#290)

* chore: update rbac manifests to v1.16.0 * chore: update config manifests to 1.16.0 * chore: update CRDs to 1.16.0 * chore: update eventing and serving versions
canonical · Feb 7, 2025 · 312c3d0 · 312c3d0
1 parent 473c095
commit 312c3d0
Show file tree

Hide file tree

Showing 11 changed files with 169 additions and 118 deletions.
diff --git a/charms/knative-eventing/config.yaml b/charms/knative-eventing/config.yaml
@@ -3,7 +3,7 @@
 
 options:
   version:
-    default: "1.12.4"
+    default: "1.16.0"
     description: Version of knative-eventing component.
     type: string
   namespace:

diff --git a/charms/knative-operator/metadata.yaml b/charms/knative-operator/metadata.yaml
@@ -24,8 +24,8 @@ resources:
   knative-operator-image:
     type: oci-image
     description: OCI image for knative-operator
-    upstream-source: charmedkubeflow/knative-operator:1.12.4-3f2a424
+    upstream-source: gcr.io/knative-releases/knative.dev/operator/cmd/operator:v1.16.0
   knative-operator-webhook-image:
     type: oci-image
     description: OCI image for knative-operator's operator-webhook component
-    upstream-source: charmedkubeflow/knative-webhook:1.12.4-d887d34
+    upstream-source: gcr.io/knative-releases/knative.dev/operator/cmd/webhook:v1.16.0
diff --git a/charms/knative-operator/src/manifests/auth_manifests.yaml.j2 b/charms/knative-operator/src/manifests/auth_manifests.yaml.j2
@@ -17,6 +17,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: knative-serving-operator-aggregated
+  labels:
+    app.kubernetes.io/name: {{ name }}
 aggregationRule:
   clusterRoleSelectors:
 # This (along with escalate below) allows the Operator to pick up any
@@ -32,8 +34,7 @@ kind: ClusterRole
 metadata:
   name: knative-serving-operator-aggregated-stable
   labels:
-    app.kubernetes.io/version: devel
-    app.kubernetes.io/name: knative-operator
+    app.kubernetes.io/name: {{ name }}
 aggregationRule:
   clusterRoleSelectors:
     # This (along with escalate below) allows the Operator to pick up any
@@ -49,8 +50,7 @@ kind: ClusterRole
 metadata:
   name: knative-eventing-operator-aggregated
   labels:
-    app.kubernetes.io/version: devel
-    app.kubernetes.io/name: knative-operator
+    app.kubernetes.io/name: {{ name }}
 aggregationRule:
   clusterRoleSelectors:
     # This (along with escalate below) allows the Operator to pick up any
@@ -66,8 +66,7 @@ kind: ClusterRole
 metadata:
   name: knative-eventing-operator-aggregated-stable
   labels:
-    app.kubernetes.io/version: devel
-    app.kubernetes.io/name: knative-operator
+    app.kubernetes.io/name: {{ name }}
 aggregationRule:
   clusterRoleSelectors:
     # This (along with escalate below) allows the Operator to pick up any
@@ -83,6 +82,8 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: knative-serving-operator
+  labels:
+    app.kubernetes.io/name: {{ name }}
 rules:
 - apiGroups:
   - operator.knative.dev
@@ -263,6 +264,7 @@ rules:
   - knative-serving-operator
   verbs:
   - delete
+
 # for contour TLS
 - apiGroups:
   - projectcontour.io
@@ -278,6 +280,7 @@ rules:
   - delete
   - deletecollection
   - patch
+
 # for security-guard
 - apiGroups:
   - guard.security.knative.dev
@@ -320,6 +323,8 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: knative-eventing-operator
+  labels:
+    app.kubernetes.io/name: {{ name }}
 rules:
   - apiGroups:
       - operator.knative.dev
@@ -502,6 +507,7 @@ rules:
       - exchanges/status
     verbs:
       - get
+
   # for Kafka eventing source
   - apiGroups:
       - keda.sh
@@ -552,6 +558,8 @@ rules:
       - watch
       - update
       - patch
+      - create
+      - delete
   - apiGroups:
       - rbac.authorization.k8s.io
     resources:
@@ -674,13 +682,41 @@ rules:
       - deployments
     verbs:
       - deletecollection
+
+  # Eventing TLS
+  - apiGroups:
+      - "cert-manager.io"
+    resources:
+      - certificates
+      - issuers
+      - clusterissuers
+    verbs:
+      - create
+      - delete
+      - update
+      - list
+      - get
+      - watch
+  - apiGroups:
+      - "trust.cert-manager.io"
+    resources:
+      - bundles
+    verbs:
+      - create
+      - delete
+      - update
+      - list
+      - get
+      - watch
 ---
 # Source: knative/operator/config/rbac/role_binding.yaml
 # TODO: Consider restriction of non-aggregated role to knativeservings namespaces.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: knative-serving-operator
+  labels:
+    app.kubernetes.io/name: {{ name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -695,6 +731,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: knative-eventing-operator
+  labels:
+    app.kubernetes.io/name: {{ name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -704,26 +742,14 @@ subjects:
   name: {{ name }}-workload
   namespace: {{ namespace }}
 ---
-
-# Copyright 2022 The Knative Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 # Source: knative/operator/config/rbac/webhook_role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  namespace: default
+  namespace: {{ namespace }}
   name: knative-operator-webhook
+  labels:
+    app.kubernetes.io/name: {{ name }}
 rules:
   # For manipulating certs into secrets.
   - apiGroups:
@@ -742,6 +768,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: knative-operator-webhook
+  labels:
+    app.kubernetes.io/name: {{ name }}
 rules:
   # For watching logging configuration and getting certs.
   - apiGroups:
@@ -818,25 +846,13 @@ rules:
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 ---
 # Source: knative/operator/config/rbac/webhook_role_binding.yaml
-# Copyright 2022 The Knative Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  namespace: default
+  namespace: {{ namespace }}
   name: knative-operator-webhook
+  labels:
+    app.kubernetes.io/name: {{ name }}
 subjects:
   - kind: ServiceAccount
     name: knative-operator-webhook
@@ -850,6 +866,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: knative-operator-webhook
+  labels:
+    app.kubernetes.io/name: {{ name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -860,28 +878,12 @@ subjects:
   namespace: {{ namespace }}
 ---
 # Source: knative/operator/config/rbac/clusterrole_aggregated_binding.yaml
-# Copyright 2020 The Knative Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: knative-serving-operator-aggregated
   labels:
-    operator.knative.dev/release: "v1.12.4"
-    app.kubernetes.io/version: "1.12.4"
-    app.kubernetes.io/part-of: knative-operator
+    app.kubernetes.io/name: {{ name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -896,9 +898,7 @@ kind: ClusterRoleBinding
 metadata:
   name: knative-serving-operator-aggregated-stable
   labels:
-    operator.knative.dev/release: "v1.12.4"
-    app.kubernetes.io/version: "1.12.4"
-    app.kubernetes.io/part-of: knative-operator
+    app.kubernetes.io/name: {{ name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -913,9 +913,7 @@ kind: ClusterRoleBinding
 metadata:
   name: knative-eventing-operator-aggregated
   labels:
-    operator.knative.dev/release: "v1.12.4"
-    app.kubernetes.io/version: "1.12.4"
-    app.kubernetes.io/part-of: knative-operator
+    app.kubernetes.io/name: {{ name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -930,9 +928,7 @@ kind: ClusterRoleBinding
 metadata:
   name: knative-eventing-operator-aggregated-stable
   labels:
-    operator.knative.dev/release: "v1.12.4"
-    app.kubernetes.io/version: "1.12.4"
-    app.kubernetes.io/part-of: knative-operator
+    app.kubernetes.io/name: {{ name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -943,22 +939,10 @@ subjects:
     namespace: {{ namespace }}
 ---
 # Source: knative/operator/config/rbac/webhook_service_account.yaml
-# Copyright 2020 The Knative Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: knative-operator-webhook
   namespace: {{ namespace }}
+  labels:
+    app.kubernetes.io/name: {{ name }}
diff --git a/charms/knative-operator/src/manifests/config_manifests.yaml.j2 b/charms/knative-operator/src/manifests/config_manifests.yaml.j2
@@ -18,6 +18,8 @@ kind: ConfigMap
 metadata:
   name: config-logging
   namespace: {{ namespace }}
+  labels:
+    app.kubernetes.io/name: {{ name }}
 data:
   _example: |
     ################################
@@ -79,6 +81,8 @@ kind: ConfigMap
 metadata:
   name: config-observability
   namespace: {{ namespace }}
+  labels:
+    app.kubernetes.io/name: {{ name }}
 data:
   _example: |
     ################################
@@ -108,35 +112,6 @@ data:
     logging.revision-url-template: |
       http://localhost:8001/api/v1/namespaces/knative-monitoring/services/kibana-logging/proxy/app/kibana#/discover?_a=(query:(match:(kubernetes.labels.serving-knative-dev%2FrevisionUID:(query:'${REVISION_UID}',type:phrase))))
 
-    # If non-empty, this enables queue proxy writing request logs to stdout.
-    # The value determines the shape of the request logs and it must be a valid go text/template.
-    # It is important to keep this as a single line. Multiple lines are parsed as separate entities
-    # by most collection agents and will split the request logs into multiple records.
-    #
-    # The following fields and functions are available to the template:
-    #
-    # Request: An http.Request (see https://golang.org/pkg/net/http/#Request)
-    # representing an HTTP request received by the server.
-    #
-    # Response:
-    # struct {
-    #   Code    int       // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml)
-    #   Size    int       // An int representing the size of the response.
-    #   Latency float64   // A float64 representing the latency of the response in seconds.
-    # }
-    #
-    # Revision:
-    # struct {
-    #   Name          string  // Knative revision name
-    #   Namespace     string  // Knative revision namespace
-    #   Service       string  // Knative service name
-    #   Configuration string  // Knative configuration name
-    #   PodName       string  // Name of the pod hosting the revision
-    #   PodIP         string  // IP of the pod hosting the revision
-    # }
-    #
-    logging.request-log-template: <<Example removed because it messes with charmed kubeflow's templating.  See upstream's yaml for example of this setting>>
-
     # metrics.backend-destination field specifies the system metrics destination.
     # It supports either prometheus (the default) or stackdriver.
     # Note: Using stackdriver will incur additional charges