Skip to content

Commit

Permalink
Upgrade KNative to 1.8.5. Closes GoogleCloudPlatform#404
Browse files Browse the repository at this point in the history
  • Loading branch information
gkcalat committed Mar 12, 2023
1 parent ec58a82 commit 23b979b
Show file tree
Hide file tree
Showing 4 changed files with 2,611 additions and 784 deletions.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Generated when HEAD was dc8f82eb4cc1573fbaa6b7085b27dc77918d5233
# Generated when HEAD was d4fce5da8b34ca56c7dd2724a389d85dba13ef69
#
# Copyright 2019 The Knative Authors
#
Expand All @@ -13,6 +13,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
Expand All @@ -21,14 +22,14 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
serving.knative.dev/controller: "true"
networking.knative.dev/ingress-provider: istio
rules:
- apiGroups: ["networking.istio.io"]
resources: ["virtualservices", "gateways", "destinationrules"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

---
# Copyright 2019 The Knative Authors
#
Expand All @@ -43,6 +44,7 @@ rules:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This is the shared Gateway for all Knative routes to use.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
Expand All @@ -52,8 +54,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
spec:
selector:
Expand All @@ -65,6 +66,7 @@ spec:
protocol: HTTP
hosts:
- "*"

---
# Copyright 2019 The Knative Authors
#
Expand All @@ -79,6 +81,7 @@ spec:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# A cluster local gateway to allow pods outside of the mesh to access
# Services and Routes not exposing through an ingress. If the users
# do have a service mesh setup, this isn't required.
Expand All @@ -90,8 +93,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
spec:
selector:
Expand All @@ -112,8 +114,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
experimental.istio.io/disable-gateway-port-translation: "true"
spec:
Expand All @@ -124,6 +125,7 @@ spec:
- name: http2
port: 80
targetPort: 8081

---
# Copyright 2018 The Knative Authors
#
Expand All @@ -138,6 +140,7 @@ spec:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ConfigMap
metadata:
Expand All @@ -146,10 +149,10 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
data:
# TODO(nghia): Extract the .svc.cluster.local suffix into its own config.
_example: |
################################
# #
Expand Down Expand Up @@ -189,18 +192,11 @@ data:
# `knative-serving`
local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local"
# DEPRECATED: local-gateway.mesh is deprecated.
# See: https://github.com/knative/serving/issues/11523
#
# To use only Istio service mesh and no knative-local-gateway, replace
# all local-gateway.* entries by the following entry.
local-gateway.mesh: "mesh"
# If true, knative will use the Istio VirtualService's status to determine
# endpoint readiness. Otherwise, probe as usual.
# NOTE: This feature is currently experimental and should not be used in production.
enable-virtualservice-status: "false"
# TODO(nghia): Extract the .svc.cluster.local suffix into its own config.
---
# Allows the Webhooks to be reached by kube-api with or without
# sidecar injection and with mTLS PERMISSIVE and STRICT.
Expand All @@ -212,8 +208,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
spec:
selector:
Expand All @@ -231,8 +226,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
spec:
selector:
Expand All @@ -250,8 +244,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
spec:
selector:
Expand All @@ -260,6 +253,7 @@ spec:
portLevelMtls:
"8443":
mode: PERMISSIVE

---
# Copyright 2019 The Knative Authors
#
Expand All @@ -274,6 +268,7 @@ spec:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
Expand All @@ -282,8 +277,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
spec:
selector:
Expand All @@ -301,15 +295,14 @@ spec:
app: net-istio-controller
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
spec:
serviceAccountName: controller
containers:
- name: controller
# This is the Go import path for the binary that is containerized
# and substituted here.
image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:f253b82941c2220181cee80d7488fe1cefce9d49ab30bdb54bcb8c76515f7a26
image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:a76d0854c07c82266b59efd646d2df0e8dc6cd9671de780d892c9202641347ef
resources:
requests:
cpu: 30m
Expand All @@ -326,6 +319,8 @@ spec:
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
- name: ENABLE_SECRET_INFORMER_FILTERING_BY_CERT_UID
value: "false"
# TODO(https://github.com/knative/pkg/pull/953): Remove stackdriver specific config
- name: METRICS_DOMAIN
value: knative.dev/net-istio
Expand All @@ -335,7 +330,9 @@ spec:
runAsNonRoot: true
capabilities:
drop:
- all
- ALL
seccompProfile:
type: RuntimeDefault
ports:
- name: metrics
containerPort: 9090
Expand All @@ -344,6 +341,7 @@ spec:

# Unlike other controllers, this doesn't need a Service defined for metrics and
# profiling because it opts out of the mesh (see annotation above).

---
# Copyright 2020 The Knative Authors
#
Expand All @@ -358,6 +356,7 @@ spec:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
Expand All @@ -366,8 +365,7 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
spec:
selector:
Expand All @@ -383,15 +381,14 @@ spec:
role: net-istio-webhook
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
spec:
serviceAccountName: controller
containers:
- name: webhook
# This is the Go import path for the binary that is containerized
# and substituted here.
image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:a705c1ea8e9e556f860314fe055082fbe3cde6a924c29291955f98d979f8185e
image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:e716c21c7aaa7ece064dae9690103c66598b5556bc1ce3f9ee4c4a71bc8630af
resources:
requests:
cpu: 20m
Expand All @@ -414,14 +411,21 @@ spec:
- name: WEBHOOK_NAME
value: net-istio-webhook
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
ports:
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
- name: https-webhook
containerPort: 8443

---
# Copyright 2020 The Knative Authors
#
Expand All @@ -436,6 +440,7 @@ spec:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
Expand All @@ -444,9 +449,9 @@ metadata:
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio

---
# Copyright 2020 The Knative Authors
#
Expand All @@ -461,6 +466,7 @@ metadata:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Service
metadata:
Expand All @@ -470,8 +476,7 @@ metadata:
role: net-istio-webhook
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
spec:
ports:
Expand All @@ -487,6 +492,7 @@ spec:
targetPort: 8443
selector:
app: net-istio-webhook

---
# Copyright 2020 The Knative Authors
#
Expand All @@ -501,15 +507,15 @@ spec:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: webhook.istio.networking.internal.knative.dev
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
webhooks:
- admissionReviewVersions:
Expand All @@ -525,6 +531,7 @@ webhooks:
matchExpressions:
- {key: "serving.knative.dev/configuration", operator: Exists}
name: webhook.istio.networking.internal.knative.dev

---
# Copyright 2020 The Knative Authors
#
Expand All @@ -539,15 +546,15 @@ webhooks:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: config.webhook.istio.networking.internal.knative.dev
labels:
app.kubernetes.io/component: net-istio
app.kubernetes.io/name: knative-serving
app.kubernetes.io/version: "1.2.0"
serving.knative.dev/release: "v1.2.0"
app.kubernetes.io/version: "1.8.3"
networking.knative.dev/ingress-provider: istio
webhooks:
- admissionReviewVersions:
Expand All @@ -560,7 +567,9 @@ webhooks:
failurePolicy: Fail
sideEffects: None
name: config.webhook.istio.networking.internal.knative.dev
namespaceSelector:
matchExpressions:
- key: serving.knative.dev/release
operator: Exists
objectSelector:
matchLabels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: net-istio

---
Loading

0 comments on commit 23b979b

Please sign in to comment.